The NCSC outlines several principles for securing user access to the management plane. Operators must tightly control access to the management plane by using the principles of least privilege and separation of duties. Each user must be authenticated with multi-factor authentication (MFA).
With a VIM from VMware, you can establish strict role-based access control for administrators in a multi-tenant context, limiting administrators to only the access required to fulfill their duties. As a best practice, block virtualization administrators from accessing workloads running in the virtualized environment.
The security of the orchestration system is important. VMware Telco Cloud Automation is secured with role-based access control to limit access to NFVO, VNFM, VNF Designer, and the API. Other components of the VMware management plane, such as vSphere and vCenter, can authenticate and authorize users with Microsoft Active Directory or LDAP. Multi-factor authentication can be added for ESXi, vCenter, and Cloud Director. For more information, see Understanding vCenter Server Two-Factor Authentication and Configuring Smart Card Authentication for ESXi.