Information Security and Access of Advanced Load Balancing for VMware Cloud Foundation

Information security and access design details the design decisions covering authentication and access controls for the NSX Advanced Load Balancer.

Table 1. Design Decisions for Information Security and Access of the VMware NSX Advanced Load Balancer
Decision ID	Design Decision	Design Justification	Design Implication
AVI-CTLR-030	Create a strong password for the local admin account on NSX Advanced Load Balancer: Minimum 8 char long Contains at least one char in each of 3/4 of the following categories: Uppercase letters Lowercase letters Digits Special characters	This reduces the risk of the account being compromised. This is a requirement to setup user accounts, including the admin account.	None.
AVI-CTLR-031	Rotate passwords at least every 3 months.	Ensures security of the user accounts.	None
AVI-CTLR-032	Limit the use of the local accounts for both interactive or API access and solution integration.	Local accounts are not specific to user identity and do not offer complete auditing from an endpoint back to the user identity.	You must define and manage service accounts, security groups, group membership, and security controls in Active Directory.
AVI-CTLR-033	Create user accounts with desired Roles on the Controller to limit the scope and privileges for accounts used for both interactive or API access and solution integrations. Note: A custom ‘Role’ might be created if a user account needs to have specific permissions that are not available out of the box on the Controllers.	The principle of least privilege is a critical aspect of access management and should be part of a comprehensive defense-in-depth security strategy.	You may need to define and manage custom roles and security controls to limit the scope and privileges used for interactive access or solution integration.