vCenter Single Sign-On Security Best Practices

Follow vCenter Single Sign-On security best practices to protect your vSphere environment.

The vSphere authentication infrastructure enhances the security of your vSphere environment. To make sure that your infrastructure is not compromised, follow these vCenter Single Sign-On best practices.

Check Password Expiration

The default vCenter Single Sign-On password policy has a password lifetime of 90 days. After 90 days, the password expires and you can no longer log in. Check the expiration and refresh passwords in a timely fashion.

Configure Network Time Protocol

Use Network Time Protocol (NTP) to ensure that all systems use the same relative time source (including the relevant localization offset), and that the relative time source can be correlated to an agreed-upon time standard (such as Coordinated Universal Time—UTC). Synchronized systems are essential for vCenter Single Sign-On certificate validity, and for the validity of other vSphere certificates.

NTP also makes it easier to track an intruder in log files. Incorrect time settings can make it difficult to inspect and correlate log files to detect attacks, and can make auditing inaccurate.

See the vSphere Security documentation for instructions on configuring time synchronization using NTP.