Identity and access management for AVS
We recognize that AVS identification needs differ, depending on the AVS implementation in Azure; as a result, we’ll focus on some of the most typical instances:
- There are different identity requirements for AVS based on how the solution will be utilized. AVS comes with a built-in user called cloudadmin in the new environment’s vCenter. This person has been given the CloudAdmin role, which gives them a lot of power in vCenter. It’s also possible to set up new roles in your AVS environment using the principle of least privilege.
- Limit RBAC permissions for AVS in Azure to the Resource Group where it’s installed and the number of users who need to maintain it.
- To manage vCenter and NSX-T, create groups in Active Directory (AD) and use RBAC. You can create custom roles and assign them to the AD groups.
- The administrator has access to the vCenter
administrator@vsphere.localaccount in an on-premises vCenter...
