Managing VMware VirtualCenter

Roles and Permissions
B E S T P R A C T I C E S
2
VMware BEST PRACTI CES
Table of Contents
Introduction ............................................................................................................ 3
VirtualCenter Objects and Permissions ................................................................. 3
Built-in and Custom roles ...................................................................................... 4
Task-based Privilege assignment .......................................................................... 6
Creating a Virtual Machine ............................................................................... 6
Inventory Manipulation .................................................................................... 7
Networking, Storage, and Host Maintenance .................................................. 7
Creating Custom roles ........................................................................................... 8
example: allowing Template Deployment to a resource Pool ........................ 8
example: Network administrator ..................................................................... 9
example: VMware Consolidated Backup User .................................................. 10
recommendations for VirtualCenter roles ............................................................ 10
appendix: Perl Script for Listing all role assignments ........................................ 12
about the author .................................................................................................... 14
3
VMware BEST PRACTI CES
Introduction
Oro koy n.r.gonort t.sk |r . \V...o |r|..st.JctJ.o orv|.cr
nort |s Joto.n|r|rg .|c c.r Jso \V...o \|.tJ.|´orto. .rJ
.|.t t.sks t|cso Jso.s ..o .Jt|c.|.oJ tc po.|c.n ¯|o po.scr
.|c |.s t|o .c|o c| .Jn|r|st..tc. |c. t|o syston |s .Jt|c.|.oJ
tc .ss|gr t|o .|g|ts rooJoJ by ct|o. Jso.s Coro..||y, cr|y .
||n|toJ sot c| pocp|o s|cJ|J bo g|vor t|o .Jn|r|st..tc. .c|o ||
ycJ ..o t|o .Jn|r|st..tc., ycJ s|cJ|J t|or Jso \|.tJ.|´orto.
.c|os, Josc.|boJ |r t|o soct|crs t|.t |c||c., tc Jo|og.to n.r.go
nort c| |S` So.vo. |csts .rJ v|.tJ.| n.c||ros tc ct|o.s
¯||s p.po. |rt.cJJcos ycJ tc t|o ..y \|.tJ.| |r|..st.JctJ.o 3
ccrt.c|s .ccoss tc .oscJ.cos .rJ Josc.|bos toc|r|,Jos ycJ c.r
Jso tc .ss|gr .pp.cp.|.to .ccoss .|g|ts o|||c|ort|y |t oxp|.|rs t|o
ccrcopt c| .c|os, p.cv|Jos |r|c.n.t|cr tc |o|p |r t|o Jos|gr c|
cJstcn .c|os, .rJ g|vos .occnnorJ.t|crs |c. |c. tc .c.k .|t|
.c|os .rJ p.|v||ogos |r \|.tJ.|´orto.
VirtualCenter Objects and Permissions
¯|o .Jt|c.|..t|cr tc po.|c.n t.sks |r \V...o |r|..st.JctJ.o |s
gcvo.roJ by .r .ccoss ccrt.c| syston ¯||s syston .||c.s t|o
\|.tJ.|´orto. .Jn|r|st..tc. — Js|rg t|o \|.tJ.| |r|..st.JctJ.o
´||ort — tc spoc||y |r g.o.t Jot.|| .||c| Jso.s c. g.cJps c.r
po.|c.n .||c| t.sks cr .||c| cb¦octs |t |s Jo||roJ Js|rg t|.oo
koy ccrcopts
• Privilege — ¯|o .b|||ty tc po.|c.n . spoc|||c .ct|cr c. .o.J
. spoc|||c p.cpo.ty |x.np|os |rc|JJo pc.o.|rg cr . v|.tJ.|
n.c||ro .rJ c.o.t|rg .r .|..n
• Role — A cc||oct|cr c| p.|v||ogos |c|os p.cv|Jo . ..y tc
.gg.og.to .|| t|o |rJ|v|JJ.| p.|v||ogos t|.t ..o .o,J|.oJ tc
po.|c.n . ||g|o.|ovo| t.sk, sJc| .s .Jn|r|sto. . v|.tJ.|
n.c||ro
• Object — Ar ort|ty Jpcr .||c| .ct|crs ..o po.|c.noJ
\|.tJ.|´orto. cb¦octs ..o J.t.corto.s, |c|Jo.s, .oscJ.co pcc|s,
c|Jsto.s, |csts, .rJ v|.tJ.| n.c||ros
||gJ.o 1 s|c.s t|o ||o...c|y c| cb¦octs ycJ c.r n.r.go |r t|o
\|.tJ.| |r|..st.JctJ.o ´||ort
|r .JJ|t|cr, \|.tJ.|´orto. JoporJs Jpcr t|o Jso.s .rJ g.cJps
Jo||roJ |r ycJ. Act|vo ||.octc.y orv|.crnort c. cr t|o |cc.|
\|rJc.s so.vo. cr .||c| \|.tJ.|´orto. .Jrs Oro koy pc|rt tc
rcto |s t|.t .r |S` So.vo. |cst c.r |.vo |ts c.r sot c| Jso.s
Managing VMware VirtualCenter roles and Permissions
.rJ g.cJps t|.t |s |rJoporJort c| t|o Act|vo ||.octc.y Jso.s
.rJ g.cJps || ycJ ..o Js|rg \|.tJ.|´orto., ycJ s|cJ|J .vc|J
Jo||r|rg .ry Jso.s cr t|o |S` So.vo. |cst boycrJ t|cso t|.t
..o c.o.toJ by Jo|.J|t ¯||s .pp.c.c| p.cv|Jos botto. n.r.go
.b|||ty, boc.Jso t|o.o |s rc rooJ tc syrc|.cr|.o t|o t.c ||sts || .
Jso. c. g.cJp |s .JJoJ c. JpJ.toJ cr cro c| t|o systons |t .|sc
|np.cvos socJ.|ty, boc.Jso |t n.kos |t pcss|b|o |c. .|| po.n|s
s|crs tc bo n.r.goJ |r cro p|.co |c. . |J|| Josc.|pt|cr c| t|o
..y |S` So.vo. .rJ \|.tJ.| |r|..st.JctJ.o ´||ort .occgr|.o .rJ
n.r.go Jso.s .rJ g.cJps, soo t|o soct|crs “|so.s” .rJ “C.cJps”
|r ´|.pto. 15 c| t|o n.rJ.| Basic System Administration |r ycJ.
\V...o |r|..st.JctJ.o JccJnort.t|cr
||gJ.o 2 s|c.s t|o .o|.t|crs||p bot.oor .c|os, cb¦octs, .rJ
Jso.s ¯cgot|o. t|oy Jo||ro . po.n|ss|cr ¯|o .c|o Jo||ros t|o
.ct|crs t|.t c.r bo po.|c.noJ |so.s .rJ g.cJp |rJ|c.to .|c
c.r po.|c.n t|o .ct|cr, .rJ t|o cb¦oct |s t|o t..got c| t|o
.ct|cr |.c| ccnb|r.t|cr c| Jso. c. g.cJp, .c|o, .rJ cb¦oct
nJst bo spoc|||oJ |r ct|o. .c.Js, t|o .Jn|r|st..tc. ||.st so|octs
.r cb¦oct |.cn t|o cvo..|| \|.tJ.|´orto. |rvortc.y, t|or so|octs
root folder
folder
folder folder
folder
folder
folder
folder
template
template
template
network
network
network
datastore
datastore
datastore
VM
VM
VM
VM
VM
VM
VM
VM
VM
cluster
cluster
host
host
host
host
resource pool
resource pool
resource pool
datacenter
datacenter
datacenter
datacenter
datacenter
folder
folder
datacenter
datacenter
Hosts and Clusters
Virtual Machines and Templates
Networks
Datastores
Figure 1 — The Virtual Infrastructure Client object hierarchy
4
VMware BEST PRACTI CES
. .c|o tc bo .ss|groJ tc t|.t cb¦oct, t|or so|octs t|o Jso. c.
g.cJp tc .||c| t||s po.n|ss|cr po.t.|rs |c. Jot.||oJ |rst.Jc
t|crs, soo t|o soct|cr “Ass|gr|rg Accoss |o.n|ss|crs” |r c|.pto.
15 c| t|o Basic System Administration gJ|Jo
¯|o.o ..o nc.o t|.r 100 p.|v||ogos, .||c| .cJg||y cc..ospcrJ
tc |rJ|v|JJ.| .ct|crs . \|.tJ.|´orto. Jso. c.r t.ko ¯|oy ..o
g.cJpoJ ||o...c||c.||y |r t|o \|.tJ.| |r|..st.JctJ.o ´||ort
|c. ccrvor|orco ApporJ|x A c| t|o n.rJ.| Basic System
Administration |r ycJ. \V...o |r|..st.JctJ.o JccJnort.t|cr
Josc.|bos .|| c| t|o p.|v||ogos
|c. o.c| po.n|ss|cr, ycJ c.r Joc|Jo .|ot|o. t|o po.n|ss|cr
p.cp.g.tos Jc.r t|o cb¦oct ||o...c|y tc .|| sJbcb¦octs, c. ||
|t .pp||os cr|y tc t|.t |nnoJ|.to cb¦oct |c. ox.np|o, ycJ c.r
|.vo . .c|o c.||oJ |.t.corto. AJn|r|st..tc., .||c| g|vos . Jso.
p.|v||ogos tc n.r.go |csts, rot.c.k, .rJ J.t.stc.os, bJt t|or
c|ccso |c. t|.t .c|o rct tc g..rt t|.t Jso. .Jn|r|st..t|vo p.|v|
|ogos |c. v|.tJ.| n.c||ros cr t|cso |csts |r . ccrt..st|rg c.so,
ycJ c.r g..rt . Jso. vo.y ||n|toJ po.n|ss|crs ,|c. ox.np|o,
.o.Jcr|y) |.cn t|o J.t.corto. |ovo| cr Jc.r...J, t|or g..rt
nc.o po.n|ss|vo .c|os cr co.t.|r sJbcb¦octs, |c. ox.np|o, .
|c|Jo. c| v|.tJ.| n.c||ros
|r .JJ|t|cr tc spoc||y|rg .|ot|o. po.n|ss|crs goro..||y p.cp.
g.to Jc.r...J, ycJ c.r cvo..|Jo po.n|ss|crs sot .t . ||g|o.
|ovo| by oxp||c|t|y sott|rg J|||o.ort po.n|ss|crs |c. . |c.o.|ovo|
cb¦oct |c. ox.np|o, ycJ n|g|t g|vo . Jso. .o.Jcr|y po.n|s
s|cr .t t|o J.t.corto. |ovo| .rJ .Jn|r|st..tc. po.n|ss|cr |c.
