VMware vSphere is a powerful virtualization platform widely used in enterprise IT environments. It provides centralized management of virtualized infrastructure through vCenter Server and allows the management of multiple ESXi hosts from a single console. One of the most critical aspects of maintaining a secure and efficient vSphere environment is the proper management of user accounts. Mismanagement of accounts can lead to security vulnerabilities, unauthorized access, and operational inefficiencies.
In a typical organizational setup, there are often multiple teams and individuals who require access to vSphere resources, including system administrators, support engineers, auditors, and developers. Each of these user groups requires specific levels of access based on their roles. Implementing a consistent, secure, and scalable method of managing these accounts is essential for ensuring operational security and compliance with organizational policies.
VMware provides several features and best practices that help administrators effectively manage user access to vSphere components. Among these, integrating ESXi hosts with Active Directory stands out as a recommended approach for centralized authentication and access control. This method reduces the need for managing local accounts on individual hosts and allows organizations to take advantage of existing identity management systems.
This section will explore the foundational concepts of user account management in vSphere, the rationale for using centralized authentication, and how integrating ESXi hosts with Active Directory improves security and simplifies administration.
Understanding Local User Accounts and Root Privileges in ESXi
When deploying a new ESXi host, the root user account is created by default. This account has unrestricted access to the host and can perform any administrative task. The root user can read and modify all files, run all commands, and configure all aspects of the system. Because of its extensive privileges, the root account becomes a high-value target for attackers. If compromised, it can lead to complete control over the ESXi host and potentially the entire virtual infrastructure.
Given the importance of the root account, securing it is paramount. VMware recommends minimizing direct use of the root account and leveraging alternative authentication methods whenever possible. For instance, administrators should log in through the vCenter Server using the vSphere Client, which allows access control through role-based permissions and reduces the need to access individual ESXi hosts directly.
In certain situations, such as when vCenter Server is unavailable due to an outage or maintenance, administrators might need to connect directly to an ESXi host. In these cases, tools such as the VMware Host Client or the ESXi Shell may be used. However, these tools should be reserved strictly for troubleshooting or for tasks that cannot be completed through the vSphere Client.
To further reduce the risk associated with the root account, administrators should consider disabling direct login with the root user and instead create named user accounts with administrative privileges through centralized identity sources such as Active Directory. This approach allows individual accountability, which is vital for auditing and compliance.
Benefits of Centralized User Management with Active Directory
One of the most effective ways to manage user accounts across multiple ESXi hosts is to integrate them with Microsoft Active Directory. Active Directory provides a centralized identity and access management solution that enables organizations to maintain consistent user credentials and access policies across a wide range of systems and services. By joining ESXi hosts to Active Directory, administrators can eliminate the need to create and manage separate local accounts on each host.
There are several key benefits to using Active Directory for vSphere authentication. First, it enables centralized control over who can access the ESXi hosts and what level of permissions they have. This makes it easier to enforce security policies and reduce administrative overhead. Second, it simplifies user management by allowing administrators to leverage existing AD groups and user roles. Third, it improves security by reducing the need to share root credentials and by enabling the use of advanced security features such as multifactor authentication and account lockout policies.
When an ESXi host is joined to Active Directory, members of a designated AD group, commonly named ESX Admins, are automatically granted administrator privileges on the host. This allows organizations to manage access by simply adding or removing users from the group in Active Directory, without needing to log in to the host itself. This not only streamlines administration but also enhances security by ensuring that access is controlled and monitored through a centralized directory service.
Another advantage is improved auditing and compliance. When users authenticate with their domain credentials, their actions can be logged and attributed to specific individuals. This accountability is essential for meeting regulatory requirements and for maintaining operational transparency.
Steps to Join ESXi Hosts to Active Directory
The process of joining an ESXi host to Active Directory is straightforward and can be completed using the VMware Host Client. This process should be performed by an administrator with sufficient privileges on both the ESXi host and the Active Directory domain.
To begin, the administrator logs into the ESXi host using the VMware Host Client. Once authenticated, they navigate to the Manage section of the interface. From there, they select the Security & Users tab, followed by the Authentication section. In this section, there is an option labeled Join Domain. Selecting this option prompts the administrator to enter the relevant domain information, including the domain name and credentials of a user authorized to join computers to the domain.
