We are looking to see how we can create a custom compute profile on VMC for HCX.
We have a business that wants to send some VM's up to our VMC SDDC. However, we have a need to restrict them to a particular VM folder/Resource Pools. When we pair with cloudadmin, its possible for them to enumerate all the remote VMs which is a no go.
Is there anyway to restrict what VMs HCX can access at the VMC site? With a custom compute profile we can limit the remote site but don't see a way to do this in VMC.
Please correct me if I am wrong, your requirement is
Correct, hcx should be able to restrict which vms can be seen or replicated and where they can be placed.
Essentially, hcx permissions should be able to be set at the remote side and the vmc side
Currently, if you create a new hcx login it will be able to replicate and see all vms. Even if that login can not see the vm via vicenter gui.
Here is our scenerio,. Hcx is installed to allow a sub business unit to place workloads in vmc. Their side hcx is controlled by them . Nothing can stop them from replicating the HR server sitting in vmc from corporate down to thier vcenter. The service profile for replicatation allows all or nothing.
We did test this. Created a new login and restrict it to a single resource pool/VM folder. From vcenter you can not browse other vms...they are hidden from view.
But that login must have hcx permissions. And once you grant that permission you can browse and replicate all vms from inside the hcx interface.