. p..t|cJ|.. |c|Jo. || ycJ sot t|o .Jn|r|st..tc. po.n|ss|cr tc
p.cp.g.to, t|.t po.n|ss|cr .|sc .pp||os tc .|| b..rc|os bo|c.
t|.t p..t|cJ|.. |c|Jo. || ycJ sot t|o .Jn|r|st..tc. po.n|ss|cr
bJt Jc rct sot |t tc p.cp.g.to, t|o Jso. |.s rc .|g|ts .t .|| cr
b..rc|os bo|c. t|.t p..t|cJ|.. |c|Jo. — rct ovor .o.Jcr|y
Note: ¯|o.o |s . krc.r |ssJo |r \|.tJ.|´orto. 201 .rJ |c.o.
t|.t c.Jsos . n|s|o.J|rg J|sp|.y |rJ|c.t|rg .o.Jcr|y po.
n|ss|cr .t |c.o. |ovo|s ovor .|or p.cp.g.t|cr |s rct sot ¯||s
|ssJo .||octs cr|y t|o J|sp|.y |r t|o Jso. |rto.|.co ¯|o .ctJ.|
po.n|ss|crs ..o sot .s Josc.|boJ |r t||s p.po.
¯|o rc.n.| p.ccoss c| sott|rg Jp Jso.s, g.cJps, .rJ po.n|ss|crs
c.r g..rt . Jso. J|||o.|rg po.n|ss|crs cr t|o s.no cb¦oct ¯||s
c.r |.ppor o.s||y ||, |c. ox.np|o, t|o Jso. bo|crgs tc t.c J|||o.
ort g.cJps .rJ t|o t.c g.cJps |.vo J|||o.ort po.n|ss|crs cr
t|o cb¦oct |r t||s c.so, t|o Jso. |s g..rtoJ po.n|ss|crs t|.t ..o
. Jr|cr c| t|o g.cJps’ po.n|ss|crs |c. ox.np|o, || cro g.cJp |s
.||c.oJ tc pc.o. cr v|.tJ.| n.c||ros .rJ t|o ct|o. |s .||c.oJ
tc t.ko sr.ps|cts, t|or . Jso. .|c |s . nonbo. c| bct| g.cJps
c.r Jc bct| || .r |rJ|v|JJ.| Jso. |.s .r oxp||c|t po.n|ss|cr sot
cr t|o cb¦oct, |c.ovo., t||s |rJ|v|JJ.| po.n|ss|cr cvo..|Jos
.|| |np||oJ g.cJp po.n|ss|crs |c. ox.np|o, || . .c|o t|.t Jcos
rct po.n|t pc.o.|rg cr v|.tJ.| n.c||ros c. t.k|rg sr.ps|cts
|s g..rtoJ tc . Jso. oxp||c|t|y cr t|.t cb¦oct, t|o Jso. c.rrct
po.|c.n o|t|o. .ct|cr
Built-in and Custom roles
\|.tJ.|´orto. .rJ |S` So.vo. |csts p.cv|Jo Jo|.J|t .c|os
• System roles – Syston .c|os ..o po.n.rort .rJ t|o
p.|v||ogos .sscc|.toJ .|t| t|oso .c|os c.rrct bo c|.rgoJ
¯|o t|.oo syston .c|os ..o |c Accoss, |o.JOr|y, .rJ
AJn|r|st..tc. ¯|o |.tto. t.c .|sc ox|st |r \|.tJ.|´orto. 1x
• Sample roles – S.np|o .c|os ..o p.cv|JoJ |c. ccrvor|orco
.s gJ|Jo||ros .rJ sJggost|crs ¯.b|o 1 ||sts t|o s.np|o .c|os |r
\|.tJ.|´orto. 2x |cto t|.t t.c c| t|oso .c|os ..o no.rt tc
onJ|.to t|o .c|os .|t| t|o s.no r.nos |r \|.tJ.|´orto. 1x
¯|o AJn|r|st..tc. .c|o |s t|o ncst pc.o.|J| cro |r
\|.tJ.|´orto. |t ossort|.||y .||c.s t|o Jso. tc po.|c.n ovo.y
.v.||.b|o .ct|cr |r \|.tJ.|´orto. +cJ s|cJ|J g..rt t||s .c|o tc
.s |o. Jso.s .s pcss|b|o ¯|o |o.JOr|y .c|o .||c.s t|o Jso. tc
v|o. t|o st.to .rJ ccr||gJ..t|cr c| cb¦octs .|t|cJt ncJ||y
|rg t|on ¯|o |c Accoss .c|o p.ovorts . Jso. |.cn soo|rg .ry
cb¦octs |t |s o,J|v.|ort tc .ss|gr|rg rc .c|o tc . Jso. |c. . p..
t|cJ|.. cb¦oct ¯|o |c Accoss .c|o |s Jso|J| |r ccr¦Jrct|cr .|t|
ct|o. .c|os tc ||n|t t|o|. sccpo, .s s|c.r |r .r ox.np|o |.to. |r
t||s p.po.
¯|o bJ||t|r .c|os p.cv|Jo . ..y tc got st..toJ .|t| \|.tJ.|´orto.
po.n|ss|crs n.r.gonort by stJJy|rg ¯.b|o 1, t|or ox.n|r|rg
t|o p.|v||ogos c| o.c| .c|o |r t|o \| ´||ort, ycJ c.r Joto.n|ro
.||c| .c|os ..o .pp.cp.|.to |c. t|o po.scrro| |r ycJ. orv|.cr
nort bo.. |r n|rJ t|.t . .c|o nJst bo .pp||oJ tc .r cb¦oct
|c. . spoc|||oJ Jso. c. g.cJp |r c.Jo. tc c.o.to . po.n|ss|cr
+cJ s|cJ|J Joc|Jo .||c| cb¦oct |r t|o |rvortc.y ||o...c|y |s
t|o .pp.cp.|.to cro tc .||c| tc .pp|y t|o .c|o |c. ox.np|o,
|rsto.J c| g..rt|rg t|o \|.tJ.| V.c||ro AJn|r|st..tc. .c|o
tc scnocro cr |rJ|v|JJ.| v|.tJ.| n.c||ros, ycJ c.r g.cJp
so|octoJ v|.tJ.| n.c||ros |r . |c|Jo., t|or .pp|y t||s .c|o tc t|o
|c|Jo., .|t| p.cp.g.t|cr or.b|oJ
Role
Permission
User/Group Object
Figure 2 — The conceptual structure of a permission
5
VMware BEST PRACTI CES
|r ncst c.sos, ycJ s|cJ|J or.b|o p.cp.g.t|cr .|or .ss|gr|rg .
.c|o ¯||s p.ovorts ccr|Js|cr .|or . ro. cb¦oct |s |rso.toJ |rtc
t|o |rvortc.y ||o...c|y, || p.cp.g.t|cr |s rct sot, |t n|g|t rct bo
c|o.. .|y . Jso. |.s rc po.n|ss|crs cr t|o ro. cb¦oct |rsto.J
c| J|s.b||rg p.cp.g.t|cr, ycJ c.r oxp||c|t|y ||n|t t|o oxtort c|
. .c|o by Js|rg t|o |c Accoss .c|o |c. ox.np|o, ycJ c.r g..rt
t|o \|.tJ.|´orto. |c.o. |so. .c|o cr . |c|Jo. c| v|.tJ.| n.c||ros
tc . g.cJp \|t| p.cp.g.t|cr or.b|oJ, t|o s.no .c|o |s g..rtoJ
cr .|| v|.tJ.| n.c||ros |r t|.t |c|Jo. .t .ry g|vor t|no, .rJ
ycJ Jc rct rooJ tc .JJ .rJ .oncvo t|oso p.|v||ogos cr v|.tJ.|
n.c||ros .s t|oy ccno .rJ gc |.cn t|o |c|Jo. |c.ovo., ||
ycJ ..rt tc |.vo . sJb|c|Jo. c| v|.tJ.| n.c||ros t|.t s|cJ|J
rct bo Js.b|o by t||s g.cJp, ycJ c.r .ss|gr t|o |c Accoss .c|o
cr t|.t spoc|||c sJb|c|Jo. ¯|o v|.tJ.| n.c||ros |r t|o spoc|||oJ
sJb|c|Jo. ..o rc. o||oct|vo|y |rv|s|b|o tc Jso.s |r t||s g.cJp, t|o
sott|rg o||oct|vo|y n.sks t||s |c|Jo. |c. t|o g.cJp
¯|o .c|ooJ|t|rg |.c|||t|os |r t|o \|.tJ.| |r|..st.JctJ.o ´||ort .||c.