Once the process is complete, the ESXi host becomes a member of the specified Active Directory domain. This integration allows domain users to authenticate to the host using their AD credentials, provided they have been granted appropriate permissions either directly or through group membership.
It is important to verify that the domain join operation has completed successfully. Administrators can do this by reviewing the authentication settings in the Host Client and by confirming that the host appears as a computer object in Active Directory. Additionally, they should test user access to ensure that domain users can log in as expected.
To maintain a secure environment, administrators should ensure that the ESXi host’s time settings are synchronized with the domain controllers, as time discrepancies can cause authentication failures. They should also apply group policy settings to enforce password policies, account lockout thresholds, and other security measures.
In situations where domain membership is no longer needed, an ESXi host can be removed from the domain through the same interface. However, care should be taken to ensure that alternative access methods are available before doing so, as removing the host from the domain can result in the loss of domain-based authentication.
Role-Based Access Control in vSphere
One of the fundamental principles of securing user access in VMware vSphere is the implementation of role-based access control. vSphere allows administrators to define roles that encapsulate a specific set of privileges, which can then be assigned to users or groups for specific objects within the vSphere environment. These objects can include datacenters, clusters, ESXi hosts, virtual machines, and storage resources.
Roles are essential for maintaining a secure and organized permission structure. By assigning only the permissions necessary for a user to perform their job, administrators can follow the principle of least privilege. This minimizes the risk of accidental misconfiguration or malicious activity by restricting access to only what is required.
vSphere comes with several predefined roles such as Administrator, Read-Only, and Virtual Machine User. While these built-in roles serve common use cases, organizations often benefit from creating custom roles that are tailored to their specific operational requirements. For example, a help desk technician might need a role that allows them to power on or off virtual machines but not to modify their configurations or access the vSphere networking settings.
Custom roles can be created using the vSphere Client. Administrators navigate to the Roles section of the vCenter Server, choose to create a new role, and select the exact privileges that the role should have. These privileges are grouped into categories such as virtual machine operations, host configuration, and resource management, making it easier to define precise levels of access.
Once roles are defined, they are applied through permissions. A permission in vSphere consists of three components: a user or group, a role, and an object. Permissions can be set at any level in the vSphere object hierarchy. They are inherited down the hierarchy unless explicitly overridden. This inheritance allows for efficient permission management but also requires careful planning to avoid unintentional access escalation.
Best Practices for Assigning Roles and Permissions
Assigning permissions in vSphere should be done thoughtfully to ensure that access control remains predictable and secure. One of the best practices is to avoid assigning permissions directly to individual user accounts. Instead, permissions should be assigned to groups, especially if Active Directory integration is used. This makes user management more scalable and consistent, as changes in group membership automatically reflect in vSphere access without needing to update permissions manually.
Another best practice is to avoid using the Administrator role for regular operational tasks. This role has full access to all features and settings within vSphere, and assigning it to too many users increases the risk of accidental or unauthorized changes. Instead, administrators should create custom roles that grant only the necessary privileges for each user group’s responsibilities.
Auditing and documentation are also important components of permission management. Every role and permission assignment should be documented along with the business justification. Periodic reviews should be conducted to ensure that permissions are still appropriate and to remove access that is no longer needed.
Special consideration should be given to service accounts and automation scripts. These accounts often require elevated privileges, but they should also be tightly controlled and monitored. Passwords for service accounts should be complex and rotated regularly. Whenever possible, service accounts should have their access scoped to the minimum required resources and privileges.
In environments where regulatory compliance is a concern, such as healthcare or finance, additional controls such as change tracking and separation of duties may be required. vSphere supports auditing of user actions through logs, which can be integrated with a Security Information and Event Management (SIEM) solution for centralized monitoring and alerting.
Securing Authentication Methods in vSphere
Authentication is the process of verifying the identity of a user who is attempting to access vSphere resources. vSphere supports several authentication methods, and securing these methods is critical to protecting your virtual infrastructure.
When ESXi hosts are joined to Active Directory, users can authenticate using their domain credentials. This provides a seamless login experience and allows administrators to enforce organization-wide security policies, such as password complexity, account lockout, and expiration policies. Active Directory also enables the use of advanced authentication methods such as multifactor authentication, which adds an additional layer of security.
