4 Replies Latest reply on Sep 10, 2019 7:55 AM by eccl1213

    VMC on AWS Compute profile with HCX

    eccl1213 Enthusiast

      We are looking to see how we can create a custom compute profile on VMC for HCX.

       

      We have a business that wants to send some VM's up to our VMC SDDC.  However, we have a need to restrict them to a particular VM folder/Resource Pools.  When we pair with cloudadmin, its possible for them to enumerate all the remote VMs which is a no go.

       

      Is there anyway to restrict what VMs HCX can access at the VMC site?  With a custom compute profile we can limit the remote site but don't see a way to do this in VMC.

        • 1. Re: VMC on AWS Compute profile with HCX
          E5C6 Lurker
          vExpertVMware Employees

          Are you wanting to create a custom resource pool in VMC and have HCX move them from custom pool on prem for custom pool in VMC?

          • 2. Re: VMC on AWS Compute profile with HCX
            vaibhavt Novice
            VMware Employees

            Hello eccl1213

             

            Please correct me if I am wrong, your requirement is

             

            • HCX Migration (( OnPrem to Cloud )) should be restricted to specific Resource Pool/VM Folder on VMC
            • Is there anyway to restrict what VMs HCX can access at the VMC site , please elaborate

             

             

             

            Thanks,

            Vaibhav

            • 3. Re: VMC on AWS Compute profile with HCX
              A13xxx Enthusiast

              Could you not restrict the access to an account other than cloudadmin?

              • 4. Re: VMC on AWS Compute profile with HCX
                eccl1213 Enthusiast

                Correct, hcx should be able to restrict which vms can be seen or replicated and where they can be placed.

                 

                Essentially, hcx permissions should be able to be set at the remote side and the vmc side

                 

                Currently, if you create a new hcx login it will be able to replicate and see all vms.  Even if that login can not see the vm via vicenter gui.

                 

                Here is our scenerio,. Hcx is installed to allow a sub business unit to place workloads in vmc.  Their side hcx is controlled by them .  Nothing can stop them from replicating the HR server sitting in vmc from corporate down to thier vcenter.  The service profile for replicatation allows all or nothing.

                 

                We did test this.  Created a new login and restrict it to a single resource pool/VM folder.  From vcenter you can not browse other vms...they are hidden from view.

                 

                But that login must have hcx permissions.  And once you grant that permission you can browse and replicate all vms from inside the hcx interface.