SDDC Manager provides a centralized mechanism for password management from within the manager UI. As of code releases VxRail 4.7.410 & VCF 3.9.1; SDDC Manager now includes the ability to manage VxRail Manager root/mystic and ESXi root a/c passwords.

Before you can leverage the password update/rotate feature of SDDC Manager you first need to have configured dual authentication. Please see the following post explaining how to configure dual authentication(“privileged user”): VCF On VxRail – Configure Dual Authentication

You can update or rotate the following VCF components which also now includes VxRail Manager root & mystic accounts and ESXi root account (as of ‘VCF 3.9.1’) :

  • VxRail Manager
  • ESXi
  • NSX
  • PSC
  • vCenter
  • vRealize Suite

vcfpassupdate0

Below you will find examples of both methods rotate/update passwords, note the differences between rotate/update:

Update Passwords – Set password of choice for a single account per request.

Rotate Passwords – Password(s) are changed with a unique randomized password, multiple accounts can be rotated in a single request. Leverage the lookup_passwords utility within the SDDC Manager shell to retrieve the randomize password(s), as you will see in the example below.

Example 1: Rotate Password (ESXi)

From within the SDDC Manager UI navigate to:

Administration-> Security-> Password Management-> Locally Managed

vcfpassupdate1

From the component drop down list select the component, in this example the ‘root’ account of all 7 available hosts spanning both the Management & VI WLDs are selected for password rotation. Click ‘ROTATE’:

vcfpassupdate2
vcfpassupdate3

View task details to ensure the passwords rotated successfully:

vcfpassupdate4
vcfpassupdate5

Retrieving the new ESXi root password leveraging the lookup_passwords utility:

vcfpassupdate6

Example 2: Update Password (VxRAIL Manager ‘root’)

From the component drop down list select the component, in this example the ‘root’ account of the Management WLD VxRail Manager. Click ‘UPDATE’:

vcfpassupdate7

Enter the new root account password for VxRail Manager and  input the privileged user details. Click ‘UPDATE’:

vcfpassupdate8

View task details to ensure the password updated successfully:

vcfpassupdate9
vcfpassupdate10

Confirm the new VxRail Manager root password leveraging the lookup_passwords utility:

vcfpassupdate11

You will notice if you try to select multiple accounts the ‘UPDATE’ option is grayed out:

vcfpassupdate12

Hope that helped! Thanks as always for reading! Feel free to leave a comment/question below.

Note: Please ensure SSH is running on ESXi host(s) in advance of performing password update/rotate.

Posted on 0 By David Ring VCF Posted in VCF, VxRAIL Tagged #, , , , ,

David Ring

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s