Determine how you will configure VMware Smart Assurance passwords. You can do any or all of the following:
-
Allow the host operating system to validate users.
This method provides the highest level of security and is easy to manage because it relies on the security implementation that is already in place. There are two variations: any valid user can access one of the VMware Smart Assurance levels (All, Monitor, Ping) or specific users can access a specific VMware Smart Assurance security level. Defining specific access requires more maintenance because you must list the usernames in VMware Smart Assurance configuration files (serverConnect.conf and clientConnect.conf). The VMware Smart Assurance System Administration Guide explains methods to configure and to secure access for these files.
-
Specify unique VMware Smart Assurance passwords for individual VMware Smart Assurance users.
Because this method requires a high level of maintenance, consider this method only when there are very few VMware Smart Assurance users. Note that this method is less secure than permitting the host to validate users.
-
Specify a common VMware Smart Assurance username with a common password.
This method is the least secure, but very easy to maintain.
Note that you can combine these methods, for example, you could restrict administration (All) capabilities to specific users validated by the operating system. In addition, you could provide Monitor level abilities to a general VMware Smart Assurance user named “Monitor.”