VMware Cloud Community
Thunderdome
Enthusiast
Enthusiast

Systemadministrator Role

Hi Community

In our company we actually evaluate using vCloud instead of Labmanager. Now we have a problem regarding our roles in the company. We are splitted in 3 parts like infrastructur, operators and user.

INFRASTRUKTUR provides the resources in vCloud and using role SYSTEMADMINISTRATOR under URL: https://<hostname>/cloud

OPERATORS take care of organisations, define roles, consolidate etc. more or less everything below the infrastructure.

My Problem is that I can´t define a role with needed permissions in https://<hostname>/cloud because there is only one harcoded role "SYSTEMADMINISTRATOR". The infrastructur colleagues told us that OPERATORS can´t use this role because they can crash infrastructure, but for OPERATORS organizationadmin URL: https://<hostname>/cloud/org/<orgname>/ they can´t do their work like described below.

Is the wall between SYSTEMADMINSTRATORS and ORGANIZATIONSADMIINISTRATOR really not moveable.

The best solution for my company would by OPERATORS wich logon to https://<hostname>/cloud, but they are not allowed to do infrastructure releated things, but create organizations, operate VMs like consolidate, define roles for organizations etc.

Is there such a possiblity ? because that problem occurs also in other groups in our company. Actually this blocks us to migrate our ~20000 VMs to vCloud.

Best Regards

Michael

Reply
0 Kudos
7 Replies
mreferre
Champion
Champion

Hi Michael. Your requirement is well understood but that feature isn't in the product today. Unfortunately right now the cloud admin role is all or nothing. We heard about your complain from other customers and partners and we do have plan to find a solution hopefully sooner than later.

Massimo.

Massimo Re Ferre' VMware vCloud Architect twitter.com/mreferre www.it20.info
Thunderdome
Enthusiast
Enthusiast

Hi Massimo

Thank you for your quick reply. Finally we need to decide if we wait or start with a big workaround, but this is only possible if our INFRASTRUCTURE and OPERATOR guys come together.

Regards

Michael

Reply
0 Kudos
cfor
Expert
Expert

Not a good solution - but one option would be to have your non system admin - admin's use a portal page that uses API operations to do tasks they need to do at the system level.  Then make org admin account for them for each org they need to be able to get in and work with.  Far from perfect, but might let you get the job done until a better solution comes.

ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Thunderdome
Enthusiast
Enthusiast

Hi Chris

Yes,but on one hand we are not a development department in our company and on the other hand there is the question if this really solve the problem.

If Sysadmin group develops a portal, they need to develop different processes for about 20 departments and OrgAdmins are not able to develope because the have no SysAdmin.

Smiley Wink

Best Regards

Michael

Reply
0 Kudos
mreferre
Champion
Champion

I think what Chris suggested was a portal that connects with cloud admin privileges but then mediates what your help desk people can do.

If what they are supposed to do is a very little subset of what a cloud admin can do than this portal could be simple/limited.

Yet there is some development work you need to do to create that (simple?) portal, as you pointed out.

Sent from my iPhone

Massimo Re Ferre' VMware vCloud Architect twitter.com/mreferre www.it20.info
Reply
0 Kudos
Thunderdome
Enthusiast
Enthusiast

Hi

Is there anything new regarding Systemadministrator Role in vCloud Director 5.1 ? Didn´t find anything in Technical White Paper.

Regards

Michael

Reply
0 Kudos
mreferre
Champion
Champion

Not that I am aware of. That is an area where we haven't introduced massive changes.

Massimo Re Ferre' VMware vCloud Architect twitter.com/mreferre www.it20.info
Reply
0 Kudos