Greetings all-- I'm sure this is an age old question but I'm curious what folks are doing nowadays with it.
Given the size of our environment, we have a strict no-vcenter-access policy to everyone but our VM server team. If we let every app owners/teams have vCenter access, it'd be insane. That said, I'm constantly asked by the app teams to provide even basic console & power controls to bounce a VM w/o having to get a hold of the server teams in the event RDP is no-longer working.
Anyone know of a good way of providing this access w/o granting them the ability to log into vCenter?
Thanks,
You really can't unless you use something like vRealize Automation. In most cases, though, you can achieve this through folder-level segregation of VMs and then applying a specific role with only those actions to that folder.
Yeah I know sadly. Even on a good day though, that'd still result in at-least a couple hundred user connections at any given time. 😕
I knew vRA had the ability which is why I was hoping someone has come up with some utility that provides a similar feature.
That "utility" would not be a trivial piece of functionality to duplicate what vRA does. The whole system of entitlements and then proxying connections based on a service account is no small task.