ycJ tc c.o.to p.|v||ogo sots t|.t n.tc| ycJ. Jso. rooJs +cJ
c.r c.o.to cJstcn .c|os o|t|o. |r \|.tJ.|´orto. c. J|.oct|y cr .r
|S` So.vo. |cst |c.ovo., t|o .c|os ycJ c.o.to J|.oct|y cr .r
|S` So.vo. |cst ..o rct .ccoss|b|o .|t||r \|.tJ.|´orto. +cJ c.r
.c.k .|t| t|oso .c|os cr|y || ycJ |cg |r tc t|o |cst J|.oct|y |.cn
t|o \|.tJ.| |r|..st.JctJ.o ´||ort
Oro ccrvor|ort ..y tc c.o.to . cJstcn .c|o |s tc st..t .|t|
.r ox|st|rg .c|o, t|or n.ko ncJ|||c.t|crs tc |t |r t|o \|.tJ.|
|r|..st.JctJ.o ´||ort, .|g|tc||ck|rg cr . .c|o .rJ so|oct|rg Clone
p.cJJcos . ccpy c| t|o .c|o +cJ c.r t|or .or.no t|o .c|o .rJ
ncJ||y t|o p.|v||ogos .pp.cp.|.to|y
Note: || .ry .c|o |s g..rtoJ cr .r cb¦oct |c. . Jso., t|.t Jso. |s
.b|o tc v|o. .|| t|o |r|c.n.t|cr |c. t|.t cb¦oct |r ct|o. .c.Js,
t|o Jso. n|g|t |.vo p.|v||ogos tc po.|c.n cr|y co.t.|r t.sks bJt
.|sc |.s t|o o,J|v.|ort c| .o.Jcr|y p.|v||ogos |c. ovo.yt||rg
o|so t|.t po.t.|rs tc t|.t cb¦oct ¯|o.o|c.o, ycJ nJst bo c..o|J|
.bcJt g..rt|rg v|s|b|||ty tc Jso.s cr co.t.|r p..ts c| t|o |r|..
st.JctJ.o t|.t n|g|t rct bo |rtorJoJ
Role User Capabilities
\|.tJ.| V.c||ro |so.
,o,J|v.|ort tc t|o .c|o
.|t| t|o s.no r.no |r
\|.tJ.|´orto. 1x)
|o.|c.n .ct|crs cr v|.tJ.| n.c||ros cr|y
|rto..ct .|t| v|.tJ.| n.c||ros, bJt rct c|.rgo t|o v|.tJ.| n.c||ro ccr||gJ..t|cr ¯||s |rc|JJos
• A|| p.|v||ogos |c. t|o sc|oJJ|oJ t.sks p.|v||ogos g.cJp
• So|octoJ p.|v||ogos |c. t|o g|cb.| |tons .rJ v|.tJ.| n.c||ro p.|v||ogos g.cJps
• |c p.|v||ogos |c. t|o |c|Jo., J.t.corto., J.t.stc.o, rot.c.k, |cst, .oscJ.co, .|..ns, soss|crs, po.|c.n.rco, .rJ
po.n|ss|crs p.|v||ogos g.cJps
\|.tJ.| V.c||ro |c.o. |so. |o.|c.n .ct|crs cr t|o v|.tJ.| n.c||ro .rJ .oscJ.co cb¦octs
|rto..ct .rJ c|.rgo ncst v|.tJ.| n.c||ro ccr||gJ..t|cr sott|rgs, t.ko sr.ps|cts, .rJ sc|oJJ|o t.sks ¯||s
|rc|JJos
• A|| p.|v||ogos |c. sc|oJJ|oJ t.sk p.|v||ogos g.cJp
• So|octoJ p.|v||ogos |c. g|cb.| |tons, J.t.stc.o, .rJ v|.tJ.| n.c||ro p.|v||ogos g.cJps
• |c p.|v||ogos |c. |c|Jo., J.t.corto., rot.c.k, |cst, .oscJ.co, .|..ns, soss|crs, po.|c.n.rco, .rJ po.n|ss|crs
p.|v||ogos g.cJps
|oscJ.co |cc| AJn|r|st..tc. |o.|c.n .ct|crs cr J.t.stc.os, |csts, v|.tJ.| n.c||ros, .oscJ.cos, .rJ .|..ns
|.cv|Jos .oscJ.co Jo|og.t|cr .rJ |s .ss|groJ tc .oscJ.co pcc| |rvortc.y cb¦octs ¯||s |rc|JJos
• A|| p.|v||ogos |c. |c|Jo., v|.tJ.| n.c||ro, .|..ns, .rJ sc|oJJ|oJ t.sk p.|v||ogos g.cJps
• So|octoJ p.|v||ogos |c. g|cb.| |tons, J.t.stc.o, .oscJ.co, .rJ po.n|ss|crs p.|v||ogos g.cJps
• |c p.|v||ogos |c. J.t.corto., rot.c.k, |cst, soss|crs, c. po.|c.n.rco p.|v||ogos g.cJps
|.t.corto. AJn|r|st..tc. |o.|c.n .ct|crs cr g|cb.| |tons, |c|Jo.s, J.t.corto.s, J.t.stc.os, |csts, v|.tJ.| n.c||ros, .oscJ.cos, .rJ .|..ns
Sot Jp J.t.corto.s, bJt .|t| ||n|toJ .b|||ty tc |rto..ct .|t| v|.tJ.| n.c||ros ¯||s |rc|JJos
• A|| p.|v||ogos |c. |c|Jo., J.t.corto., J.t.stc.o, rot.c.k, .oscJ.co, .|..ns, .rJ sc|oJJ|oJ t.sk p.|v||ogos g.cJps
• So|octoJ p.|v||ogos |c. g|cb.| |tons, |cst, .rJ v|.tJ.| n.c||ro p.|v||ogos g.cJps
• |c p.|v||ogos |c. soss|cr, po.|c.n.rco, .rJ po.n|ss|cr p.|v||ogos g.cJps
\|.tJ.| V.c||ro AJn|r|st..tc.
,o,J|v.|ort tc t|o .c|o
.|t| t|o s.no r.no |r
\|.tJ.|´orto. 1x)
|o.|c.n .ct|crs cr g|cb.| |tons, |c|Jo.s, J.t.corto.s, J.t.stc.os, |csts, v|.tJ.| n.c||ros, .oscJ.cos, .|..ns, .rJ
soss|crs ¯||s |rc|JJos
• A|| p.|v||ogos |c. .|| p.|v||ogo g.cJps, oxcopt po.n|ss|crs
Table 1 — Sample roles included in VirtualCenter 2.x
6
VMware BEST PRACTI CES
Task-based Privilege assignment
|c|os g.t|o. tcgot|o. co.t.|r p.|v||ogos, n.k|rg |t s|np|o. tc
.ss|gr t|cso p.|v||ogos tc Jso.s c. g.cJps |r ncst c.sos, t|o
r.no c| t|o p.|v||ogo |rJ|c.tos t|o t.sk t|.t |t .||c.s . Jso. tc
po.|c.n |c.ovo., t|o.o ..o scno t.sks t|.t .o,J|.o . ccc.
J|r.toJ sot c| p.|v||ogos tc bo or.b|oJ ¯||s soct|cr p.osorts
scno ox.np|os c| sJc| t.sks, .rJ .|.t p.|v||ogos ..o .o,J|.oJ
tc or.b|o t|on tc bo po.|c.noJ |r t|o|. ort|.oty
Creating a Virtual Machine
¯.b|o 2 p.osorts .|| t|o p.|v||ogos .o|.toJ tc c.o.t|rg . ro.
v|.tJ.| n.c||ro .rJ t|o cb¦octs tc .||c| t|oy s|cJ|J bo
.pp||oJ
Sovo..| pc|rts Joso.vo spoc|.| .ttort|cr
• read-Only role — As s|c.r |r ¯.b|o 2, |c. t|o Jso. |r t||s
ox.np|o, ycJ nJst .pp|y t|o |o.JOr|y .c|o |c. t|o J.t.cor
to. t|.t ccrt.|rs t|o J.t.stc.o cr .||c| t|o v|.tJ.| n.c||ro
.||| .os|Jo c. cr . |c|Jo. ccrt.|r|rg t|o J.t.corto. ¯||s
sott|rg .||c.s t|o p.cv|s|cr|rg cpo..t|cr tc Joto.n|ro .|o.o
t|o v|.tJ.| n.c||ro s|cJ|J bo p|.coJ boc.Jso J.t.stc.os
t|onso|vos c.rrct bo .ss|groJ .c|os, ycJ n.r.go p.|v||ogos
|c. J.t.stc.os |rJ|.oct|y t|.cJg| t|o p..ort J.t.corto.
+cJ Jc rct rooJ tc .ss|gr t|o |o.JOr|y .c|o || ycJ |.vo
.ss|groJ .ry c| t|o ct|o. p.|v||ogos .t t|o J.t.corto. |ovo|
\|orovo. .ry .c|o ct|o. t|.r |c Accoss |s .ss|groJ |c. t|o
J.t.corto., t|o Jso. .Jtcn.t|c.||y gots .o.Jcr|y po.n|s
s|crs cr t|o J.t.corto. cb¦oct Sc, |c. ox.np|o, || ycJ .ss|gr
Virtual Machine > Inventory > Create .t t|o J.t.corto.
|ovo|, t|o .JJ|t|cr.| |o.JOr|y .c|o .ss|grnort .cJ|J bo
.oJJrJ.rt
• Propagation — || ycJ oxp||c|t|y .ss|groJ t|o |o.JOr|y .c|o
tc . J.t.corto., t|.t Jcos rct rooJ tc p.cp.g.to boycrJ t|o
J.t.corto. ,Jc.r tc |c|Jo.s, |csts, c|Jsto.s, .oscJ.co pcc|s, c.
v|.tJ.| n.c||ros) |c.ovo., || ycJ .pp|y t|o |o.JOr|y .c|o tc
. |c|Jo. ccrt.|r|rg t|o J.t.corto., ycJ nJst or.b|o p.cp.g.
t|cr |c. t|.t .c|o tc .o.c| t|o J.t.corto. cb¦oct boc.Jso t|o
Jopt| c| p.cp.g.t|cr c.rrct bo spoc|||oJ, t||s sott|rg g|vos
t|o Jso. .o.Jcr|y p.|v||ogos cr ovo.y cb¦oct |r t|o J.t.corto.
|r t||s c.so, ycJ c.r Jso t|o |c Accoss .c|o tc n.sk cb¦octs
t|.t s|cJ|J rct bo v|s|b|o tc t|o Jso.
