Accounts used during initial deployment:
CAUTION: Create a maximum of one account per cluster for the VMware vCenter Server management account. Do not use shared accounts.
- vCenter administrator account
This is the administrator account for the vCenter (VC) server. It has full authorization to all vCenter operations. For an internal VC, the account name should be administrator@vsphere.local
. For external VC, the customer should provide the account name with the same permission as administrator@vsphere.local
.
- Management account
This is the management account that is used by VxRail Manager. It is created on the PSC and each ESXi host with the localos
domain. In the PSC, it will get the VMware HCIA Management permission after initial deployment. In each ESXi host, it will be assigned with the administrator permission after initial deployment. The customer selects the management account username during initial deployment. For external VC, the customer creates this account without any permission or any group that is assigned to it.
- vCenter and PSC root account
This is the existing Linux system root account in vCenter and PSC. It is used for script execution and file uploading on the VM in some workflows such as initial configuration, node addition, and so forth.
- ESXi host root account:
This is the existing ESXi system root account for each host. It is used for script execution and file uploading on the host in some workflows such as initial configuration, node addition, and so on.
Account naming restrictions
- vCenter administrator account
- For internal VC, it is fixed to
administrator@vsphere.local
, no other restrictions.
- For external VC, it is provided by the customer. There is no restriction from the VxRail Manger point of view.
- Management account
- For internal VC, it is chosen by the customer at initial deployment. The account name must comply with restrictions by PSC and ESXi hosts.
- For external VC, it is provided by the customer. The account name must comply with restrictions by PSC and ESXi hosts.
- PSC restrictions:
- For the
localos
domain: Match the regular expression
[A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]?, up to 32 characters.
- For a customer-specified domain: Follow the restrictions in the specific domain.
- ESXi restrictions: Match the regular expression
[A-Za-z_][A-Za-z0-9_-]*[A-Za-z0-9_$-]?, up to 16 characters.
- vCenter and PSC root account
Fixed Linux system root account in vCenter and PSC, no other restrictions
- ESXi system root account
Fixed ESXi system root account in each ESXi host, no other restrictions
Password restrictions
General suggestions for all the accounts: Avoid using special characters in a password, such as / ? ; , . | \ ' " & $ = ` < # ! -
- vCenter administrator password:
The password entered for the administrator account is applied on the vCenter administrator account, vCenter, and PSC root account. The password must comply with password restrictions by vCenter and VM system policy. It is used to deploy the VM from VxRail Manager and comply with the code restrictions by VxRail Manager.
- Management password
- For internal VC, the management account is chosen by the customer at initial deployment. The account name must comply with restrictions by PSC and ESXi hosts.
- For external VC, the account is provided by the customer. The password should comply with restrictions on the PSC and ESXi host.
- vCenter and PSC root account
Same password as vCenter administrator account, see the section above.
- ESXi host root account
iDRAC:
For iDRAC9, the iDRAC secure password is available on the back of the system information tag (Service Tag) under
iDRAC Default Password. See article:
What is the default username and password for Integrated Dell Remote Access Controller (iDRAC) for more information.
Some simple passwords may no longer work. For instance, in the screenshot below, the reason the default password of "calvin" is no longer accepted, is because of a password security setting for the iDRAC. See KB article
Dell Technologies VxRail: iDRAC settings that cannot be changed for more information.
For Example: At the moment, you cannot set the iDRAC password to the old "calvin" default. This is prevented since the iDRAC password Policy Setting is *not* set to
"0 - No Protection": iDRAC -> iDRAC Settings -> Users -> Global User Settings -> Password Settings -> Policy Settings -> Minimum Score = "0 - No Protection"
Changing iDRAC policy settings may cause upgrade failures.
Insufficient privilege level