Good afternoon, all!
I’m setting up a new PKI infrastructure in a Nutanix cluster and I want to shut down the root CA for safekeeping. Is there a way to add some safeguards so that the VM can’t be started inadvertently?
Best answer by AlonaView original
Something like restricted permissions to start the VM limited to a few users only?
Precisely! That way only the Initiated can start the VM.
RBAC on PC with Role Assignment would allow you to that. You’d need an authentication server LDAP or AD configured. If designed properly, RBAC should not need much change.
You’d have a role that allows for that VM to be powered on AND other roles do not have power on permissions extending to that VM. Remember that cluster admin can do everything.
Security Guide: Controlling User Access (RBAC)