• Disk management — ¯|o p.|v||ogo Virtual Machine >
Configuration > Add New Disk .||c.s t|o Jso. tc c.o.to .
ro. v|.tJ.| J|sk |||o cr . J.t.stc.o ccrt.|roJ |r t|o spoc|||oJ
J.t.corto. c. |r t|o J.t.corto. |r .||c| t|o spoc|||oJ v|.tJ.|
n.c||ro |c|Jo. |s |cc.toJ ¯|o p.|v||ogo Virtual Machine
> Configuration > Raw Device |s rocoss..y cr|y || .r
||V vc|Jno .||| bo JsoJ tc stc.o t|o |rto.r.| J|sk |c. t|o
v|.tJ.| n.c||ro S|n||..|y, t|o p.|v||ogo Virtual Machine >
Configuration > Add Existing Disk |s rc.n.||y rct rocos
s..y, boc.Jso |r ncst c.sos . ro. v|.tJ.| J|sk |s c.o.toJ .|or
scnocro c.o.tos . v|.tJ.| n.c||ro |c.ovo., t||s p.|v||ogo |s
rooJoJ |r t|o |c||c.|rg s|tJ.t|crs
• |s|rg . v|.tJ.| J|sk |.cn .rct|o. \V...o p.cJJct ,sJc|
.s \V...o \c.kst.t|cr)
Privilege Object
Virtual Machine > Inventory >
Create
A Jost|r.t|cr |c|Jo. c| v|.tJ.| n.c||ros |r t|o J.t.corto., . |c|Jo. ccrt.|r|rg . J.t.corto., c. t|o J.t.corto.
|tso|| || ycJ Jc rct Jso |c|Jo.b.soJ c.g.r|..t|cr
|o,J|.oJ |c. .ry v|.tJ.| n.c||ro c.o.t|cr
Virtual Machine >
Configuration > Add New Disk
A Jost|r.t|cr |c|Jo. c| v|.tJ.| n.c||ros |r t|o J.t.corto., . |c|Jo. ccrt.|r|rg . J.t.corto., c. t|o J.t.corto.
|tso|| || ycJ Jc rct Jso |c|Jo.b.soJ c.g.r|..t|cr
Or|y || |rc|JJ|rg . v|.tJ.| J|sk Jov|co t|.t c.o.tos . ro. v|.tJ.| J|sk |||o ,rct ||V)
Note: ¯||s p.|v||ogo c. AJJ |x|st|rg ||sk .o,J|.oJ |c. .ry v|.tJ.| n.c||ro c.o.t|cr
Virtual Machine >
Configuration > Add Existing
Disk
A Jost|r.t|cr |c|Jo. c| v|.tJ.| n.c||ros |r t|o J.t.corto., . |c|Jo. ccrt.|r|rg . J.t.corto., c. t|o J.t.corto.
|tso|| || ycJ Jc rct Jso |c|Jo.b.soJ c.g.r|..t|cr
Or|y || |rc|JJ|rg . v|.tJ.| J|sk Jov|co t|.t .o|o.s tc .r ox|st|rg v|.tJ.| J|sk |||o ,rct ||V)
Note: ¯||s p.|v||ogo c. AJJ |o. ||sk .o,J|.oJ |c. .ry v|.tJ.| n.c||ro c.o.t|cr
Virtual Machine >
Configuration > Raw Device
A Jost|r.t|cr |c|Jo. c| v|.tJ.| n.c||ros |r t|o J.t.corto., . |c|Jo. ccrt.|r|rg . J.t.corto., c. t|o J.t.corto.
|tso|| || ycJ Jc rct Jso |c|Jo.b.soJ c.g.r|..t|cr
Or|y || |rc|JJ|rg . ... Jov|co n.pp|rg ,||V) c. S´S| p.sst|.cJg| Jov|co |c. Jso by t|o v|.tJ.| n.c||ro
Resource > Assign VM to
Resource Pool
A Jost|r.t|cr .oscJ.co pcc|, |cst, c. c|Jsto.
Read-Only role ¯|o J.t.corto. t|.t ccrt.|rs t|o J.t.stc.o cr .||c| t|o v|.tJ.| n.c||ro .||| .os|Jo c. . |c|Jo. ccrt.|r|rg t|o
J.t.corto. |.cp.g.t|cr Jcos rct |.vo tc bo or.b|oJ |c. t|o J.t.corto., bJt |t nJst bo or.b|oJ |c. . |c|Jo.
Table 2 — Privileges needed for creating a virtual machine

VMware BEST PRACTI CES
• |s|rg . v|.tJ.| J|sk c.o.toJ by . t||.Jp..ty p.cJJct t|.t
|npc.ts . p|ys|c.| n.c||ro ccr||gJ..t|cr |rtc . v|.tJ.|
n.c||ro
• |s|rg . v|.tJ.| J|sk t|.t ..s n.rJ.||y ccp|oJ |.cn
.rct|o. J.t.corto. c. J.t.stc.o
|r .|| t|oso c.sos, t|o ox|st|rg J|sk |||o s|cJ|J bo cr . J.t.
stc.o ccrt.|roJ |r t|o J.t.corto. .|o.o t|o v|.tJ.| n.c||ro
.||| bo c.o.toJ
• resource pools — \|or ycJ .pp|y t|o p.|v||ogo Resource
> Assign VM to Resource Pool, bo ....o t|.t t|o cb¦oct
ncJo| c| \V...o |r|..st.JctJ.o 3 Jsos .oscJ.co pcc|s .s
cb¦octs t|.t p..t|t|cr ccnpJto .oscJ.cos, sJc| .s nonc.y
.rJ ´|| |c.n.||y, . .oscJ.co pcc| |s Jo||roJ oxp||c|t|y .s
scno pc.t|cr c| t|o .oscJ.cos .v.||.b|o cr cro |cst c. .
c|Jsto. c| |csts |c.ovo., || rc oxp||c|t .oscJ.co pcc|s ..o
Jo||roJ, o.c| |cst c. c|Jsto. |s ccrs|Jo.oJ tc |.vo |ts c.r
|np||c|t .oscJ.co pcc| t|.t g.cJps t|o .oscJ.cos c| t|.t |cst
c. c|Jsto. ¯|o .cct .oscJ.co pcc| |s rct J|sp|.yoJ boc.Jso t|o
.oscJ.cos c| t|o |cst ,c. c|Jsto.) .rJ t|o .cct .oscJ.co pcc|
..o .|..ys t|o s.no ¯|o.o|c.o, || t|o.o |s rc r.noJ .oscJ.co
pcc| |rtc .||c| t|o v|.tJ.| n.c||ro |s tc bo Jop|cyoJ, ycJ
nJst .ss|gr t||s p.|v||ogo |c. t|o Jost|r.t|cr |cst c. c|Jsto. ||
. Jso. Jcos rct |c|J t||s p.|v||ogo ,by v|.tJo c| t||s c. scno
ct|o. .c|o) cr .ry r.noJ .oscJ.co pcc|, |cst, c. c|Jsto., t|.t
Jso. c.rrct c.o.to . v|.tJ.| n.c||ro
• Operating system deployment — ¯|o ox.np|o p.osortoJ
|o.o ||sts t|o n|r|nJn p.|v||ogos rooJoJ tc c.o.to . ro.
v|.tJ.| n.c||ro ¯|o roxt t.sk . Jso. |s ||ko|y tc po.|c.n |s
tc Jop|cy .r cpo..t|rg syston crtc t|o ro., b|.rk v|.tJ.|
n.c||ro +cJ rooJ tc g..rJ .pp.cp.|.to p.|v||ogos |c. t||s
t.sk ¯|o spoc|||c p.|v||ogos JoporJ cr |c. ycJ. Jso.s Jop|cy
cpo..t|rg systons |c. ox.np|o, || t|oy Jop|cy t|o cpo..t
|rg syston |.cn .r |SO |n.go cr s|..oJ stc..go, .ss|gr
Datastore > Browse Datastore |c. t|o J.t.corto. || t|oy
Jop|cy t|o cpo..t|rg syston |.cn .r |SO |n.go cr . |cc.|
J|sk cr t|o |cst, .ss|gr Datastore > Browse Datastore
|c. bct| t|o J.t.corto. .rJ t|o |cst || t|oy Jop|cy t|o
cpo..t|rg syston |.cn . p|ys|c.| ´|, J.t.stc.o p.|v||ogos ..o
rct rooJoJ |r .|| c| t|oso c.sos, ncst c| t|o p.|v||ogos |r
Virtual Machine > Configuration .rJ Virtual Machine >
Interaction ..o rooJoJ tc Jop|cy .rJ ccr||gJ.o t|o cpo..t
|rg syston cr t|o v|.tJ.| n.c||ro
Inventory Manipulation
¯.b|o 3 s|c.s ox.np|os c| t.sks t|.t .||oct t|o c.g.r|..t|cr c|
ccnpJto .oscJ.cos |r t|o cvo..|| \V...o |r|..st.JctJ.o 3 |rvor
tc.y .rJ p.|v||ogos .o,J|.oJ |c. o.c| cro
Networking, Storage, and Host Maintenance
¯|o.o ..o co.t.|r p.|v||ogos t|.t po.t.|r spoc|||c.||y tc t|o
ccr||gJ..t|cr c| rot.c.k|rg .rJ stc..go v|.tJ.||..t|cr |r bct|
c.sos, \V...o |r|..st.JctJ.o 3 n.|rt.|rs . |cstcort.|c v|o. c|
t|o .oscJ.cos, .rJ t|o p.|v||ogos ..o Jo||roJ cr . po.|cst b.s|s
|| ycJ t.ko .Jv.rt.go c| p.|v||ogo p.cp.g.t|cr, t|oso p.|v||ogos
c.r bo .ss|groJ .t . ||g|o. |ovo|, sJc| .s c|Jsto. c. |c|Jo., .rJ
t|oy t|or .pp|y tc .|| ccrt.|roJ |csts
boc.Jso scno c| t|oso p.|v||ogos .ctJ.||y or.b|o . |..go
rJnbo. c| t.sks, |t |s |npc.t.rt tc JrJo.st.rJ ox.ct|y .|.t
.ct|crs ..o po.n|ttoJ |c. . Jso. |c|J|rg . .c|o t|.t ccrt.|rs
t|oso p.|v||ogos ¯.b|o 4 cr p.go 8 p.cv|Jos . ||st c| rot.c.k|rg
.rJ stc..go.o|.toJ p.|v||ogos .rJ t|o spoc|||c c.p.b|||t|os t|.t
t|oy .||c. \|t||r .r |rJ|v|JJ.| p.|v||ogo, |t |s rct pcss|b|o tc
J|s.||c. scno c| t|oso t.sks .|||o .||c.|rg ct|o.s, t|o |ovo| c|
g..rJ|..|ty |r \V...o |r|..st.JctJ.o 3 .||c.s ycJ tc .sscc|.to
o|t|o. .|| c. rcro c| t|on .|t| . .c|o ¯|o.o|c.o, ycJ nJst bo
Task Required Privileges
V|g..to . v|.tJ.| n.c||ro Resource > Migrate || t|o v|.tJ.| n.c||ro |s pc.o.oJ cr c. Resource > Relocate || t|o v|.tJ.| n.c||ro |s
pc.o.oJ c|| A|sc .o,J|.os Resource > Assign Virtual Machine to Resource Pool || Jost|r.t|cr |s . J|||o.ort
.oscJ.co pcc| |.cn t|o scJ.co
Vcvo . |cst |rtc . |c|Jo. Host > Inventory > Modify Cluster cr t|o scJ.co c|Jsto., Host > Inventory > Move Host cr t|o |cst, .rJ
Host > Inventory > Add Standalone Host cr t|o t..got |c|Jo.
