My team is working to move to using the Software Component capabilities in VRA 7.3. Currently everything we do for provisioning is done using stub workflows we developed in VRO when we were on VRA 6.2. I need to get a better understanding of how the communication works, because our Information Security is concerned that we have tenant VM's initiating communication to our cloud management platform. We obviously need to prevent bad actors from having the ability to have any type of communication to this platform.
From what I understand, this is how Software Components work in general. I'd appreciate it if anyone can correct me on how this work.
- VRA initiates the provisioning of a tenant VM
- VRA assigns a unique ID for the gugent
- The tenant VM is stood up and turns on
- The tenant VM then contacts VRA identifying itself with the unique ID for the gugent over SSL
- VRA confirms identification and identifies the software components that need to be installed
- VRA tells the tenant VM what to install/configure
I need to know how VRA prevents just any server from providing the unique ID (which I believe is the gugent ID that is readily available in files in the gugent folder on each VM) so that VRA then starts working with that VM.
Any help would be greatly appreciated.