Enterprise Scale for Azure VMware Solution - Identity and Access

Published Jul 27 2022 03:00 AM 2,016 Views
Microsoft

I had the pleasure of talking with Xavier Elizondo where he went over identity and access in Azure VMware Solution.  Watch below!

 

 

Important things to note for Azure VMware Solution

AVS has the control plane in Azure that is managed by Microsoft.  The VMware private cloud itself or vSphere environment is managed with vCenter and NSX-T manager, as well as the built-in local user cloudadmin 

  •  cloudadmin is assigned to the CloudAdmin role having several permissions in vCenter 
  • This is not the same as a traditional administrator@vsphere.local in a vSphere environment. 
  • cloudadmin has the highest privilege in AVS and should only be used as a break glass - in case of emergency- account for use in your private cloud.  Definitely, not recommended for daily admin tasks in your organization.
  • NSX-T manager, admin  has full privileges and lets you create and manage Tier-1 (T1) gateways, segments (logical switches), and all services within NSX-T.  

You can integrate with Active Directory

In the video, you will see how the Run Command can elevate privileges for specific operations using PowerShell cmdlets.  The CloudAdmin role does not have permissions to add an identity source in vCenter.

It is important to have proper connectivity and DNS resolution to resolve your AD domain controller and the storage account containing the ldap certificate

 

More Links

The team has created reference implementations here https://aka.ms/avsenterprisescalerepo

You can jump right to the identity and access management page here: https://aka.ms/AVS-Identity

All Reference Architecture is here for you: https://aka.ms/avsaccelerator 

 

Thanks for reading and feel free to comment any questions below!

 

Co-Authors
Version history
Last update:
‎Jul 27 2022 07:05 AM
Updated by: