The vSphere 6.0 authentication and certificate infrastructure enhances security in your vSphere environment. To make sure that infrastructure is not compromised, follow vCenter Single Sign-On Best Practices.

Check password expiration

The default vCenter Single Sign-On password policy has a password lifetime of 90 days. After 90 days, the password is expired and the ability to log is compromised. Check the expiration and refresh passwords in a timely fashion.

Configure NTP

Ensure that all systems use the same relative time source (including the relevant localization offset), and that the relative time source can be correlated to an agreed-upon time standard (such as Coordinated Universal Time—UTC). Synchronized systems are essential for vCenter Single Sign-On certificate validity, and for the validity of other vSphere certificates.

NTP also makes it easier to track an intruder in log files. Incorrect time settings can make it difficult to inspect and correlate log files to detect attacks, and can make auditing inaccurate.