vRealize Infrastructure Navigator has some sensitive files that must be protected from unauthorised access as that might compromise vRealize Infrastructure Navigator security.

The vadm.keystore file, found under /opt/vadm-engine/conf/ is a critical file that contains private key and certificate of the application. Unauthorized access to this file might give an attacker access to the vRealize Infrastructure Navigator database.

The vadm.keystore file is protected by access controls. Do not change the permissions on the file or folder as it might either give too much access, reduce security, or restrict access, thereby preventing vRealize Infrastructure Navigator from working.

For the access controls to work correctly, access to the vRealize Infrastructure Navigator virtual appliance must be strictly limited to those with a need to log in, with the minimal levels of access required. This involves limiting the use of the root account. Any backups of the vRealize Infrastructure Navigator virtual appliance must be strictly protected and encrypted with the keys managed separately from the backups.

It is possible for vRealize Infrastructure Navigator to access all machines in the vCenter Server environment using the Super User privilege. To avoid such access, under VIN Home > Settings, verify that the Access to VMs indicator shows that the access is off. The default is Off.