Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2010 VMware Inc. All rights reserved Access Control Module 8.

Published byCecil Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2010 VMware Inc. All rights reserved Access Control Module 8."— Presentation transcript:

1 © 2010 VMware Inc. All rights reserved Access Control Module 8

2 Module 8-2 © 2010 VMware Inc. All rights reserved You Are Here vSphere Environment Introduction to VMware Virtualization VMware ESX and ESXi VMware vCenter Server Networking Storage Virtual Machines Operations Resource Monitoring Data Protection Scalability High Availability Patch Management Installing VMware ESX and ESXi VMware vSphere 4.1: Install, Configure, Manage – Revision A Access Control

3 Module 8-3 © 2010 VMware Inc. All rights reserved Importance  When multiple users are accessing the VMware vSphere™ environment, a best practice is to give each user only the necessary permissions and nothing more. VMware vCenter™ Server allows flexible assignment of permissions. VMware vSphere 4.1: Install, Configure, Manage – Revision A

4 Module 8-4 © 2010 VMware Inc. All rights reserved Module Objectives  Define a permission  Describe the rules for applying permissions  Create a custom role  Create a permission VMware vSphere 4.1: Install, Configure, Manage – Revision A

5 Module 8-5 © 2010 VMware Inc. All rights reserved Access Control Overview The access control system allows the vCenter Server administrator to define a user’s privileges to access objects in the inventory. Key concepts:  Privilege – Defines an action that can be performed  Role – A set of privileges  Object – The target of the action  User/group – Indicates who can perform the action Together, a role, a user or group, and an object define a permission. VMware vSphere 4.1: Install, Configure, Manage – Revision A

6 Module 8-6 © 2010 VMware Inc. All rights reserved Users and Groups vCenter Server or VMware® ESX™/ESXi users/groups can be local users or Active Directory domain users. Active Directory services provides authentication for all local services:  VMware vSphere™ Client  Direct console user interface  Technical support mode (local and remote)  Access through the vSphere API Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role. VMware vSphere 4.1: Install, Configure, Manage – Revision A

7 Module 8-7 © 2010 VMware Inc. All rights reserved Roles Roles are collections of privileges:  They allow users to perform tasks.  They are grouped in categories. Roles include system roles, sample roles, and custom- built roles. VMware vSphere 4.1: Install, Configure, Manage – Revision A

8 Module 8-8 © 2010 VMware Inc. All rights reserved Objects Objects are entities on which actions are performed.  Objects include datacenters, folders, resource pools, clusters, hosts, datastores, networks, and virtual machines. All objects have a Permissions tab.  This tab shows which user or group and role are associated with the selected object. VMware vSphere 4.1: Install, Configure, Manage – Revision A

9 Module 8-9 © 2010 VMware Inc. All rights reserved Assigning Permissions To assign a permission: 1. Select a user. 2. Select a role. 3. (Optional) Propagate the permission to child objects. VMware vSphere 4.1: Install, Configure, Manage – Revision A

10 Module 8-10 © 2010 VMware Inc. All rights reserved Viewing Roles and Assignments The Roles pane shows which users are assigned the selected role on a particular object. VMware vSphere 4.1: Install, Configure, Manage – Revision A

11 Module 8-11 © 2010 VMware Inc. All rights reserved Applying Permissions: Scenario 1 A permission can propagate down the object hierarchy to all subobjects or it can apply only to an immediate object. Greg – Administrator Greg – No Access VMware vSphere 4.1: Install, Configure, Manage – Revision A

12 Module 8-12 © 2010 VMware Inc. All rights reserved Applying Permissions: Scenario 2 When a user is a member of multiple groups with permissions on the same object:  The user is assigned the union of privileges assigned to the groups for that object. Group1 – VM_Power_On (custom role) Group2 – Take_Snapshots (custom role) Members of Group1: Greg Susan Members of Group2: Greg Carla VMware vSphere 4.1: Install, Configure, Manage – Revision A

13 Module 8-13 © 2010 VMware Inc. All rights reserved Applying Permissions: Scenario 3 When a user is a member of multiple groups with permissions on different objects:  For each object on which the group has permissions, the same permissions apply as if they were granted directly to the user. Group1 – Administrator Group2 – Read-only Members of Group1: Greg Susan Members of Group2: Greg Carla VMware vSphere 4.1: Install, Configure, Manage – Revision A

14 Module 8-14 © 2010 VMware Inc. All rights reserved Applying Permissions: Scenario 4 Permissions defined explicitly for the user on an object take precedence over all group permissions on that same object. Group1 – VM_Power_On (custom role) Group2 – Take_Snapshots (custom role) Greg – Read-only Members of Group1: Greg Susan Members of Group2: Greg Carla VMware vSphere 4.1: Install, Configure, Manage – Revision A

15 Module 8-15 © 2010 VMware Inc. All rights reserved Creating a Role Create roles that enable only the necessary tasks:  Example: Virtual Machine Creator Use folders to contain the scope of permissions:  For example, assign the Virtual Machine Creator role to user Nancy and apply it to the Finance folder. Virtual Machine Creator role Datastore > Allocate space Network > Assign network Resource > Assign virtual machine to resource pool Virtual machine > Inventory > Create new Virtual machine > Configuration > Add new disk Virtual machine > Configuration > Add or remove device VMware vSphere 4.1: Install, Configure, Manage – Revision A

16 Module 8-16 © 2010 VMware Inc. All rights reserved Lab 13 In this lab, you will manage user access permissions. 1. Configure an ESXi host to use directory services. 2. Use Active Directory accounts to verify proper access to your ESXi host. 3. Create a custom role in vCenter Server. 4. Assign permissions on vCenter Server inventory objects. 5. Verify permission usability. VMware vSphere 4.1: Install, Configure, Manage – Revision A

17 Module 8-17 © 2010 VMware Inc. All rights reserved Module Summary  Define a permission  Describe the rules for applying permissions  Create a custom role  Create a permission VMware vSphere 4.1: Install, Configure, Manage – Revision A

18 Module 8-18 © 2010 VMware Inc. All rights reserved Key Points  A permission is a combination of a user or group and role that is applied to an object in the inventory.  A permission can propagate down the object hierarchy to all subobjects or it can apply only to an immediate object.  As a best practice, define a role using the smallest number of privileges possible for better security and added control. VMware vSphere 4.1: Install, Configure, Manage – Revision A

Download ppt "© 2010 VMware Inc. All rights reserved Access Control Module 8."

Similar presentations

© 2011 VMware Inc. All rights reserved High Availability Module 7.

© 2011 VMware Inc. All rights reserved High Availability Module 7.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Chapter 1 Introducing Windows Server 2012/R2

Chapter 1 Introducing Windows Server 2012/R2
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Introducing VMware vSphere 5.0

Introducing VMware vSphere 5.0
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Storage Management Module 5.

Storage Management Module 5.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
High Availability Module 12.

High Availability Module 12.
Copyright © 2014 EMC Corporation. All Rights Reserved. Exporting NFS File Systems to UNIX/ESXi Upon completion of this module, you should be able to: Export.

Copyright © 2014 EMC Corporation. All Rights Reserved. Exporting NFS File Systems to UNIX/ESXi Upon completion of this module, you should be able to: Export.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Scalability Module 6.

Scalability Module 6.
Virtual Machine Management

Virtual Machine Management

Similar presentations

Ads by Google