VMware: Remote User Authentication and RBAC with NSX-T
Remote user authentication and role based access control (RBAC) is an important requirement when deploying new systems in an organization, particularly in the networking world. For that matter, systems typically leverage RADIUS or Active Directory (AD) servers, to name a few.
NSX-T integrates with VMware Identity Manager (vIDM) to get the following benefits related to user authentication:
- Support for extensive AAA Systems, including
- AD-based LDAP, OpenLDAP
- SmartCards / Common Access Cards
- RSA Secure ID
- Enterprise Single Sign-On
- Common authentication platform across multiple VMware solutions
- Seamless single sign-on experience
This blog post covers the main steps required to integrate NSX-T with vIDM and to configure roles that grant different privileges to different users. It does not cover deployment and hardening of VMware Identity Manager (vIDM). At the end of the post, there is a link to a demo showing how to do the configuration and several role-based access tests.
Assuming that both NSX-T Manager and vIDM appliances are deployed, powered on and configured with the basic management details (IP address, admin users, etc.), the integration requires the following steps:
- Creating a OAuth client ID for the NSX-T Manager in vIDM
- Getting the vIDM appliance thumbprint
- Registering NSX-T Manager with vIDM using the client created
- Adding an Active Directory (AD) server to vIDM
- Configuring different roles in NSX-T for the users retrieved from AD via vIDM
Read the entire article here, Remote User Authentication and RBAC with NSX-T
Via the fine folks at VMware!