I guess my fear is - could they write something that might query their vms every 1 minute or something crazy and cause a huge load on the cluster? For instance the server owner who is requesting has about 150 vms spread across 15 hosts. I'm sure it is fine but just want to make sure there are no surprises. My other question is will i be able to tell when someone is running queries? Would it show up in the logs of the host or the vms?

I guess my fear is - could they write something that might query their vms every 1 minute or something crazy and cause a huge load on the cluster? For instance the server owner who is requesting has about 150 vms spread across 15 hosts. I'm sure it is fine but just want to make sure there are no surprises. My other question is will i be able to tell when someone is running queries? Would it show up in the logs of the host or the vms?

Yes, they can write something that will bombard the VC db with queries.

Luckily you find out about most of the tasks a user launches against a vSphere server with the Get-VIEvent cmdlet when you use the -Username parameter.

____________

Blog: LucD notes

Twitter: lucd22

I would suggest looking into the Hytrust appliance to control access. The current problem w/ the API is that it cannot be locked down to disallow mass change to environment, so something as harmless as granting access to change a vm's network segment could blow up in your face if the user decided to run that against all their vm's.

Querying in general usually isn't something to worry about except in the case below, but a query would usually just take a long time on their end unless they use the get-view cmdlet.

Chris Nakagaki (Zsoldier)

http://tech.zsoldier.com

I am out of the office at this time. If you need immediate assistance please contact the mg help desk 804-649-6594.