VMware Cloud Community
AntonKr
Contributor
Contributor

How to group VMs for security purposes

I would need to provide some basic VMs access to my colleagues. Is there a best practices document for vSphere 6?

They would need:

- view console

- reboot/reset

- change VM networking options

This can be achieved using Virtual Machine User role, I guess.

Each person will have corresponding Active Directory group (security, domain local type).

Now the hard part - each person will have a lot of VMs and access changes frequently.

I would rather not apply permissions at VM level as it is cumbersome.

I cannot not apply permissions at VM Folder level as VM Folders are used to group VMs by their purpose (Production, Test, Service, Networking, ProjectA, ProjectB, etc).

Is there a way to group VMs somehow (by tag?) and assign access permission to that group?

Reply
0 Kudos
1 Reply
LucianoPatrão

Hi,

Permissions in TAGs directly is not possible, only to create/modify and delete TAGs.

But you could create a TAG and add to all your VMs that you need o use for those Users and add a normal user permissions for those TAGed VMs.

Here is an article that I wrote regarding TAGs that could help and give your some ideas to use it.

http://www.provirtualzone.com/vmware-how-to-create-and-use-tags-part-1/

Hope this could help.

Luciano Patrão

VCP-DCV, VCAP-DCV Design 2023, VCP-Cloud 2023
vExpert vSAN, NSX, Cloud Provider, Veeam Vanguard
Solutions Architect - Tech Lead for VMware / Virtual Backups

________________________________
If helpful Please award points
Thank You
Blog: https://www.provirtualzone.com | Twitter: @Luciano_PT
Reply
0 Kudos