trying to design an efficient authentication model for vCO with vCloud Director plug-in


Background info:

- We are using vCloud Director with multiple organizations setup under a single provider VDC.

- We have two AD domains called domain A and domain B. domain A is configured as the LDAP authentication source for each org (the tenant users as vCloud Org admins), while domain B is the LDAP authentication source for vCD/vCenter system administrators.

- vCO, vCD and the vCenter Server vCD controls is on domain B.

- Physical workstations everybody use are in domain A. vCO client is installed on physical workstation.

- Attached is a diagram to help.

What we are trying to achieve:

- we want vCD org admins to be able to login to vCO and create and manage workflows for their own org.

- we want vCD/vCenter system administrators to be able to create and manage workflows for all of vCD and vCenter, as well as be the vCO system administrators.

I'm trying to figure out the most efficient way to setup access and roles for vCO itself, then ensure access for the tenant users is limited to their own orgs.

0 Kudos
0 Replies