Hello,
We have recently begun setting up our new VROPS 6.1 environment and have brought over several groups, user accounts, and identity sources from our previous environment. It is very confusing trying to determine which account is the account that users are actually logging in using. I myself have five account which appear like:
User Name Source type
domain\dbutch1976 Virtual Center - VC
domain\dbutch1976 Virtual Center - VC
domain\dbutch1976 Virtual Center - VC
domain\dbutch1976 Virtual Center group
dbutch1976 Active Directory
How do I determine the actual account that I'm using when I log in? Is it possible to view the Last Logon Time Stamp and determine when (and if) the account was ever used?
Thanks.
If you're logging into the vROps product UI the account used when you login is determined by the "Authentication Source" drop down box on the login page. There may be multiple vCenters listed there in addition to your active directory domain. However, if you're using the vSphere Web client to look at a specific object's health and use the link to "View details in vCenter Operations Manager" it uses VC as the authentication source. You could be using all of the accounts listed depending on how many vCenters you have and how you access the product. I agree it's very confusing to manage.
You might be able to reduce the accounts some by limiting the authentication sources that can used. For example, if you don't use the vSphere Web client to access vROps and don't want vCenter listed as an authentication source on the vROps login page you can disable these options in the Global Settings under Administration. Disabling all three of the vCenter options in global settings should prevent the VC accounts in your list from being created, but will require everyone to use AD authentication.
There isn't a last login time stamp that I'm aware of, but you can probably find the last login under Administration, Audit, User Activity Audit. You can filter by User ID, Auth Source, and a few other properties there. You might have to play with it a bit to find the right account and the last time it was used. I filtered by Auth Source "VC" to see just the vCenter logins.
If you're logging into the vROps product UI the account used when you login is determined by the "Authentication Source" drop down box on the login page. There may be multiple vCenters listed there in addition to your active directory domain. However, if you're using the vSphere Web client to look at a specific object's health and use the link to "View details in vCenter Operations Manager" it uses VC as the authentication source. You could be using all of the accounts listed depending on how many vCenters you have and how you access the product. I agree it's very confusing to manage.
You might be able to reduce the accounts some by limiting the authentication sources that can used. For example, if you don't use the vSphere Web client to access vROps and don't want vCenter listed as an authentication source on the vROps login page you can disable these options in the Global Settings under Administration. Disabling all three of the vCenter options in global settings should prevent the VC accounts in your list from being created, but will require everyone to use AD authentication.
There isn't a last login time stamp that I'm aware of, but you can probably find the last login under Administration, Audit, User Activity Audit. You can filter by User ID, Auth Source, and a few other properties there. You might have to play with it a bit to find the right account and the last time it was used. I filtered by Auth Source "VC" to see just the vCenter logins.
Excellent, informative answer. Thank you!