Introduced in vCloud Availability 3.0.1, in a dedicated appliance deployment, administrative sessions to all vCloud Availability services are restricted by default when originating from public networks.

The restriction applies to the following administrative accounts:
  • Login sessions by using the appliance root user credentials
  • Login sessions by using vCloud Director system administrator credentials
  • Login sessions by using a single sign-on user with vCenter Server Administrator credentials

When the administrative session restriction is enabled, you cannot perform cross-site administrative operations. To pair and re-pair with a remote cloud site, you must temporarily disable the restriction in that remote site.

When vCloud Availability restricts the external administrative access, attempts to establish a login session from a public IP result in a 401 Not Authenticated response, which is identical to a wrong password error. To improve the appliance security further, the appliance denies the external administrative login session without counting it as an unsuccessful login attempt.