If domain-based authentication is not feasible for a particular host or environment, local user accounts can be used as a fallback. However, these accounts should be limited in number and managed carefully. Passwords for local accounts should meet strong complexity requirements and be rotated on a regular schedule. If local accounts are used, it is recommended to disable them when they are no longer needed and to monitor their activity through logs.
Another option supported by vSphere is smart card authentication. This method requires a user to present a physical card that contains authentication credentials, typically accompanied by a personal identification number (PIN). Smart card authentication provides a high level of security and is suitable for environments where strong identity assurance is required.
Access to the ESXi Shell and SSH should be disabled by default and only enabled temporarily for troubleshooting or maintenance. These access methods provide low-level control over the ESXi host and bypass many of the access restrictions enforced by the vSphere Client. If these methods must be used, access should be tightly restricted to trusted administrators, and all activity should be logged.
Administrators should also consider configuring account lockout policies on ESXi hosts. These policies prevent brute-force attacks by locking out accounts after a specified number of failed login attempts. The settings for account lockout can be adjusted using the Advanced Settings in the vSphere Host Client.
Granular Access Control Through Active Directory Groups
When using Active Directory for authentication, vSphere allows administrators to grant access based on group membership. This approach simplifies user management and aligns with organizational policies that often require centralized control over user permissions.
By default, when an ESXi host is joined to a domain, users who are members of the Active Directory group called ESX Admins are granted administrative access to the host. This group-based access control makes it easy to add or remove administrators by simply updating group membership in Active Directory.
However, this default behavior may not align with an organization’s operational structure. For example, if the Active Directory and VMware infrastructure are managed by different teams, the default ESX Admins group could unintentionally grant access to individuals who should not have administrative privileges on the ESXi hosts. This poses a risk to the integrity and security of the virtual infrastructure.
To mitigate this risk, administrators can customize the group name used for granting administrative access. This is done through the advanced settings in the ESXi host configuration. By modifying the Config.HostAgent.plugins.hostsvc.esxAdminsGroup parameter, administrators can specify a different group that aligns with their access control policies.
There are two additional related settings: esxAdminsGroupAutoAdd and esxAdminsGroupUpdateInterval. The esxAdminsGroupAutoAdd setting determines whether the group specified in esxAdminsGroup is automatically granted administrator permissions. This can be set to False to disable automatic assignment. The esxAdminsGroupUpdateInterval setting specifies how often the ESXi host checks Active Directory for updates to the group membership, which ensures that access changes in Active Directory are quickly reflected on the host.
Using custom groups in Active Directory for different roles allows for more granular control over access. For example, one group can be used for read-only access, another for virtual machine operations, and another for full administrative control. Permissions can then be assigned to these groups through the vSphere Client, based on the required level of access for each group.
This method not only improves security but also enhances scalability. As new users join the organization, they can be assigned to the appropriate group, and their access to vSphere resources will be automatically granted according to the permissions assigned to that group. This eliminates the need for repetitive manual configuration and reduces the likelihood of errors.
Monitoring and Auditing User Activity in vSphere
Monitoring and auditing user activity are essential components of a secure and well-managed vSphere environment. These processes allow administrators to observe how users interact with the system, identify potential security threats, and ensure compliance with internal policies and external regulations. VMware vSphere provides a comprehensive set of tools and features that enable effective logging and auditing of actions taken by users across the virtual infrastructure.
Every significant action performed in vSphere is logged. These actions include user logins, changes to virtual machines, modifications to permissions, and configuration updates to ESXi hosts or vCenter components. The logs are stored in various locations depending on the component being monitored. For example, ESXi hosts maintain logs in their local file system, while vCenter Server stores logs centrally for all managed hosts and clusters.
Administrators can access these logs through multiple interfaces. The vSphere Client provides an intuitive way to view recent tasks and events, offering a quick overview of system activity. For deeper analysis, the vSphere Web Client or the ESXi Host Client can be used to access detailed logs and event records. These logs are timestamped and include the user account responsible for each action, making it easier to trace activity back to a specific individual.
To improve visibility and control, organizations can integrate vSphere logs with external monitoring systems such as Security Information and Event Management platforms. These systems aggregate log data from multiple sources and provide real-time analysis, alerting, and reporting. By sending vSphere logs to a centralized SIEM, administrators can detect unusual behavior patterns, identify potential insider threats, and correlate events across different parts of the IT infrastructure.
