Passer au contenu principal
  • Passer des commandes rapidement et facilement
  • Afficher les commandes et suivre l’état de votre expédition
  • Créez et accédez à une liste de vos produits

Account and Password Best Practices in Dell VxRail

Résumé: The rules for accounts and passwords implemented by VxRail are explained in this article. Recommendations for VxRail account naming including vCenter ESXi host, VxRail Manager, and PSC root accounts, general suggestions for accounts password best practices for use in Dell VxRail ...

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.

Instructions

Accounts used during initial deployment:

 
CAUTION: Create a maximum of one account per cluster for the VMware vCenter Server management account. Do not use shared accounts.
 
  1. vCenter administrator account
This is the administrator account for the vCenter (VC) server. It has full authorization to all vCenter operations. For an internal VC, the account name should be administrator@vsphere.local. For external VC, the customer should provide the account name with the same permission as administrator@vsphere.local.
 
  1. Management account
This is the management account that is used by VxRail Manager. It is created on the PSC and each ESXi host with the localos domain. In the PSC, it will get the VMware HCIA Management permission after initial deployment. In each ESXi host, it will be assigned with the administrator permission after initial deployment. The customer selects the management account username during initial deployment. For external VC, the customer creates this account without any permission or any group that is assigned to it.
 
  1. vCenter and PSC root account
This is the existing Linux system root account in vCenter and PSC. It is used for script execution and file uploading on the VM in some workflows such as initial configuration, node addition, and so forth.
 
  1. ESXi host root account:
This is the existing ESXi system root account for each host. It is used for script execution and file uploading on the host in some workflows such as initial configuration, node addition, and so on.
 

Account naming restrictions

  1. vCenter administrator account
    • For internal VC, it is fixed to administrator@vsphere.local, no other restrictions.
    • For external VC, it is provided by the customer. There is no restriction from the VxRail Manger point of view.
  1. Management account
    • For internal VC, it is chosen by the customer at initial deployment. The account name must comply with restrictions by PSC and ESXi hosts.
    • For external VC, it is provided by the customer. The account name must comply with restrictions by PSC and ESXi hosts.
  • PSC restrictions:
    • For the localos domain: Match the regular expression
      • [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]?, up to 32 characters.
    • For a customer-specified domain: Follow the restrictions in the specific domain.
  • ESXi restrictions: Match the regular expression
    • [A-Za-z_][A-Za-z0-9_-]*[A-Za-z0-9_$-]?, up to 16 characters.
  1. vCenter and PSC root account
Fixed Linux system root account in vCenter and PSC, no other restrictions
 
  1. ESXi system root account
Fixed ESXi system root account in each ESXi host, no other restrictions


Password restrictions

General suggestions for all the accounts: Avoid using special characters in a password, such as / ? ; , . | \ ' " & $ = ` < #  ! -

  1. vCenter administrator password:
The password entered for the administrator account is applied on the vCenter administrator account, vCenter, and PSC root account. The password must comply with password restrictions by vCenter and VM system policy. It is used to deploy the VM from VxRail Manager and comply with the code restrictions by VxRail Manager.
  1. Management password
    • For internal VC, the management account is chosen by the customer at initial deployment. The account name must comply with restrictions by PSC and ESXi hosts.
    • For external VC, the account is provided by the customer. The password should comply with restrictions on the PSC and ESXi host.
  1. vCenter and PSC root account
Same password as vCenter administrator account, see the section above.
 
  1. ESXi host root account 
ESXi password policy This hyperlink is taking you to a website outside of Dell Technologies., blank spaces are not allowed.
 

iDRAC:  

For iDRAC9, the iDRAC secure password is available on the back of the system information tag (Service Tag) under iDRAC Default Password. See article: What is the default username and password for Integrated Dell Remote Access Controller (iDRAC) for more information.

Some simple passwords may no longer work. For instance, in the screenshot below, the reason the default password of "calvin" is no longer accepted, is because of a password security setting for the iDRAC. See KB article Dell Technologies VxRail: iDRAC settings that cannot be changed for more information.

For Example: At the moment, you cannot set the iDRAC password to the old "calvin" default. This is prevented since the iDRAC password Policy Setting is *not* set to "0 - No Protection":  iDRAC -> iDRAC Settings -> Users -> Global User Settings -> Password Settings -> Policy Settings -> Minimum Score = "0 - No Protection"

Changing iDRAC policy settings may cause upgrade failures.

Changing iDRAC policy settings may cause upgrade failures
Insufficient privilege level

Informations supplémentaires

The passwords for the vCenter administrator account and the vCenter and PSC root account should be aligned all the time. Password inconsistency leads to node replacement and single node addition procedure failures.

Related Resources
Here are some recommended resources related to this topic that might be of interest to you.

Produits concernés

VxRail
Propriétés de l’article
Numéro d’article: 000158231
Type d’article: How To
Dernière modification: 26 Aug 2024
Version:  18
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.