2,187
edits
(→Install and Configure VMware ESXi: Added Image Builder) |
(→Secure vCenter Server and ESXi: First Pass) |
||
Line 77: | Line 77: | ||
== Secure vCenter Server and ESXi == | == Secure vCenter Server and ESXi == | ||
{|cellpadding="4" cellspacing="0" border="1" | |||
|- style="background-color:#bbddff;" | |||
! Role !! Type !! ESX / VC !! Description | |||
|- | |||
| '''No Access''' || System || ESX & VC || No view or do. Can be used to stop permissions propagating. | |||
|- | |||
| '''Read Only''' || System || ESX & VC || View all except Console, no do. | |||
|- | |||
| '''Administrator''' || System || ESX & VC || Full rights | |||
|- | |||
| '''VM User''' || Sample || VC only || VM start/stop, console, insert media (CD) | |||
|- | |||
| '''VM Power User''' || Sample || VC only || As user plus hardware and snapshot operations | |||
|- | |||
| '''Resource Pool Admin''' || Sample || VC Only || Akin to an OU admin, full rights for child objects | |||
Cannot create new VM's without additional VM and datastore privileges. | |||
|- | |||
| '''Datastore Consumer''' || Sample || VC Only || Allows creation of VMDK's or snapshots in datastore (additional VM privileges to action) | |||
|- | |||
| '''Network Consumer''' || Sample || VC Only || Allows assignment of VM's to networks (additional VM privileges to action) | |||
|} | |||
'''vCentre Access''' | |||
* Disabled logged in users use access as next validation period (default is 24hrs) | |||
'''ESXi Firewall''' | |||
* New for v5 | |||
* Rule set XML files found in <code>/etc/vmware/firewall/</code> | |||
* Should be edited via GUI | |||
'''ESXi and Active Directory''' | |||
* ESX FQDN must match AD domain | |||
* ESX and AD should be synced to same time | |||
* ESX's DNS must be able to resolve the AD domain | |||
* Add to OU container using domain name format | |||
** <code> sandfordit.local/SiliconOU1/MondeoOU2 </code> | |||
== Identify vSphere Architecture and Solutions == | == Identify vSphere Architecture and Solutions == | ||