VMware Cloud Community
fafa24
Enthusiast
Enthusiast

grant access to a vm remotely

Hello

We are a small IT shop and provide vm hosting for our clients. We have a vcenter applicance 6.5 with 10 hosts and about 100VMs.

We would like to give a client console access to a VM. The client should be able to start/stop the VM or making a snapshot. I assume there is a possibility with roles to achieve that. However we don't necessary prefer giving clients access to the vcenter sever. Perhaps a way is to provide access to the host only and create a user with permission. But we think, this is not the proper way since the host is managed by the vcenter and the vm might be migrated to another host.

Is there a way? Maybe a "proxy-server" or another another "front" vcenter.

Thanks,

Edy

Reply
0 Kudos
8 Replies
diegodco31
Leadership
Leadership

Hi

See Using Roles to Assign Privileges

You can integrator with Active Directory

Diego Oliveira
LinkedIn: http://www.linkedin.com/in/dcodiego
Reply
0 Kudos
RickVerstegen
Expert
Expert

Use roles to setup the necessary permissions for the user.

In previous versions you could generate an URL to give the user a console session to a specific VM.

See: VMware Knowledge Base

Unfortunately i don't know if this is still valid for 6.5. I am not able to check this at the moment.

Rick

Was I helpful? Give a kudo for appreciation!
Blog: https://rickverstegen84.wordpress.com/
Twitter: https://twitter.com/verstegenrick
Reply
0 Kudos
fafa24
Enthusiast
Enthusiast

Hi Rick

Many thanks for your reply. This sounds about a good idea to use url. I need to test it. Would the user be able to stop/start the vm with the url?

Reply
0 Kudos
diegodco31
Leadership
Leadership

Reply
0 Kudos
fafa24
Enthusiast
Enthusiast

Hi

The URL to the console or directly to the VM works fine. I created a new user with the role for virtual machine only. However the user still has the possibility to click around in the vcenter webclient. For example going to Administration. I would prefer that the web client is more lockdown.

Thanks,

Reply
0 Kudos
TimCarfrey
Contributor
Contributor

I don't think there is a way around this issue. Because even if you give read-only access those users will see all host.

Reply
0 Kudos
daphnissov
Immortal
Immortal

What you're wanting to do here is really outside the scope for which vCenter Server is meant and closer along the lines of a Cloud Management Platform. vRealize Automation, for example, can do exactly this and is one of its functions. It's probably too much for a small IT shop, but this is the "official" tool for such a job.

Reply
0 Kudos
fafa24
Enthusiast
Enthusiast

Thank you! Good to know there is a tool for this task.

Reply
0 Kudos