Centralized Authentication for CVMs

  • 15 May 2016
  • 2 replies

Badge +8
The customer I'm supporting has an internal Information Security/Information Assurance requirement that whereever possible, centralized authentication for privileged use/access should be deployed.

For our Prism and Hypervisor environments, this is accomplished with Active Directory/LDAPS integration with the Enterprise Microsoft domain. However, with not being as versed with the Nutanix CVMs and not wanting to 'break something' trying to incorporate them, we have elected for individual local user accounts on each CVM. In our environment today, that's not a huge undertaking, but it's certainly not convenient, and it's definitely not in-line with the customer's requirement for a single centralized privileged user administration.

I've scanned the Nutanix Bible and the Nutanix Support documentation, but nothing has jumped out at me yet. Is anyone else aware of a documented (and supported) method in order to integrate the CVMs with Microsoft Active Directory?

2 replies

Userlevel 7
Badge +30
I know what you're talking about.

Cluster lockdown mode and key based authentication will get you closer to where you need to be.

Theres another feature that will solve this, coming down the pipe, in a more graceful manner IMHO but that of course is something in the future.

I'd encourage you to touch base with your account team, they can get our security engineering team engaged to run through the various modalities and either make sure you'd be covered 100%, or worst case, see where the gaps are and brainstorm on how we can solve them.
Badge +8
Thanks, .

I'll research those two options further and will schedule to reach out to my team. Thanks!