When you use accounts and create and user roles, it is recommended that you follow these best practices.

  • Avoid using the local ‘admin’ user

    All out-of-the-box content is associated with the ‘admin’ account. If the ‘admin’ user is being used, there is no tracking of changes for audit purposes. For POC, create a local account with the administrator privilege. For production, integrate with AD/LDAP.

  • Utilize service accounts for connection credentials

    Use service accounts with meaningful names, not a coded convention where it is easy to make mistakes. For example, SG-D-VM-MG-01 is not user-friendly and prone to human errors.

  • To identify specific memberships, create roles and accounts

    Creating specific roles helps identify personas such as storage team, network team, NOC, tenants, and IT Management.

  • Grant specific roles

    Do not always grant Administrator role to users; use specific roles to limit the permissions.

  • Avoid enabling vCenter login when authenticating with AD/LDAP

    To avoid confusion and translated permissions from vCenter, minimize authentication options