Introduction

NSX is accessed from a vSphere web client through the NSX Networking & Security plugin. The vSphere web client itself is predominantly accessed by the server virtualization operations team, but after the initial deployment of NSX, the network and security operations will also need to access the vSphere web client to access NSX. It is common for organizations to have a dedicated team for networking and security and such organizations would require a secure method for restricting account access to authorized users.

NSX supports role-based access control (RBAC) and there are four available roles:

  • Enterprise Administrator (enterprise_admin in REST API): Full access role with read and write REST API calls (HTTP GET, POST, UPDATE, DELETE)
  • Security Administrator (security_admin in REST API): Security-only access role with read-only access REST API calls (HTTP GET)
  • NSX Administrator (vshield_admin in REST API): NSX-only access role outside of security features with read-only access REST API calls (HTTP GET)
  • Auditor (auditorin REST API): Read-only access role with read-only access REST API calls (HTTP GET):

There is an additional role called System Administrator (super_user in REST API). This role can only be assigned for CLI user accounts. The default admin account has the system administrator role.

Custom granular roles are not supported at the time of writing. For granular access control to NSX, a third-party solution such as HyTrust CloudControl for VMware NSX (https://www.hytrust.com/solutions/private-cloud-controls/nsx/) is required.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.174.76