vCenter

 View Only

  • 1.  grant access to a vm remotely

    Posted Sep 17, 2018 02:12 PM

    Hello

    We are a small IT shop and provide vm hosting for our clients. We have a vcenter applicance 6.5 with 10 hosts and about 100VMs.

    We would like to give a client console access to a VM. The client should be able to start/stop the VM or making a snapshot. I assume there is a possibility with roles to achieve that. However we don't necessary prefer giving clients access to the vcenter sever. Perhaps a way is to provide access to the host only and create a user with permission. But we think, this is not the proper way since the host is managed by the vcenter and the vm might be migrated to another host.

    Is there a way? Maybe a "proxy-server" or another another "front" vcenter.

    Thanks,

    Edy



  • 2.  RE: grant access to a vm remotely

    Posted Sep 17, 2018 02:25 PM

    Hi

    See Using Roles to Assign Privileges

    You can integrator with Active Directory



  • 3.  RE: grant access to a vm remotely

    Posted Sep 17, 2018 03:12 PM

    Use roles to setup the necessary permissions for the user.

    In previous versions you could generate an URL to give the user a console session to a specific VM.

    See: VMware Knowledge Base

    Unfortunately i don't know if this is still valid for 6.5. I am not able to check this at the moment.

    Rick



  • 4.  RE: grant access to a vm remotely

    Posted Sep 17, 2018 05:41 PM

    Hi Rick

    Many thanks for your reply. This sounds about a good idea to use url. I need to test it. Would the user be able to stop/start the vm with the url?



  • 5.  RE: grant access to a vm remotely



  • 6.  RE: grant access to a vm remotely

    Posted Sep 24, 2018 08:39 AM

    Hi

    The URL to the console or directly to the VM works fine. I created a new user with the role for virtual machine only. However the user still has the possibility to click around in the vcenter webclient. For example going to Administration. I would prefer that the web client is more lockdown.

    Thanks,



  • 7.  RE: grant access to a vm remotely

    Posted Sep 24, 2018 12:33 PM

    I don't think there is a way around this issue. Because even if you give read-only access those users will see all host.



  • 8.  RE: grant access to a vm remotely

    Posted Sep 24, 2018 01:43 PM

    What you're wanting to do here is really outside the scope for which vCenter Server is meant and closer along the lines of a Cloud Management Platform. vRealize Automation, for example, can do exactly this and is one of its functions. It's probably too much for a small IT shop, but this is the "official" tool for such a job.



  • 9.  RE: grant access to a vm remotely

    Posted Sep 24, 2018 02:26 PM

    Thank you! Good to know there is a tool for this task.