NSX Manager Central - CLI

rajeevsrikant · ‎02-02-2017

Every time if i need to login to the NSX manger CLI i need to use the admin credentials.

I am looking for having a user account in the NSX Manager by which I can use it only for the show commands for troubleshooting.

Following is my understanding of how to achieve it. Let me know if any one has done it.

How to achieve it:

Create a separate RO account in the NSX Manager with no Web-GUI privilege.
This account will have only the CLI access with user privilege. (No access to the NSX Manager Web GUI)

Let me know if any one has done this.

bayupw · ‎02-02-2017

Yes you can create a new CLI user as per NSX CLI reference http://pubs.vmware.com/nsx-63/topic/com.vmware.ICbase/PDF/nsx_63_cli.pdf

or this KB Securing VMware NSX for vSphere 6.0 CLI User Accounts and Privileged mode (2078825) | VMware KB

As long as you don't add the user with privilege web-interface and not sharing the "Privileged mode" / "enable" password, the newly created user will not be able to login to NSX Manager web interface and not be able to enter privilege mode.

You can test it out in VMware Hands On Lab if you don't have a test environment.

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

rajeevsrikant · ‎02-02-2017

is there any way the CLI user passwords can be changed automatically by password management system like Cyberark.

Can this be integrated with any password management system. We want the password set on the CLI to be automatically changed periodically.

And to use the password it has to be retrieved from the Password management system

All

NSX Manager Central - CLI