Vcvo . v|.tJ.| n.c||ro, st.rJ
.|cro |cst, |c|Jo., c|Jsto. c.
J.t.corto. |rtc . |c|Jo.
Folder > Move || t|o cb¦oct |s . |c|Jo., Datacenter > Move || t|o cb¦oct |s . J.t.corto., Host > Inventory >
Move Cluster/Standalone Host || t|o cb¦oct |s . c|Jsto. c. st.rJ.|cro |cst, Virtual Machine > Inventory >
Move || t|o cb¦oct |s . v|.tJ.| n.c||ro c. v|.tJ.| n.c||ro tonp|.to ¯|oso p.|v||ogos ..o c|ockoJ .g.|rst t|o
scJ.co, Jost|r.t|cr, .rJ cb¦oct bo|rg ncvoJ
Vcvo . sot c| .oscJ.co pcc|s
c. v|.tJ.| n.c||ros |rtc .
.oscJ.co pcc|
|| t|o cb¦oct bo|rg ncvoJ |s . .oscJ.co pcc|, Resource > Move Pool nJst bo |o|J cr t|o pcc| bo|rg ncvoJ,
|ts |c.no. p..ort pcc|, .rJ t|o t..got pcc| || t|o cb¦oct |s . v|.tJ.| n.c||ro, Resource > Assign Virtual
Machine to Resource Pool nJst bo |o|J cr t|o t..got pcc| .rJ t|o v|.tJ.| n.c||ro
|oncvo .|| c|||J .oscJ.co pcc|s ¯|o Resource > Remove Pool p.|v||ogo nJst bo |o|J cr t|o p..ort .rJ o.c| c| |ts |nnoJ|.to c|||J.or tc bo
.oncvoJ ¯|o Resource > Assign Virtual Machine to Resource Pool p.|v||ogo nJst bo |o|J cr t|o p..ort
.oscJ.co pcc| .s .o|| .s cr t|o v|.tJ.| n.c||ro
Table 3 — Tasks that required coordinated privileges on multiple objects
8
VMware BEST PRACTI CES
ccn|c.t.b|o .|t| g..rt|rg ovo.y cro c| t|cso .b|||t|os tc .ry
pctort|.| |c|Jo. c| . .c|o t|.t ccrt.|rs t|o p.|v||ogo
¯.b|o 4 .|sc |rc|JJos scno p.|v||ogos .o|.toJ tc t|o ccr||gJ..
t|cr .rJ n.|rtor.rco c| t|o |S` So.vo. |cst As .|t| t|o
rot.c.k|rg .rJ stc..go p.|v||ogos, n.ko sJ.o t|.t Jso.s c.
g.cJps .ss|groJ tc . .c|o ccrt.|r|rg cro c| t|oso p.|v||ogos ..o
.Jt|c.|.oJ tc po.|c.n .|| t|o .ct|crs t|o p.|v||ogo or.b|os t|on
tc po.|c.n
Creating Custom roles
¯|o Jso c.sos Josc.|boJ |r t||s soct|cr |||Jst..tos t|o p.ccoss
c| so|oct|rg .rJ Jo||r|rg t|o p.|v||ogos .o,J|.oJ tc ccnp|oto .
t.sk |.cn st..t tc ||r|s|
Example: Allowing Template Deployment to a Resource
Pool
SJppcso t|.t ycJ ..rt tc or.b|o scno Jso.s tc c.o.to ro.
v|.tJ.| n.c||ros |.cn ox|st|rg tonp|.tos .rJ Jop|cy t|cso
v|.tJ.| n.c||ros |rtc . spoc|||c .oscJ.co pcc| +cJ n|g|t ..rt
tc Jc t||s, |c. ox.np|o, |r . Jovo|cpnort orv|.crnort .|o.o
ycJ ..rt Jovo|cpo.s tc bo .b|o tc .c.k .|t| v|.tJ.| n.c||ros
c| . ||xoJ typo .rJ ..rt tc or.b|o t|on tc c.o.to .s n.ry .s
rooJoJ |c. t|o|. Jovo|cpnort .c.k || ycJ .||c. t|oso v|.tJ.|
n.c||ros tc .Jr cr|y |r . spoc|||oJ .oscJ.co pcc|, ycJ c.r
oxo.c|so ||ro.g..|roJ ccrt.c| cvo. t|o so.vo. .oscJ.cos JsoJ
by t|o Jovo|cpo.s |c. ox.np|o, ycJ c.r Jso ||n|ts tc c.p t|o
.ncJrt c| ´|| c. nonc.y JsoJ by .|| t|o Jovo|cpo. v|.tJ.|
n.c||ros, c. ycJ c.r Jso s|..os tc orsJ.o t|.t .oscJ.cos JsoJ
by t|oso v|.tJ.| n.c||ros ..o .otJ.roJ tc ct|o., nc.o n|ss|cr
c.|t|c.| .oscJ.co pcc|s .|or rooJoJ
Privilege Allowed actions
Host > Configuration > Network
Configuration
• AJJ, .oncvo, c. JpJ.to t|o |c||c.|rg pc.t g.cJps, v|.tJ.| |t|o.rot .J.pto.s, v|.tJ.| s.|tc|os, .rJ so.v|co
ccrsc|o v|.tJ.| |t|o.rot .J.pto.s
• |pJ.to t|o |c||c.|rg || .cJt|rg |c. t|o |cst, || .cJt|rg |c. t|o so.v|co ccrsc|o, ||S ccr||gJ..t|cr |c. t|o
|cst, ||rk spooJ .rJ JJp|ox sott|rgs |c. t|o p|ys|c.| |t|o.rot .J.pto.s
• |ost..t t|o so.v|co ccrsc|o v|.tJ.| rot.c.k .J.pto. |rto.|.co
Host > Configuration > Storage
Partition Configuration
• |r.b|o, J|s.b|o, c. ccr||gJ.o pc||c|os |c. nJ|t|p.t||rg cr . |||
• |osc.r scno c. .|| |bAs cr v|.tJ.| n.c||ros |c. ro. c. .oncvoJ stc..go Jov|cos
• |osc.r |c. ro. c. .oncvoJ \V|S vc|Jnos
• |xtorJ . \V|S vc|Jno by .tt.c||rg . J|sk p..t|t|cr .s .r oxtort
• |c.n.t . ro. \V|S vc|Jno cr . ||| c. J|sk p..t|t|cr
• ´|.rgo t|o p..t|t|crs cr t|o J|sk
• AJJ .rJ .oncvo sorJ t..got ort.|os .rJ st.t|c t..got ort.|os tc t|o |cst bJs .J.pto. J|sccvo.y ||st
• |r.b|o c. J|s.b|o t|o |S´S| sc|t...o |r|t|.tc.
