Access to management interfaces and cloud console interfaces can be incredibly paradoxical. Organizations need to limit access to them, but at the same time allow access to authorized staff, possibly from unexpected but legitimate IP addresses and locations if an organization’s primary site is unavailable. This is where modern zero trust methods of authentication and access control are very helpful. The VMware Cloud Console and cloud management interfaces support multi-factor authentication, helping to ensure that only authorized users gain access.
Many organizations employ bastion hosts or “jump boxes” to help control access to management interfaces. Additionally, some organizations, including VMware internally, use dedicated VMware Horizon VDI deployments to provide secure & trusted access to systems management tools and interfaces. Staff connect to these systems, then can interact with infrastructure from a known & trusted management workstation image.
Ideas to consider:
How will IT staff access cloud consoles and management interfaces to conduct recovery operations during an incident if the primary site is offline and potentially unrecoverable?
Is multi-factor authentication enabled for all users of the VMware Cloud Console, and part of the login sequence to access infrastructure management interfaces?
Are bastion hosts, jump boxes, and/or dedicated VDI instances patched quickly and proactively, to ensure that attackers cannot exploit new vulnerabilities to gain access?
Do management interfaces rely on authentication and authorization provided by a central directory, such as Microsoft Active Directory, that may be unavailable during an incident? Is that directory considered “in scope” for compliance audits? How does your organization protect against unauthorized changes by administrators of those systems, potentially allowing privileged administrator access to infrastructure systems?