I had the pleasure of talking with Xavier Elizondo where he went over identity and access in Azure VMware Solution. Watch below!
Important things to note for Azure VMware Solution
AVS has the control plane in Azure that is managed by Microsoft. The VMware private cloud itself or vSphere environment is managed with vCenter and NSX-T manager, as well as the built-in local user cloudadmin
- cloudadmin is assigned to the CloudAdmin role having several permissions in vCenter
- This is not the same as a traditional email@example.com in a vSphere environment.
- cloudadmin has the highest privilege in AVS and should only be used as a break glass – in case of emergency- account for use in your private cloud. Definitely, not recommended for daily admin tasks in your organization.
- NSX-T manager, admin has full privileges and lets you create and manage Tier-1 (T1) gateways, segments (logical switches), and all services within NSX-T.
You can integrate with Active Directory
In the video, you will see how the Run Command can elevate privileges for specific operations using PowerShell cmdlets. The CloudAdmin role does not have permissions to add an identity source in vCenter.
It is important to have proper connectivity and DNS resolution to resolve your AD domain controller and the storage account containing the ldap certificate
The team has created reference implementations here https://aka.ms/avsenterprisescalerepo
You can jump right to the identity and access management page here: https://aka.ms/AVS-Identity
All Reference Architecture is here for you: https://aka.ms/avsaccelerator
Thanks for reading and feel free to comment any questions below!