You use information security and access control configurations to prevent unauthorized access and accidental or malicious damage to the backup data.

When configuring the SFTP server for file-based backups, provision service accounts to limit the access to the backup data. Encrypt vCenter Server file-based backups using an encryption password.

Table 1. Design Decisions on Information Security and Access Control for vCenter Server Backup

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-BC-BR-004

Create the account svc-vsphere-bck on the SFTP server for vCenter Server backups. Limit the permissions on the SFTP target folder to this user.

Using a dedicated account for backup and restore of vCenter Server protects the backup data from being accidentally or maliciously accessed by other users.

You must create a password rotation policy on the dedicated account, and put procedures in place to manage the rotation.

SDDC-BC-DR-005

Encrypt vCenter Server file-based backups using an encryption password.

Protects sensitive backup data.

You must create a password rotation policy and put procedures in place to manage the rotation.