VMware Cloud Community
RamonCardena
Contributor
Contributor
‎02-20-2008 04:26 AM

VI Client access restriction

Hi,

I'm trying to control access to the virtual infrastructure. In an early implementation I gave access to VMs trough VI Client to all operators, but now I would like to restrict access and permit only web client (the VI administrators will continue accessing with the VI Client).

Is there any way for restricting access to the VirtualCenter server with the VI Client only to certain clients?

Thanks!

Ramon.

0 Kudos
7 Replies
Neth66
Enthusiast
Enthusiast
‎02-20-2008 04:40 AM

Are you using VirtualCenter?

In any case, you can setup roles and permissions for the VI client. In my setup, I have domain admins with "read-only" permissions, then a group of VMware Admins with "administrator" permissions, and a group of Windows admins with "VM User" permissions.

0 Kudos
hicksj
Virtuoso
Virtuoso
‎02-20-2008 05:34 AM

There was recent discussion (last week) regarding this.

http://communities.vmware.com/message/862539

Essentially, there are not any "web only" restrictions. The users have the same permissions via web or VIC...

May I ask, what is the desire here? I suppose, if you can keep them from getting to the file http://<virtualcenter , they wouldn't have the client available to them in the first place.

RamonCardena
Contributor
Contributor
‎02-20-2008 09:57 AM

Yes I use VirtualCenter. But the permissions are applied to VI client as well as to Web Client and what I want is block VI Client use.

0 Kudos
RamonCardena
Contributor
Contributor
‎02-20-2008 10:03 AM

Ups,, I didn't found this thread before posting this message...

It's a usefull link and it's exactly what I'm looking for. But it's a shame that my first idea was the 2nd option... using a firewall, but as you explain, port 902 is used by both clients.

For new clients I can remove the installer to prevent using it, but I have a few clients yet installed and the users like it more than web client...

0 Kudos
Neth66
Enthusiast
Enthusiast
‎02-20-2008 10:06 AM

What's the reasoning for wanting to keep them out of the VI client? The VI client has more functionality, but you can easily limit what users can do through the use of roles and permissions. (Just make sure you remove the local administrators from the Virtual Center "Administrator" group.)

0 Kudos
RamonCardena
Contributor
Contributor
‎02-21-2008 12:46 AM

I want to keep out of the VI client only people responsible of managing VMs. Me and other virtual infrastructure administrators will continue using VI client.

0 Kudos
mtsm
Contributor
Contributor
‎06-19-2009 11:24 AM

the webclient is stateless so its much better if you have webclient based..... the vi client is statefull and will consume more network / cpu resources from your virtual center server...its a btter idea to restrict vi client access to admins only

0 Kudos