I had the pleasure of talking with Xavier Elizondo where he went over identity and access in Azure VMware Solution. Watch below!
Important things to note for Azure VMware Solution
AVS has the control plane in Azure that is managed by Microsoft. The VMware private cloud itself or vSphere environment is managed with vCenter and NSX-T manager, as well as the built-in local user cloudadmin
cloudadmin is assigned to the CloudAdmin role having several permissions in vCenter
cloudadmin has the highest privilege in AVS and should only be used as a break glass - in case of emergency- account for use in your private cloud. Definitely, not recommended for daily admin tasks in your organization.
NSX-T manager, adminhas full privileges and lets you create and manage Tier-1 (T1) gateways, segments (logical switches), and all services within NSX-T.
You can integrate with Active Directory
In the video, you will see how the Run Command can elevate privileges for specific operations using PowerShell cmdlets. The CloudAdmin role does not have permissions to add an identity source in vCenter.
It is important to have proper connectivity and DNS resolution to resolve your AD domain controller and the storage account containing the ldap certificate