Retention of logs is another critical factor. Compliance requirements may mandate that logs be retained for a specific duration, such as one year or more. Administrators should configure their systems to archive logs in accordance with their organizational policies and ensure that backups of logs are regularly created and stored securely.
Proactive monitoring can also be implemented using alarms in vSphere. Alarms can be configured to trigger notifications when specific conditions are met, such as repeated failed login attempts, unauthorized access to sensitive objects, or sudden changes in configuration. These alerts allow administrators to respond quickly to potential incidents and prevent further damage.
Compliance and Regulatory Considerations
Many organizations that use vSphere operate in regulated industries such as finance, healthcare, and government. These industries are subject to strict compliance standards, including GDPR, HIPAA, PCI-DSS, and ISO 27001. Ensuring that vSphere operations meet these standards requires a combination of technical controls, procedural safeguards, and regular audits.
Compliance frameworks typically require organizations to enforce access controls, protect sensitive data, and maintain detailed records of system activity. vSphere supports these objectives by providing features such as role-based access control, centralized authentication through Active Directory, and detailed logging of user activity.
To align vSphere configurations with compliance requirements, administrators should begin by performing a risk assessment to identify critical assets and potential threats. Based on this assessment, access to vSphere resources should be granted on a need-to-know basis, and the principle of least privilege should be enforced throughout the environment. Permissions should be reviewed periodically to ensure they remain appropriate for each user’s responsibilities.
Encryption is another key area for compliance. vSphere supports encryption of virtual machine files, vMotion traffic, and other data in transit and at rest. Encryption should be enabled wherever sensitive information is processed or stored. The use of secure protocols such as HTTPS and SSH with strong ciphers is also essential to protect data during communication between components.
Audit trails must be maintained to satisfy the requirements of many regulations. These trails include detailed records of user actions, system changes, and security events. Administrators should ensure that logs are not only collected but also protected from tampering. Access to log files should be restricted to authorized personnel, and integrity checks should be used to detect unauthorized modifications.
Training and documentation are equally important. All personnel who access vSphere resources should be trained in security policies, acceptable use guidelines, and incident response procedures. Documentation should include details of the permission structure, access control methods, and compliance checklists. Regular audits should be conducted to validate that the environment remains in compliance and to identify any gaps that need to be addressed.
Detecting and Responding to Access Violations
Despite the best preventive measures, security incidents can still occur. Whether due to intentional misuse or accidental error, unauthorized access or policy violations must be detected quickly and addressed appropriately. VMware vSphere provides several tools that help administrators identify suspicious activity and respond to potential threats in a timely manner.
The first step in detecting access violations is to ensure that all relevant logs are being captured. These include login attempts, privilege escalations, changes to roles and permissions, and direct access to ESXi hosts. Administrators should configure the vSphere environment to forward logs to a central location where they can be analyzed and correlated with other security data.
Anomalies in user behavior can indicate a potential breach. For example, if a user account that typically logs in during business hours suddenly accesses the system late at night from an unusual IP address, this may warrant further investigation. Similarly, a user performing actions outside the scope of their normal role, such as modifying host configuration settings or disabling alarms, may indicate an insider threat.
To respond to access violations, administrators should follow a defined incident response plan. This plan should include steps for identifying the scope of the incident, containing the threat, eradicating the root cause, and recovering affected systems. Communication protocols should also be established so that relevant stakeholders are informed promptly.
If a violation involves a compromised user account, the account should be disabled immediately, and its credentials should be reset. Any actions taken by the account should be reviewed to determine whether changes were made to the system. Affected systems may need to be restored from backups if unauthorized changes cannot be reversed safely.
In the case of repeated failed login attempts or brute-force attacks, account lockout policies and IP filtering can help prevent further access attempts. Administrators should also review firewall rules and access control lists to ensure that only authorized networks and users can reach vSphere components.
Post-incident analysis is crucial for improving the security posture of the organization. Lessons learned from each incident should be documented and used to update security policies, training programs, and technical safeguards. This continuous improvement approach helps ensure that future incidents are detected more quickly and addressed more effectively.
Leveraging Reports and Dashboards for Visibility
Visibility into user activity and system performance is key to maintaining control over the vSphere environment. VMware provides several reporting tools and dashboard features that allow administrators to view summaries of system health, resource utilization, and user activity. These tools are especially useful for identifying trends, assessing risks, and making informed decisions.
