The admin account exists on both the Controller and Service Engine of NSX Advanced Load Balancer.

It is the default administrator user-name for the system and cannot be changed.

The default shell is Linux bash.

• From Linux prompt, use shell command to access the CLI shell.

• admin is the only NSX Advanced Load Balancer account with its password automatically synchronized with Linux.

admin account is associated with super-user role in the Controller.

User is in the sudoers list.

Default password for admin user - The initial default password of the Controller admin user is changed from admin to a strong password. This password is available in the portal where release images are uploaded and is accessible only to customers having an account on the portal. Additionally, SSH access to the Controller with this default password is not allowed until the user changes the default password of the admin user. Once the password is changed, SSH access to the admin user is permitted. For more information on default password, see Strong Default Admin Password.

• Password is synchronized to the SEs.

Account has super-user status with full access to all tenants.

This account is always authenticated through the local user-db. It does not use any configured remote authentication.

This account is used to launch the CLI shell by logging into the Controller. Users will SSH to a Controller IP address, use cli as the username at the Linux prompt, and then be presented with the NSX Advanced Load Balancer CLI shell access username and password prompt, which requires their custom credentials.

It is password-less from the Linux perspective with the CLI shell as the default shell that prompts for a user name/password.

CLI shell is launched in a container with no persistent storage.

This account exists on the Controller and SE.

It is the internal user for SE-to-Controller communication through SSH tunnel.

No password is required. It uses unique key-pair per SE.

User is not in the sudoers list on the Controller.

User is in the sudoers list on the SEs.

This account exists on Controller only.

It is the internal user for Controller-to-Controller communication through SSH.

No password is required. It uses unique key-pair per Controller.

User is in sudoers list.