Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Module 8. Module 2-275 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.

Published byGeraldine Davidson Modified over 8 years ago

Similar presentations

Presentation on theme: "Access Control Module 8. Module 2-275 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware."— Presentation transcript:

1 Access Control Module 8

2 Module 2-275 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware Virtualization VMware ESX and ESXi VMware vCenter Server Networking Storage Virtual Machines Operations Resource Monitoring Data Protection Scalability High Availability Patch Management Installing VMware ESX and ESXi Access Control

3 Module 2-276 Importance VMware vSphere 4.1: Install, Configure, Manage – Revision A  When multiple users are accessing the VMware vSphere™ environment, a best practice is to give each user only the necessary permissions and nothing more. VMware vCenter™ Server allows flexible assignment of permissions.

4 Module 2-277 Module Objectives VMware vSphere 4.1: Install, Configure, Manage – Revision A  Define a permission  Describe the rules for applying permissions  Create a custom role  Create a permission

5 Module 2-278 Access Control Overview VMware vSphere 4.1: Install, Configure, Manage – Revision A The access control system allows the vCenter Server administrator to define a user’s privileges to access objects in the inventory. Key concepts:  Privilege – Defines an action that can be performed  Role – A set of privileges  Object – The target of the action  User/group – Indicates who can perform the action Together, a role, a user or group, and an object define a permission.

6 Module 2-279 Users and Groups VMware vSphere 4.1: Install, Configure, Manage – Revision A vCenter Server or VMware® ESX™/ESXi users/groups can be local users or Active Directory domain users. Active Directory services provides authentication for all local services:  VMware vSphere™ Client  Direct console user interface  Technical support mode (local and remote)  Access through the vSphere API Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role.

7 Module 2-280 Roles VMware vSphere 4.1: Install, Configure, Manage – Revision A Roles are collections of privileges:  They allow users to perform tasks.  They are grouped in categories. Roles include system roles, sample roles, and custom- built roles.

8 Module 2-281 Objects VMware vSphere 4.1: Install, Configure, Manage – Revision A Objects are entities on which actions are performed.  Objects include datacenters, folders, resource pools, clusters, hosts, datastores, networks, and virtual machines. All objects have a Permissions tab.  This tab shows which user or group and role are associated with the selected object.

9 Module 2-282 Assigning Permissions VMware vSphere 4.1: Install, Configure, Manage – Revision A To assign a permission: 1. Select a user. 2. Select a role. 3. (Optional) Propagate the permission to child objects.

10 Module 2-283 Viewing Roles and Assignments VMware vSphere 4.1: Install, Configure, Manage – Revision A The Roles pane shows which users are assigned the selected role on a particular object.

11 Module 2-284 Applying Permissions: Scenario 1 VMware vSphere 4.1: Install, Configure, Manage – Revision A A permission can propagate down the object hierarchy to all subobjects or it can apply only to an immediate object. Greg – Administrator Greg – No Access

12 Module 2-285 Applying Permissions: Scenario 2 VMware vSphere 4.1: Install, Configure, Manage – Revision A When a user is a member of multiple groups with permissions on the same object:  The user is assigned the union of privileges assigned to the groups for that object. Group1 – VM_Power_On (custom role) Group2 – Take_Snapshots (custom role) Members of Group1: Greg Susan Members of Group2: Greg Carla

13 Module 2-286 Applying Permissions: Scenario 3 VMware vSphere 4.1: Install, Configure, Manage – Revision A When a user is a member of multiple groups with permissions on different objects:  For each object on which the group has permissions, the same permissions apply as if they were granted directly to the user. Group1 – Administrator Group2 – Read-only Members of Group1: Greg Susan Members of Group2: Greg Carla

14 Module 2-287 Applying Permissions: Scenario 4 VMware vSphere 4.1: Install, Configure, Manage – Revision A Permissions defined explicitly for the user on an object take precedence over all group permissions on that same object. Group1 – VM_Power_On (custom role) Group2 – Take_Snapshots (custom role) Greg – Read-only Members of Group1: Greg Susan Members of Group2: Greg Carla

15 Module 2-288 Creating a Role VMware vSphere 4.1: Install, Configure, Manage – Revision A Create roles that enable only the necessary tasks:  Example: Virtual Machine Creator Use folders to contain the scope of permissions:  For example, assign the Virtual Machine Creator role to user Nancy and apply it to the Finance folder. Virtual Machine Creator role Datastore > Allocate space Network > Assign network Resource > Assign virtual machine to resource pool Virtual machine > Inventory > Create new Virtual machine > Configuration > Add new disk Virtual machine > Configuration > Add or remove device

16 Module 2-289 Lab 13 VMware vSphere 4.1: Install, Configure, Manage – Revision A In this lab, you will manage user access permissions. 1. Configure an ESXi host to use directory services. 2. Use Active Directory accounts to verify proper access to your ESXi host. 3. Create a custom role in vCenter Server. 4. Assign permissions on vCenter Server inventory objects. 5. Verify permission usability.

17 Module 2-290 Module Summary VMware vSphere 4.1: Install, Configure, Manage – Revision A  Define a permission  Describe the rules for applying permissions  Create a custom role  Create a permission

18 Module 2-291 Key Points VMware vSphere 4.1: Install, Configure, Manage – Revision A  A permission is a combination of a user or group and role that is applied to an object in the inventory.  A permission can propagate down the object hierarchy to all subobjects or it can apply only to an immediate object.  As a best practice, define a role using the smallest number of privileges possible for better security and added control.

Download ppt "Access Control Module 8. Module 2-275 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware."

Similar presentations

© 2011 VMware Inc. All rights reserved High Availability Module 7.

© 2011 VMware Inc. All rights reserved High Availability Module 7.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Chapter 1 Introducing Windows Server 2012/R2

Chapter 1 Introducing Windows Server 2012/R2
Introduction to XTMv WatchGuard Training.

Introduction to XTMv WatchGuard Training.
Introducing VMware vSphere 5.0

Introducing VMware vSphere 5.0
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
High Availability Module 12.

High Availability Module 12.
Copyright © 2014 EMC Corporation. All Rights Reserved. Exporting NFS File Systems to UNIX/ESXi Upon completion of this module, you should be able to: Export.

Copyright © 2014 EMC Corporation. All Rights Reserved. Exporting NFS File Systems to UNIX/ESXi Upon completion of this module, you should be able to: Export.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Scalability Module 6.

Scalability Module 6.
Virtual Machine Management

Virtual Machine Management
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
© 2010 VMware Inc. All rights reserved Data Protection Module 10.

© 2010 VMware Inc. All rights reserved Data Protection Module 10.

Similar presentations

Ads by Google