VMware Cloud Community
pearlyshells
Contributor
Contributor
‎01-13-2009 05:37 AM

Virtual Administrator Roles

I have several NT4 servers that are on different ESX3.5 boxes. I also have several groups who administer each NT4 VM server. Right now, I've given each group Virtual Administrator roles in VirtualCenter but since my VirtualCenter is a physical Box and they are Terminal Serving into each they are finding themselves stepping over each other because we only have the Terminal connections in Remote Administration mode. I could buy more TS licenses and activate the servers in TS Application mode but I'm thinking that there must be a way to do this via the VIC. Seems I read somewhere that I could do this using the VI Client. Is that true?

0 Kudos
3 Replies
Texiwill
Leadership
Leadership
‎01-13-2009 06:11 AM

Hello,

Virtual Administrators can step on each other when using the VIC and remote consoles. Instead of Remote Consoles let them use RDP/TS. If they do not need VIrtual Administrator access do not give it to them....

However, the best thing is for the administrators to communicate with each other to solve this problem. I.e. who does what when. Remote Console can always stomp on other remote consoles... Hence why it is really not a great tool.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll

Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
RParker
Immortal
Immortal
‎01-13-2009 06:14 AM

If they do not need VIrtual Administrator access do not give it to them....

AMEN! If they don't need the power to power on/off or change configuration, they don't need console access, period. RDP/TS is EXACTLY what that's for individual Windows machines.

0 Kudos
RParker
Immortal
Immortal
‎01-13-2009 06:18 AM

since my VirtualCenter is a physical Box and they are Terminal Serving into each they are finding themselves stepping over each other

My first question is, what are they doing that they need to be in TS so much and for so long? Console is for one thing, and pretty much one thing, reboot a VM that's hung. After that, they shouldn't be in it. If they can TS/RDP into the machine, what's the console for, a 3rd connection? Not a good idea. Educate them on the proper use of console and best practice for TS, maybe they don't understand. When they start to abuse it, I take away their right and remind them of why they have it, to fix a VM connectivity issue, that's it. Beyond that they don't need the console.

0 Kudos