• |pJ.to t|o |c||c.|rg cr .r |S´S| |cst bJs .J.pto. r.no, .||.s, .Jt|ort|c.t|cr p.cpo.t|os, || p.cpo.t|os,
J|sccvo.y p.cpo.t|os
Datastore > Browse Datastore • b.c.so t|o |||os cr . J.t.stc.o, |c. ox.np|o, tc so..c| |c. . v|.tJ.| n.c||ro ,vnx) |||o c. |SO |n.go |||o
VJst bo g..rtoJ .t t|o J.t.corto. |ovo| |c. . s|..oJ J.t.stc.o, .rJ .t bct| t|o J.t.corto. .rJ |cst |ovo|
|c. . |cc.| J|sk J.t.stc.o
Datastore > Rename File • |or.no . J.t.stc.o ,rcto |rccrs|storcy c| r.n|rg)
Datastore > Remove File • |o|oto . |||o |.cn . J.t.stc.o || . v.||J v|.tJ.| J|sk |||o |s spoc|||oJ, .|| t|o ccnpcrorts c| t|o v|.tJ.| J|sk
..o Jo|otoJ
Host > Configuration >
Maintenance
• |Jt . |cst |rtc c. cJt c| n.|rtor.rco ncJo
• |obcct . |cst
• S|Jt Jc.r . |cst
Host > Configuration > Security
Profile and Firewall
• |r.b|o .rJ J|s.b|o rot.c.k so.v|cos cr . |cst ,by cpor|rg c. c|cs|rg t|o cc..ospcrJ|rg pc.t |r t|o
||.o..||)
• ´cr||gJ.o t|o st..tJp pc||cy |c. t|o so.v|cos
• V.rJ.||y st..t c. stcp t|o so.v|cos
Table 4 — Actions enabled by networking, storage, and host maintenance privileges
9
VMware BEST PRACTI CES
Oro ..y tc .pp.c.c| t||s |s tc c.o.to . ro. Jso.Jo||roJ .c|o
c.||oJ |ovo|cpo. .rJ sot t|o n|r|nJn p.|v||ogos rocoss..y |c.
. Jso. .|t| t|.t .c|o tc .cccnp||s| t|oso t.sks ¯.b|o 5 s|c.s
.||c| p.|v||ogos ycJ nJst or.b|o |c. t||s Jso c.so
Privilege Object
Virtual Machine > Inventory >
Create
A Jost|r.t|cr |c|Jo. |r t|o J.t.
corto., c. t|o J.t.corto. |tso||
|| ycJ Jc rct Jso |c|Jo.b.soJ
c.g.r|..t|cr
|| rct .pp||oJ cr t|o J.t.corto.,
ycJ nJst .|sc g..rt t|o Jso.
Read-Only cr t|o J.t.corto.
sop...to|y
Virtual Machine >
Configuration > Add New Disk
A Jost|r.t|cr |c|Jo. |r t|o J.t.
corto., c. t|o J.t.corto. |tso||
|| ycJ Jc rct Jso |c|Jo.b.soJ
c.g.r|..t|cr
A|t|cJg| t||s p.|v||ogo |s
.o,J|.oJ || Js|rg t|o \|.tJ.|
|r|..st.JctJ.o ´||ort, |t |s rct roc
oss..y c| t|o s.no cJstcn .c|o |s
bo|rg JsoJ by .r S|| c||ort
Virtual Machine > Provisioning
> Deploy Template
A tonp|.to c. |c|Jo. c| tonp|.tos
|r t|o J.t.corto.
Resource > Assign VM to
Resource Pool
A Jost|r.t|cr .oscJ.co pcc|, |cst,
c. c|Jsto.
Virtual Machine > Interaction A Jost|r.t|cr .oscJ.co pcc|, |cst
c. c|Jsto.
Table 5 — Privileges used in creating a Developer role
A|t|cJg| t|o p.|v||ogo Virtual Machine > Configuration
> Add New Disk |s .|..ys .o,J|.oJ .|or c.o.t|rg . ro.
v|.tJ.| n.c||ro, t|o \| ´||ort .|sc .o,J|.os t||s p.|v||ogo |c.
Jop|cy|rg . v|.tJ.| n.c||ro |.cn . tonp|.to .rJ |c. c|cr|rg .
v|.tJ.| n.c||ro ¯||s .o,J|.onort |s Jr|,Jo tc t|o \| ´||ort, t|o
p.|v||ogo |s rct .o,J|.oJ |c. .r S|| c||ort t|.t t.|os tc Jop|cy .
tonp|.to c. c|cro . v|.tJ.| n.c||ro
Example: Network Administrator
A cJstcn .c|o .cJ|J .|sc bo Jso|J| |c. .r c.g.r|..t|cr |r
.||c| sop...to g.cJps ..o .ospcrs|b|o |c. n.r.g|rg so.vo.s
.rJ rot.c.ks ¯|o rot.c.k|rg to.n |.s t..J|t|cr.||y n.r.goJ
. J|sc.oto sot c| p|ys|c.| rot.c.k|rg o,J|pnort |r . \V...o
|r|..st.JctJ.o orv|.crnort, |c.ovo., t|oy n.y rooJ tc t.ko
.ospcrs|b|||ty |c. t|o v|.tJ.| rot.c.k|rg t|.t .Jrs |r sc|t...o cr
t|o |S` So.vo. |csts
A .c|o |c. rot.c.k .Jn|r|st..tc.s n|g|t g|vo t|on t|o p.|v||ogo
rooJoJ tc .JJ, .oncvo, .rJ ccr||gJ.o v|.tJ.| s.|tc|os cr .r
|S` So.vo. |cst — c. . g.cJp c| |csts, o|t|o. |r . |c|Jo. c. |r .
J.t.corto. ¯.b|o 6 s|c.s t|o p.|v||ogo rooJoJ |c. t||s .c|o ||
ycJ .pp|y t||s p.|v||ogo .t t|o c|Jsto., |c|Jo., c. J.t.corto. |ovo|,
n.ko sJ.o t|.t p.cp.g.t|cr |s or.b|oJ
Privilege Object
Host > Configuration >
Network
A|| |csts .|cso rot.c.ks ..o
tc bo n.r.goJ by t|o rot.c.k
.Jn|r|st..tc., c. t|o |c|Jo. c.
J.t.corto. ccrt.|r|rg t|oso
|csts, .|t| p.cp.g.t|cr or.b|oJ
Table 6 — Privilege required for Network Administrator role
A|t|cJg| Jso.s .ss|groJ t||s .c|o ..o .b|o tc v|o. ccr||gJ..
t|crs |c. .oscJ.cos ct|o. t|.r rot.c.k s.|tc|os, t|oy Jc rct
|.vo po.n|ss|crs tc c|.rgo .ryt||rg oxcopt rot.c.k sott|rgs
¯||s .c|o t|Js cc..ospcrJs .cJg||y tc t|o .ct|v|t|os t|.t ..o
rc.n.||y |.rJ|oJ by . rot.c.k .Jn|r|st..tc.
10
VMware BEST PRACTI CES

Example: VMware Consolidated Backup User
\V...o ´crsc||J.toJ b.ckJp |s . p.cJJct t|.t |o|ps tc
po.|c.n b.ckJps c| v|.tJ.| n.c||ros |r . \|.tJ.| |r|..st.JctJ.o
3 orv|.crnort |.cn . JoJ|c.toJ p.cxy |cst Js|rg t|o \V...o
sr.ps|ct toc|r|,Jo .rJ |rJJst.yst.rJ..J b.ckJp sc|t...o
¯|o p.cxy |cst ccrrocts tc \|.tJ.|´orto. Js|rg . spoc|.| Jso.
.cccJrt |r c.Jo. tc po.|c.n t|o sr.ps|cts .rJ ct|o. .o|.toJ
t.sks +cJ c.r c.o.to . .c|o t|.t ccrt.|rs cr|y t|o p.|v||ogos
rocoss..y |c. t||s pJ.pcso .rJ .ss|gr |t tc t|o spoc|.| Jso.
.cccJrt ¯.b|o ccrt.|rs t|o ||st c| p.|v||ogos .rJ t|o cb¦octs
tc .||c| t|oy s|cJ|J bo .pp||oJ
Privilege Object
Virtual Machine >
Configuration > Disk Lease
¯|o v|.tJ.| n.c||ros tc bo
b.ckoJ Jp, . |c|Jo. c| v|.tJ.|
n.c||ros, c. t|o J.t.corto. ccr
t.|r|rg t|o v|.tJ.| n.c||ros
Virtual Machine > State >
Create Snapshot
¯|o v|.tJ.| n.c||ros tc bo
b.ckoJ Jp, . |c|Jo. c| v|.tJ.|
n.c||ros, c. t|o J.t.corto. ccr
t.|r|rg t|o v|.tJ.| n.c||ros
Virtual Machine > State >
Remove Snapshot
¯|o v|.tJ.| n.c||ros tc bo
b.ckoJ Jp, . |c|Jo. c| v|.tJ.|
n.c||ros, c. t|o J.t.corto. ccr
t.|r|rg t|o v|.tJ.| n.c||ros
Virtual Machine > Provisioning
> Allow Virtual Machine
Download
¯|o v|.tJ.| n.c||ros tc bo
b.ckoJ Jp, . |c|Jo. c| v|.tJ.|
n.c||ros, c. t|o J.t.corto. ccr
t.|r|rg t|o v|.tJ.| n.c||ros
Table 7 — Privilege required for VMware Consolidated Backup user
recommendations for VirtualCenter roles
¯c n.ko ncst o||oct|vo Jso c| .c|os |r \|.tJ.|´orto., |c||c.
t|oso gJ|Jo||ros
• |os|gr t|o .c|os .|t| t|o rct|cr t|.t \|.tJ.|´orto. s|cJ|J
bo t.o.toJ .s .r .Jn|r|st..t|cr tcc|, rct . goro..|pJ.pcso
no.rs c| g.|r|rg .ccoss tc v|.tJ.| n.c||ros |r p..t|cJ|..
