Protect the vRealize Log Insight deployment by providing centralized role-based authentication and secure communication with the other components in the ROBO SDDC.

Authentication

Enable role-based access control in vRealize Log Insight by using the existing rainpole.local Active Directory domain.

Table 1. Custom Role-Based User Management Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-LOG-009

Use Active Directory for authentication.

Provides fine-grained role and privilege-based access for administrator and operator roles.

  • You must provide access to the Active Directory from all Log Insight nodes.

  • Additional administrative overhead required for maintaining role-based access control configurations between ROBOs as they are not replicated between vRealize Log Insight instances.

ROBO-OPS-LOG-010

Configure Active Directory authentication to specifically use Active Directory Domain Controller(s) located within the ROBO

  • Co-location of Active Directory Domain Controllers to the vRealize Log Insight cluster prevent users from being unable to authenticate in the event of a WAN outage.

  • Co-location of Active Directory Domain Controllers to the vRealize Log Insight cluster ensures the optimal authentication route is taken for ROBO users, providing better authentication performance.

You must have Active Directory Domain Controller(s) located in your ROBO site.

Encryption

Replace default self-signed certificates with a CA-signed certificate to provide secure access to the vRealize Log Insight Web user interface.

Table 2. Custom Certificates Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-LOG-011

Replace the default self-signed certificates with a CA-signed certificate.

Configuring a CA-signed certificate ensures that all communication to the externally facing Web UI is encrypted.

This allows for encrypted log forwarding.

The administrator must have access to a Public Key Infrastructure (PKI) to acquire certificates.