VMware Aria

 View Only

grenade in a foxhole -> service accounts for aria automation/ non-interactive logon/rotate passwords

  • 1.  grenade in a foxhole -> service accounts for aria automation/ non-interactive logon/rotate passwords

    Posted 26 days ago

    TL;DR  service accounts are bad and we don't want to use them in our automation journey!

    Being at risk for ransomware, our org wants to get rid of service accounts especially those that are generic and those that use "interactive log-on".  VMware doesn't have a process where the passwords can be remotely changed by something like Delinia, CyberArk, Bomgar, etc...  

    What/ how is everyone using service accounts to take advantage of different applications in ara or whatever it's called these days? If you are not using service accounts, what are you using?

    We want to use a service account to interact with Aria Automation, and our Info Sec team says they don't want a generic or non-personal user account that uses interactive log-on.  Also, Infosec wants this user without interactive log-on to have its password managed by a password manager to be rotated every X days.  

    thoughts?



    ------------------------------
    Rob Stickland
    ------------------------------