Securing NSX Manager in VMware Cloud on AWS

You may have noticed VMware recently added a Tab “Open NSX Manager” for your SDDC. On initial SDDC deployment this is only accessible over the internet but is secured behind your VMware Cloud Portal login credentials. Once you connect your VPN or Direct connect you are presented with an internal IP address to access NSX manager but you may notice the Public URL is still accessible. In this guide I will show you how this works as well as options to further secure your environment.

Notice the new button to Open NSX Manager

Once you connect your VPN or Direct Connect you will also notice the following under settings

Notice when I try to open the NSX Manager Public URL on a session that is not already logged into the VMware Cloud Portal I get prompted for login

If you want to secure against a brute force login, you can enable Federated Login and 2 Factor Authentication for the VMware Cloud Portal. See the following Guide

https://docs.vmware.com/en/VMware-Cloud-services/services/setting-up-enterprise-federation-cloud-services/GUID-76FAECB3-CFAA-461E-B9C9-2A49C39CD17F.html

If you only want to access NSX Manager on the internal address using NSX Manager local credentials you can perform the following:

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-EFEC394D-1305-46BF-BDEE-E44BDAFBE7EA.html

Remember sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.