Hi,
I'm trying to control access to the virtual infrastructure. In an early implementation I gave access to VMs trough VI Client to all operators, but now I would like to restrict access and permit only web client (the VI administrators will continue accessing with the VI Client).
Is there any way for restricting access to the VirtualCenter server with the VI Client only to certain clients?
Thanks!
Ramon.
Are you using VirtualCenter?
In any case, you can setup roles and permissions for the VI client. In my setup, I have domain admins with "read-only" permissions, then a group of VMware Admins with "administrator" permissions, and a group of Windows admins with "VM User" permissions.
There was recent discussion (last week) regarding this.
http://communities.vmware.com/message/862539
Essentially, there are not any "web only" restrictions. The users have the same permissions via web or VIC...
May I ask, what is the desire here? I suppose, if you can keep them from getting to the file http://<virtualcenter , they wouldn't have the client available to them in the first place.
Yes I use VirtualCenter. But the permissions are applied to VI client as well as to Web Client and what I want is block VI Client use.
Ups,, I didn't found this thread before posting this message...
It's a usefull link and it's exactly what I'm looking for. But it's a shame that my first idea was the 2nd option... using a firewall, but as you explain, port 902 is used by both clients.
For new clients I can remove the installer to prevent using it, but I have a few clients yet installed and the users like it more than web client...
What's the reasoning for wanting to keep them out of the VI client? The VI client has more functionality, but you can easily limit what users can do through the use of roles and permissions. (Just make sure you remove the local administrators from the Virtual Center "Administrator" group.)
I want to keep out of the VI client only people responsible of managing VMs. Me and other virtual infrastructure administrators will continue using VI client.
the webclient is stateless so its much better if you have webclient based..... the vi client is statefull and will consume more network / cpu resources from your virtual center server...its a btter idea to restrict vi client access to admins only