Root Password Vaulting

Root Password Vaulting is a feature that allows CloudControl to manage the root password of individual hosts. For each host, the user can select the ‘Root Password Vaulting’ checkbox on the General tab when adding or editing hosts—see Modifying Managed Hosts. CloudControl will create a new secure root password on the selected host and store it in a password ‘vault’. CloudControl automatically rotates or updates the root password on the host on a regular basis (as specified by the Host Password Update scheduled event—see Scheduled Events).

An Enterprise or appropriate evaluation license is required to implement this feature.

CloudControl only supports Root Password Vaulting for ESXi 4.1 update 1 or later hosts. For unsupported ESXi hosts, if the host becomes inaccessible (as determined by assessment or some other host operation that repeatedly caused a connection or credential error), the recommended user action is to remove the host and add it back to CloudControl.

If CloudControl becomes unavailable contact HyTrust Support.

Privileges

The following privileges are associated with Root Password Vaulting:

Prerequisites

Perform the following before enabling Root Password Vaulting:

• Set the CloudControl Recovery Passcode. The recovery passcode is used to provide an emergency mechanism to recover root passwords if CloudControl is not available.

• We highly recommend that you configure an external Syslog server. In the unlikely event that CloudControl becomes unavailable, accessing the CloudControl log file from the external Syslog server is the only mechanism for recovering a root password.