• by Jo|.J|t, .|| Jso.s .|c ..o rct .ss|groJ tc . .c|o .rJ
Jc rct bo|crg tc g.cJp .ss|groJ tc . .c|o |.vo t|o
o,J|v.|ort c| No Access .t t|o tcp|ovo| |csts .rJ
´|Jsto.s |c|Jo. ¯||s p.ovorts Jr.Jt|c.|.oJ Jso.s |.cn
|cgg|rg |r tc \|.tJ.|´orto., or|.rc|rg socJ.|ty .rJ
.vc|J|rg |rc.o.soJ |c.J cr \|.tJ.|´orto. c.JsoJ by .r
oxcoss|vo rJnbo. c| \| ´||ort soss|crs +cJ s|cJ|J .ss|gr
tc .c|os cr|y t|cso spoc|||c Jso.s .rJ g.cJps t|.t nJst
po.|c.n .Jn|r|st..t|vo t.sks |c. \V...o |r|..st.JctJ.o,
.rJ ycJ s|cJ|J .ss|gr t|cso .c|os cr|y |c. .o|ov.rt
cb¦octs |r t|o |rvortc.y
• O.J|r..y Jso.s s|cJ|J rct Jso t|o \V...o v|.tJ.|
n.c||ro ccrsc|o tc .ccoss v|.tJ.| n.c||ros |rsto.J,
t|oy s|cJ|J Jso . st.rJ..J .oncto .ccoss tcc|, sJc| .s
|oncto |osktcp, |AJn|r, c. SS| |vor |c. Jso.s .|c
n|g|t ..rt tc n.r.go p..ts c| t|o v|.tJ.| |r|..st.JctJ.o,
.oncto ccrsc|o .ccoss s|cJ|J bo st.|ct|y ccrt.c||oJ, |c.
bct| socJ.|ty .rJ .JJ|t|rg pJ.pcsos ¯||s |s .r.|cgcJs
tc ccrt.c|||rg .ccoss tc t|o |rtog..toJ ||g|tscJt ccrsc|o
cr . p|ys|c.| so.vo. +cJ c.r J|s.b|o v|.tJ.| n.c||ro
ccrsc|o .ccoss by .oncv|rg t|o p.|v||ogo Virtual
Machine > Interaction > Console Interaction |c. .
.c|o
• \|.tJ.|´orto. .Jrs .s . Jso. t|.t .o,J|.os |cc.| .Jn|r|st..
tc. p.|v||ogo .rJ nJst bo |rst.||oJ by . |cc.| .Jn|r|st..t|vo
Jso. |c.ovo., tc ||n|t t|o sccpo c| .Jn|r|st..t|vo .ccoss,
.vc|J Js|rg t|o \|rJc.s AJn|r|st..tc. Jso. tc cpo..to
\|.tJ.|´orto. .|to. ycJ |rst.|| |t |rsto.J, Jso . JoJ|c.toJ
\|.tJ.|´orto. .Jn|r|st..tc. .cccJrt ¯c Jc sc, t.ko t|o |c||c.
|rg stops
1 ´.o.to .r c.J|r..y Jso. .cccJrt t|.t .||| bo JsoJ tc
n.r.go \|.tJ.|´orto., |c. ox.np|o, t|o \| AJn|r Jso.
V.ko sJ.o t|.t t||s Jso. Jcos rct bo|crg tc .ry |cc.|
g.cJps, sJc| .s |so.s c. AJn|r|st..tc.s ¯||s p.oc.Jt|cr
orsJ.os t|.t .ry |JtJ.o .c|o .ss|grnorts |rvc|v|rg . |cc.|
g.cJp Jcos rct |r.Jvo.tort|y .||oct t||s .cccJrt
2 |r \|.tJ.|´orto., |cg cr .s t|o \|rJc.s AJn|r|st..tc.,
t|or g..rt t|o .c|o c| AJn|r|st..tc. ,t|.t |s, t|o g|cb.|
\|.tJ.|´orto. .Jn|r|st..tc.) tc t|o ro.|y c.o.toJ
.cccJrt cr t|o tcp|ovo| |csts .rJ ´|Jsto.s |c|Jo.
3 |cg cJt c| \|.tJ.|´orto., t|or n.ko sJ.o ycJ c.r |cg |r
tc \|.tJ.|´orto. .s t|o ro. Jso. .rJ t|.t t||s Jso. |s .b|o
tc po.|c.n .|| t.sks .v.||.b|o tc . \|.tJ.|´orto. .Jn|r|s
t..tc.
4 |oncvo t|o po.n|ss|crs |r \|.tJ.|´orto. |c. t|o |cc.|
AJn|r|st..tc.s g.cJp
by ccr||gJ.|rg .cccJrts |r t||s ..y, ycJ .vc|J .Jtcn.t|c.||y
g|v|rg .Jn|r|st..t|vo .ccoss tc Jcn.|r .Jn|r|st..tc.s, .|c
typ|c.||y bo|crg tc t|o |cc.| AJn|r|st..tc.s g.cJp +cJ .|sc
p.cv|Jo . ..y c| gott|rg |rtc \|.tJ.|´orto. .|or t|o Jcn.|r
ccrt.c||o. |s Jc.r, boc.Jso t|o |cc.| \|.tJ.|´orto. .Jn|r|st..
tc. .cccJrt Jcos rct .o,J|.o .oncto .Jt|ort|c.t|cr
• A|t|cJg| |t |s pcss|b|o tc oJ|t t|o bJ||t|r s.np|o .c|os ,rct
t|o syston .c|os), Jc rct ncJ||y t|on |rsto.J, c|cro ro.
.c|os |.cn t|on, t|or ncJ||y t|o c|croJ .c|os ¯||s .pp.c.c|
.||c.s ycJ tc .o|o. tc t|o c.|g|r.| s.np|o .c|os || ycJ ..rt tc
.c|| b.ck c|.rgos ycJ |.vo n.Jo tc t|on
11
VMware BEST PRACTI CES
• ¯.y tc Jo||ro . .c|o Js|rg t|o sn.||ost rJnbo. c| p.|v||ogos
pcss|b|o, sc t|.t socJ.|ty .rJ ccrt.c| cvo. ycJ. orv|.crnort
c.r bo n.x|n|.oJ |r t|o v|.tJ.| n.c||ro c.o.t|cr ox.np|o,
t|o n|r|nJn rJnbo. c| p.|v||ogos .o,J|.oJ tc or.b|o v|.tJ.|
n.c||ro c.o.t|cr |s t|.oo
• Virtual Machine > Inventory > Create
• Virtual Machine > Configuration > Add New Disk
• Resource > Assign VM to Resource Pool
• boc.Jso t|o s.no .c|o c.r bo .pp||oJ tc .ry \V...o
|r|..st.JctJ.o 3 cb¦oct, cro ..y tc orsJ.o t|.t t|o |o.ost
p.|v||ogos ..o g..rtoJ |s tc c.o.to nJ|t|p|o .c|os, o.c| c|
.||c| |s t..gotoJ .t . spoc|||c sot c| t.sks, t|or g..rt o.c|
Jso. c. g.cJp t|o .pp.cp.|.to .c|o cr t|o .pp.cp.|.to cb¦oct
|c. ox.np|o, |r t|o c.so c| t|o cJstcn |ovo|cpo. .c|o, ycJ
c.r c|ccso tc sp||t t||s .c.css t|.oo .c|os
• Deploy Template — Oro .c|o .||c.s cr|y Jop|cynort
|.cn . tonp|.to
• Create Virtual Machine — Arct|o. .c|o .||c.s c.o.t|cr
c| . v|.tJ.| n.c||ro .rJ v|.tJ.| J|sk |r . J.t.corto. c.
|c|Jo.
• Interact with Virtual Machine — ¯|o t||.J .c|o .||c.s
.ss|gr|rg . v|.tJ.| n.c||ro tc . .oscJ.co pcc| .rJ |rto.
.ct|cr .|t| . v|.tJ.| n.c||ro
¯|or ycJ c.r g..rt . Jso. t|o |op|cy ¯onp|.to .c|o cr
tonp|.to |c|Jo. bJ||JA, t|o ´.o.to \|.tJ.| V.c||ro .c|o cr
J.t.corto. |.st, .rJ t|o |rto..ct .|t| \|.tJ.| V.c||ro .c|o cr
.oscJ.co pcc| |ov
• As . cc.c||..y tc t|o p.ov|cJs gJ|Jo||ro, rcto t|.t ycJ c.r
g..rt cr|y cro oxp||c|t .c|o tc . Jso. cr . v|.tJ.| n.c||ro, bJt
t.c J|||o.ort .c|os n|g|t .pp|y |np||c|t|y t|.cJg| p.cp.g.
t|cr |r t|o ox.np|o g|vor .bcvo, ycJ c.r .pp|y t|o ´.o.to
\|.tJ.| V.c||ro .c|o tc . |c|Jo. .rJ .|sc .pp|y t|o |rto..ct
.|t| \|.tJ.| V.c||ro .c|o tc . .oscJ.co pcc| ¯|o Jso. t|or
|.s . Jr|cr c| t|oso p.|v||ogos cr .ry v|.tJ.| n.c||ro t|.t
|s |r t|o |c|Jo. .s .o|| .s |r t|o .oscJ.co pcc| ¯||s no.rs,
|c. ox.np|o, t|.t || ycJ ..rt tc .||c. . Jso. tc bct| c.o.to .
v|.tJ.| n.c||ro .rJ |rto..ct .|t| |t, .|t|cJt JoporJ|rg cr
|rJ|.oct p.|v||ogos t|.cJg| p.cp.g.t|cr, ycJ nJst Jso . .c|o
t|.t ccnb|ros t|o t.c sots c| p.|v||ogos
• ¯.y tc g|vo t|o .c|os r.nos t|.t oxp||c|t|y |rJ|c.to .|.t o.c|
.c|o .||c.s, tc n.ko t|o|. pJ.pcsos c|o.. ¯|o ox.np|os .bcvo
|||Jst..to t||s pc|rt
• |so |c|Jo.s tc ccrt.|r t|o sccpo c| po.n|ss|crs |c. ox.np|o,
|| ycJ ..rt tc ||n|t t|o tonp|.tos |.cn .||c| Jso.s c.r
Jop|cy ro. v|.tJ.| n.c||ros, ycJ c.r pJt t|o .||c.oJ ton
p|.tos |rtc . |c|Jo., t|or .pp|y t|o |op|cy ¯onp|.to .c|o cr
t||s |c|Jo. |c. t|o Jso.s
• boc.Jso c| nonbo.s||p |r J|||o.ort g.cJps, .rJ t|o Jr|cr
c| p.|v||ogos |r|o.|toJ |.cn t|on, |t n|g|t rct .|..ys bo
cbv|cJs .|.t p.|v||ogos ..o g..rtoJ tc . Jso. cr .r cb¦oct
|c.ovo., Act|vo ||.octc.y Jcos rct .||c. t|o |rspoct|cr c| .
