Managing identity and access for VMware Cloud on AWS - AWS Prescriptive Guidance

Managing identity and access for VMware Cloud on AWS

Richard Milner-Watts, Abdenour Kansab, and Chris Porter, Amazon Web Services (AWS)

Vern Bolinius, VMware

June 2023 (document history)

Identity and access management is the principle of limiting systems access to only authorized users and applications, including restricting access to only the necessary network resources. In cloud environments, identity and access management controls typically consist of the policies and services that you use to identify, authenticate, and authorize users, groups of users, and applications.

VMware Cloud on AWS supports your VMware vSphere-based workloads in the AWS Cloud. You can use many VMware services and tools to configure, manage, back up, monitor, and analyze this cloud infrastructure. The features and controls you use to manage identity and access vary between services. This document provides best practices and recommendations for managing identity and access for the following VMware services:

  • VMware Aria Operations

  • VMware Aria Operations for Logs

  • VMware Aria Operations for Networks

  • VMware Cloud Disaster Recovery

  • VMware Cloud on AWS

  • VMware Cloud Services Console

  • VMware HCX

  • VMware NSX

  • VMware Site Recovery

  • VMware vCenter Server

This guide provides an overview and best practices of identity and access management for VMware Cloud on AWS and related VMware services. It includes a brief description of each service and discusses the identity access and management considerations for that service. We also provide recommendations for configuring the service as part of VMware Cloud on AWS.

Important

Many of the VMware services discussed in this guide are used in other cloud or on-premises VMware solutions. The recommendations and best practices in this guide are specific to VMware Cloud on AWS. These recommendations might not apply to other environments.

Intended audience

This guide is intended for architects and security engineers who are responsible for implementing VMware Cloud on AWS in their cloud or hybrid environment.

Targeted business outcomes

This guide helps you do the following:

  1. Understand the various identity and access management controls for VMware Cloud on AWS and related VMware services

  2. Become familiar with the recommended best practices that help you securely operate VMware Cloud on AWS

  3. Understand the options that are available for federated authentication through an external identity provider