When you use accounts and create and user roles, it is recommended that you follow these best practices.

• Avoid using the local ‘admin’ user

  All out-of-the-box content is associated with the ‘admin’ account. If the ‘admin’ user is being used, there is no tracking of changes for audit purposes. For POC, create a local account with the administrator privilege. For production, integrate with AD/LDAP.

• Utilize service accounts for connection credentials

  Use service accounts with meaningful names, not a coded convention where it is easy to make mistakes. For example, SG-D-VM-MG-01 is not user-friendly and prone to human errors.

• To identify specific memberships, create roles and accounts

  Creating specific roles helps identify personas such as storage team, network team, NOC, tenants, and IT Management.

• Grant specific roles

  Do not always grant Administrator role to users; use specific roles to limit the permissions.

• Avoid enabling vCenter login when authenticating with AD/LDAP

  To avoid confusion and translated permissions from vCenter, minimize authentication options