Some telecommunication networks neglected to maintain a boundary between the management plane and other planes, allowing non-management devices to access the management plane. To minimize the attack surface, you must prevent the devices outside the management plane and the devices without a management function from accessing the management network.

NSX uses distributed firewalls, micro-segmentation, and security policies to segregate the management plane and block access by non-management devices.

In addition, VMware Cloud Director manages access and cloud administration rights with Active Directory. By using VMware Cloud Director with Active Directory, you can allow only specific workstations with privileged access to connect to the management plane.