Cisco Intersight Device Connector offers the ability to onboard and manage your Cisco Nexus and MDS switches directly from Cisco Intersight’s interface:
Intersight Device Connector feature
Cisco introduced this new software feature, respectively from Cisco MDS 9.3(2) and Cisco Nexus 10.2(3)F releases, as explained in the release notes:
Note that this new Intersight feature (also named NXDC for NexusSwitch Intersight Device Connector) is automatically enabled by default during the upgrade.
As a result, the entire NXDC configuration is built and ready to use. You can check its status by running the following command:
show system internal intersight info
At this stage, you still have the choice whether or not to claim your devices to make them visible and manageable from Intersight as this step still requires a manual intervention.
Svc-nxcloud account creation
A somewhat hidden decision by Cisco in enabling this feature is the creation of a new local user named svc-nxcloud with the role network-admin.
Also, you won’t find any reference for this account either in the release notes or in the Cisco Intersight Device Connector documentation…
For the record, this account has no password set, no expiry date and local login is not allowed. This account seems to work only for onboarding devices to Cisco Interisght by authenticating through Cisco’s cloud authentication process.
And there is only one way to find evidence of the creation of this account by analysing an internal system log linked to intersight. To see it, you have to type the command:
show system internal intersight event-history debug
No feature intersight
Afterwards, if you do not plan or have no interest in claiming your device(s) from Cisco Intersight, I recommend that you disable the Interisght feature. This will then delete the svc-nxcloud account and also delete all the NXDC configuration according to Cisco documentation:
To conclude, I can understand that Cisco is silent and not providing too much exposure for this account as it is a default generic account used for ALL the Cisco MDS/Nexus devices. However, it’s not nice to suddenly see an unknown local user appear on your Cisco devices!