How to disable password rotation in VMware Cloud Foundation (VCF) 9.0
Article ID: 418459
Updated On:
Products
VCF Operations for Networks
Issue/Introduction
How to disable password rotation in VMware Cloud Foundation (VCF) 9.0
Environment
VCF Operations for Networks 9.x
Resolution
To disable "password rotation" in VMware Cloud Foundation (VCF) 9.0, navigate to the VCF Operations console's Fleet Management section, select the desired component (e.g., NSX Edge nodes), and access the password management settings to configure the schedule or disable it.
Accessing Password Management in VCF 9.0
VMware Cloud Foundation 9.0 introduces the VCF Operations console, which includes centralized "Fleet Management" for password and certificate management. The steps are:
- Log in to the VCF Operations console.
- Click on Fleet Management, then select Passwords.
- Choose the relevant domain name or VCF Instance (e.g., VCF Management) to see the components.
- Select a specific component to manage its password settings.
Disabling or Modifying Password Rotation
The option to disable password rotation is component-specific:
- NSX Edge Nodes: You can typically configure the password rotation schedule (e.g., 30, 60, or 90 days) or select an option to disable the automatic schedule entirely within the UI.
- ESXi Hosts: Automatic password rotation is generally not supported for ESXi host service accounts in VCF; these passwords are set to "never expire" by default for the service accounts used by VCF. You manage these passwords manually or through the API if needed.
- vCenter/SDDC Manager Accounts: You can update the password manually in the VCF Ops UI or use the Virtual Appliance Management Interface (VAMI) for the root account to set it to "never expires"
Additional Information
More information can be found in the document Password Management for Identity and Access Management for VMware Cloud Foundation and also Identity and Access Management for VMware Cloud Foundation
Feedback
Yes
No
Powered by