The vSphere Client includes built-in reports and activity logs that can be used to track recent actions. For more advanced reporting, administrators can use vRealize Log Insight or vRealize Operations Manager. These tools provide powerful analytics capabilities, customizable dashboards, and integration with third-party systems.
Dashboards can be configured to display key performance indicators and security metrics such as failed login attempts, role changes, and configuration drift. By monitoring these metrics regularly, administrators can detect abnormal patterns and take corrective action before small issues escalate into serious problems.
Custom reports can also be created to support compliance audits. These reports can include lists of users with administrative privileges, permissions assigned to specific groups, and changes made to sensitive configurations. Automated reporting helps reduce the workload on IT staff while ensuring that auditors receive accurate and timely information.
In environments with strict uptime requirements, dashboards can be used to monitor system health and performance in real time. Alerts can be configured to notify administrators of critical issues such as hardware failures, resource contention, or service outages. This proactive monitoring helps maintain high availability and reduces the impact of disruptions.
In summary, monitoring and auditing are vital for maintaining the integrity and security of a vSphere environment. Through the use of logs, alerts, dashboards, and reporting tools, administrators can gain the insight needed to manage user access effectively, detect violations, and ensure compliance with organizational and regulatory requirements.
Implementing Advanced Access Control in vSphere
As virtual environments grow in complexity, standard access control methods may no longer provide sufficient granularity or adaptability. Advanced access control features in VMware vSphere can enhance security and operational control by allowing administrators to define more dynamic and precise rules for user access.
One of the most effective advanced features in vSphere is the use of permissions at a granular object level. Instead of assigning broad permissions at the datacenter or cluster level, administrators can assign roles to users or groups on individual objects such as a single virtual machine, a host, or a datastore. This object-level control ensures that users only interact with the specific resources they are responsible for.
Another advanced method is the implementation of custom roles that reflect real-world job responsibilities. These roles can combine privileges from multiple categories—virtual machine management, host configuration, storage, and network—to create highly specialized access profiles. For instance, a cloud administrator may need full control over virtual machine provisioning but no access to host configuration or user management features.
In addition to predefined permissions, administrators can create conditional access rules using scripting and automation. Integration with VMware PowerCLI allows administrators to write scripts that dynamically assign roles based on user attributes or context. For example, a script could be scheduled to grant temporary access to a contractor’s account and automatically revoke it after a certain time.
Third-party identity management platforms can also be integrated with vSphere to extend its access control capabilities. Solutions that support SAML or LDAP can be configured to enforce policies such as device trust, geolocation restrictions, and time-based access. This adds another layer of security beyond what is available through Active Directory alone.
Privileged Access Management solutions are increasingly being used in conjunction with vSphere to isolate and control administrative sessions. These tools provide capabilities such as just-in-time access, session recording, and command-level auditing. This is particularly useful for environments that require stringent security controls and detailed oversight of privileged operations.
Finally, access delegation can be formalized through workflows and approval systems. Rather than granting permissions permanently, users can request access through an approval process managed by a service catalog or ticketing system. This ensures that access is granted only when necessary and with appropriate oversight.
Applying Zero Trust Principles to vSphere Environments
The Zero Trust security model is based on the premise that no user or system should be automatically trusted, even if they are inside the organizational network. Every request for access must be verified, authenticated, and authorized according to strict security policies. Applying Zero Trust principles to a vSphere environment can significantly reduce the risk of unauthorized access and data breaches.
The first step in adopting Zero Trust is to identify all users, systems, and services that interact with the vSphere infrastructure. This includes administrators, help desk personnel, monitoring tools, and automation scripts. Each identity should be uniquely tracked and authenticated using secure methods. Shared accounts and anonymous access should be eliminated.
Multifactor authentication is a core requirement of Zero Trust. vSphere supports integration with identity providers that offer MFA, allowing users to log in only after presenting two or more verification factors. These factors might include something the user knows, something they have, or something they are. MFA significantly reduces the risk of credential-based attacks.
Network segmentation is another key component. The management network for vSphere should be isolated from other parts of the data center using firewalls, VLANs, or microsegmentation. Access to management interfaces should be restricted to trusted devices and users. If remote access is needed, it should be provided through secure VPNs with strict controls.