Jso.’s g.cJp nonbo.s||ps Jr|oss t|o Jso. |s |cggoJ |r Oro
..y ..cJrJ t||s .ost.|ct|cr |s tc |rspoct .|| t|o .c|o .ss|gr
norts cr .|| cb¦octs, t|or c.css.o|o.orco t|on .|t| . krc.r
||st c| g.cJp nonbo.s||ps c| Jso.s ¯|o \| ´||ort .||c.s ycJ
tc soo t|o .c|os .ss|groJ |c. cb¦octs |rJ|v|JJ.||y, bJt by Js|rg
t|o \V...o |r|..st.JctJ.o S||, ycJ c.r cbt.|r t||s |r|c.n.
t|cr |c. .|| cb¦octs .t crco |r . nc.o st..|g|t|c....J n.rro.
ApporJ|x A s|c.s .r ox.np|o c| . |o.| sc.|pt t|.t Jsos t|o
\| |o.| ¯cc|k|t .rJ goro..tos . ||st c| cb¦octs .|t| t|o .c|os
.ss|grnorts .sscc|.toJ .|t| o.c| cro +cJ c.r Jso t||s sc.|pt
.s . st..t|rg pc|rt .rJ ncJ||y |t tc sJ|t ycJ. rooJs
• Ary Jso. .|c |.s t|o .b|||ty tc goro..to . v|.tJ.| n.c||ro
c. tonp|.to c.r pctort|.||y |r|t|.to . Jor|.|c|so.v|co .tt.ck
by ccnp|oto|y |||||rg Jp . J.t.stc.o .|t| v|.tJ.| J|sk |||os,
.|ot|o. pJ.pcso|J||y c. |r.Jvo.tort|y ¯|o spoc|||oJ p.|v||ogos
t|.t .||c. t||s ..o
• Virtual Machine > Configuration > Add New Disk
• Virtual Machine > Provisioning > Deploy Template
• Virtual Machine > Provisioning > Create Template
from Virtual Machine
• Virtual Machine > Provisioning > Clone Template
|| ycJ ..o Jrccn|c.t.b|o g..rt|rg . Jso. t||s .b|||ty tc ||||
. J.t.stc.o, ycJ nJst or.b|o . nc.o t.JstoJ |rJ|v|JJ.| tc
goro..to v|.tJ.| n.c||ros c. tonp|.tos cr bo|.|| c| t||s Jso.
12
VMware BEST PRACTI CES
appendix: Perl Script for Listing all role
assignments
¯|o |o.| sc.|pt s|c.r |r ||st|rg 1 n.kos Jso c| t|o \V...o
|r|..st.JctJ.o |o.| ¯cc|k|t tc ,Jo.y \|.tJ.|´orto. |c. . ||st c|
.|| t|o .c|os .ss|groJ tc ovo.y cb¦oct |r t|o |rvortc.y ¯|o
.osJ|t|rg ||st s|cJ|J bo c.css.o|o.orcoJ .|t| t|o krc.r sot c|
g.cJp nonbo.s||ps |r ycJ. Act|vo ||.octc.y orv|.crnort Ar
ox.np|o c| t|o cJtpJt |s s|c.r |r ||st|rg 2
+cJ c.r s.vo t|o cJtpJt .s . ´S\ |||o, t|or cpor |t |r .
sp.o.Js|oot c. ct|o. p.cg..n |c. .JJ|t|cr.| p.ccoss|rg c.
.r.|ys|s |r c.Jo. tc .Jr t||s sc.|pt, ycJ nJst |.vo t|o \V...o
|r|..st.JctJ.o |o.| ¯cc|k|t |rst.||oJ cr . syston t|.t .|sc |.s
|o.| |rst.||oJ +cJ c.r ||rJ t|o tcc|k|t .t http://sourceforge.net/
projects/viperltoolkit/
Listing 1: Script to Query VirtualCenter for Roles
#!/usr/bin/perl -w
# Permission Export Utility v1.0
# Contribution by: Karl Rumelhart (krumelhart@vmware.com)
#
# For each for each type of managed entity, HostSystem, VirtualMachine, Datacenter,
# Folder, ComputeResource (i.e. host or cluster), and ResourcePool, this script
# retrieves all objects of that type and then all permissions that are set on the
# objects. It prints out the Object Type, Object Name, User/Group, and Role in comma
# separated value format. This can be piped to a file (“> foo.csv” in windows) and
# opened with Excel.
# Version History:
# V1.00 - (22 Dec 2006)
use strict;
use Getopt::Long;
use VMware::VIRuntime;
my %opts = (service_url => undef,
userid => undef,
password => undef);
GetOptions (\%opts,
“service_url=s”,
“userid=s”,
“password=s”);
if( !defined ($opts{service_url} && $opts{userid} && $opts{password} ) ) {
help();
exit (1);
}
13
VMware BEST PRACTI CES
# login
Vim::login(service_url => $opts{service_url}, \
user_name => $opts{userid}, password => $opts{password});
# the authorization manager is the key to getting permission info
my $auth_mgr = Vim::get_view(mo_ref => Vim::get_service_content()->authorizationManager);
# Get all roles and put them in a hash so we can easily get the name corresponding to
# a roleId
my %role_hash;
my $role_list = $auth_mgr->roleList;
foreach (@$role_list) {
$role_hash{$_->roleId} = $_->name;
}
# Heading for csv columns
print “Object Type, Object Name, User/Group, Role” . “\n”;
# for each type of managed entity run through all objects of that type and all
# permissions defined on that object and print out the corresponding Object Type,
# Object Name, User/Group, Role
my @obj_types = (‘HostSystem’, ‘VirtualMachine’, ‘Datacenter’, ‘Folder’, \
‘ComputeResource’, ‘ResourcePool’);
foreach my $this_type (@obj_types){
my $obj_views = Vim::find_entity_views(view_type => $this_type);
foreach (@$obj_views) {
my $obj_name = $_->name;
my $perm_array = $auth_mgr->RetrieveEntityPermissions(entity => $_, inherited => 1);
foreach(@$perm_array) {
# print object type and name
print $this_type . “, “ . $obj_name . “, “;
# print user/group and role
print $_->principal . “, “ . $role_hash{$_->roleId} . “\n”;
}
}
}
# logout
Vim::logout();
14
VMware BEST PRACTI CES
sub help {
my $help_text = <<’END’;
USAGE:
printperms.pl --service_url <SDK service URL> --userid <VC user login> --password
<VC password>
Example:
perl printperms.pl --service_url https://localhost/sdk/vimService --userid
administrator --password mypassword
The output will be in csv format. Pipe to a file to open with Excel.
END
print $help_text;
}
Listing 2: Sample Output Listing Roles
‘Object Type’,’Object Name’,’User/Group’,’Role’
HostSystem,hostA.vmware.com,Administrators,Admin
HostSystem,hostB.eng.vmware.com,Administrators,Admin
VirtualMachine,CRM Server,Administrators,Admin
VirtualMachine,CRM Server,VCUser,VirtualMachinePowerUser
VirtualMachine,Webserver2,Administrators,Admin
VirtualMachine,Webserver2,VCUser,VirtualMachinePowerUser
about the author
´|..J ´|.Jb.| |s toc|r|c.| n..kot|rg n.r.go. .t \V...o,
.|o.o |o spoc|.||.os |r orto.p.|so J.t.corto. n.r.go
nort |.ov|cJs|y, |o .c.koJ .t SJr V|c.csystons, .|o.o
|o |.J nc.o t|.r sovor yo..s’ oxpo.|orco Jos|gr|rg .rJ
Jovo|cp|rg J|st.|bJtoJ .oscJ.co n.r.gonort .rJ g.|J
|r|..st.JctJ.o sc|t...o sc|Jt|crs |o |.s .|sc Jovo|cpoJ .rJ
Jo||vo.oJ t..|r|rg ccJ.sos cr g.|J ccnpJt|rg tc . v..|oty
c| cJstcno.s .rJ p..tro.s |r t|o |r|toJ St.tos .rJ .b.c.J
´|.Jb.| .oco|voJ . b.c|o|c. c| Sc|orco |r |rg|roo.|rg
|.cn t|o |r|vo.s|ty c| |orrsy|v.r|. .rJ . ||| |.cn t|o
|r|vo.s|ty c| ´.|||c.r|. .t S.rt. b..b..., .|o.o |o stJJ|oJ
t|o rJno.|c.| ncJo||rg c| ccnp|ox ||J|Js |o |s t|o .Jt|c.
c| rJno.cJs pJb||c.t|crs .rJ sovo..| p.torts |r t|o ||o|Js
c| J.t.corto. .Jtcn.t|cr .rJ rJno.|c.| p.|co cpt|n|..t|cr
Acknowledgments
¯|o .Jt|c. .cJ|J ||ko tc t|.rk t|o |c||c.|rg |c. t|o|. v.|J.b|o
|rpJt |cJg ´|..k, |..| |Jnno||..t
VMware, Inc. 3145 Porter Drive Palo Alto CA 94304 USA Tel 650-475-5000 Fax 650-475-5001 www.vmware.com
© 2007 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,397,242, 6,496,847, 6,704,925,
6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966, 6,880,022, 6,961,941, 6,961,806, 6,944,699, 7,069,413;
7,082,598 and 7,089,377; patents pending.
VMware, the VMware “boxes” logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of
VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be
trademarks of their respective companies.
Revision: 20070404 Item: BP-017-PRD-01-01

Sign up to vote on this title
UsefulNot useful