Continuous monitoring and behavior analysis help enforce Zero Trust by detecting anomalies in user activity. If a user suddenly accesses an unusual set of resources or performs actions outside of their typical behavior, the system should trigger an alert or automatically revoke access. This adaptive access control allows the system to respond in real time to potential threats.
Least privilege enforcement ensures that users only have the permissions they need for their current tasks. Permissions should not be permanent but rather assigned based on roles, projects, or approval workflows. Automation can be used to regularly review and clean up excessive permissions, ensuring that no dormant access rights accumulate over time.
Finally, audit trails are essential in a Zero Trust model. Every action should be logged with details about who performed it, what they did, when it happened, and from where. These logs should be immutable and continuously reviewed for signs of malicious or risky behavior.
Planning for Long-Term Scalability and Governance
As organizations grow, their vSphere environments tend to scale up in both size and complexity. Proper planning and governance are necessary to ensure that user management practices remain effective, secure, and sustainable over time. This requires a combination of technical standards, process discipline, and strategic foresight.
One of the first considerations is the standardization of roles and permissions across the environment. Instead of defining permissions ad hoc, organizations should develop a role matrix that maps job functions to specific vSphere roles. This matrix can be used to ensure consistency when onboarding new users or responding to internal audits.
Naming conventions for user accounts, roles, groups, and folders should be clearly defined and followed throughout the vSphere environment. Consistent naming helps avoid confusion and makes it easier to script or automate tasks. For example, all user-defined roles might start with a specific prefix such as “Custom_” to differentiate them from built-in roles.
Automation plays a vital role in long-term scalability. Tasks such as adding new users, assigning roles, and revoking access can be automated using tools like PowerCLI, vRealize Orchestrator, or third-party platforms. Automation reduces the risk of human error and allows administrators to manage large environments efficiently.
Change management processes should include user account and permission changes. When a user is promoted, transferred, or leaves the organization, their access rights must be updated or revoked promptly. Integrating vSphere with the organization’s HR system can streamline this process by triggering access changes based on employment status.
Governance policies should specify who is responsible for managing access, how permissions are reviewed, and how exceptions are handled. A quarterly or biannual access review process can help ensure that permissions remain appropriate and compliant with internal standards and external regulations.
Scalability also depends on infrastructure design. Larger organizations may benefit from deploying multiple vCenter Server instances or using Enhanced Linked Mode to manage permissions across different sites. Global permissions can be used to enforce consistent access control across multiple vCenter Servers.
Security awareness training should be ongoing. As the user base grows, it is important to educate all users—especially those with elevated privileges—on secure practices, phishing prevention, and the importance of compliance. Users should understand the consequences of violating security policies and the role they play in protecting the infrastructure.
Final thoughts
The technology landscape is constantly evolving, and so are the threats and requirements associated with managing virtual environments. To stay ahead, organizations must adopt a proactive and forward-thinking approach to user management in vSphere.
One trend gaining momentum is the adoption of identity federation. By integrating vSphere with enterprise identity providers that support modern protocols like SAML, OIDC, or SCIM, administrators can centralize identity management and simplify access across multiple platforms. This also facilitates single sign-on and reduces password fatigue.
Another emerging area is the use of artificial intelligence and machine learning for access control and anomaly detection. These technologies can analyze patterns of user behavior to identify risks and recommend appropriate access policies. As these tools become more accessible, they are likely to play a bigger role in securing vSphere environments.
Cloud integration is another factor. Many organizations are adopting hybrid or multi-cloud architectures, and user management must extend across both on-premises and cloud environments. Tools that provide unified access control and policy enforcement across different platforms are becoming increasingly important.
Regulatory requirements are also becoming more stringent. Organizations should monitor changes in laws and industry standards that affect how user data is handled, accessed, and protected. Being prepared for audits and certification processes is essential for maintaining customer trust and business continuity.
Finally, collaboration between IT security, operations, and compliance teams is critical for sustaining a robust user management strategy. These teams should work together to define access policies, respond to incidents, and continuously improve the security and efficiency of the vSphere environment.
In conclusion, advanced access control mechanisms, Zero Trust principles, and proactive governance are essential for managing user accounts in vSphere at scale. By implementing these strategies, organizations can protect their infrastructure, ensure compliance, and support future growth with confidence.