[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

What is the best way to lock down an ESXi Local User?

Posted on 2011-02-16
12
Medium Priority
?
1,167 Views
Last Modified: 2012-05-11
I have created a VM that I only want certain users to be able to access. This is for an ESXi server not connected to our Domain or to a vCenter server. So it is only a local user. The VM in question is running in a DMZ so RDP, VNC, etc are out. I want them to access it via vSpheres Console. I have been able to restrict the user so that they can see no host information, and the only thing they can really do is open the console via right click. But they can still see a LOT of information about the VM that I would prefer they not have access to. The only permissions assigned to this roll is the following:

All Priveleges --> Virtual Machine --> Interaction --> Console Interaction

Pretty much all options are greyed out or completely missing. It's just that they can still see the Summary Tab, Resource Allocation, etc. Is there any way to limit it to only the console tab? Or even better, any way to connect a user directly to a VM Console? My boss mentioned that he thought there might be a way to do this via vSphere Remote Command Line. Any ideas?
0
Comment
Question by:CCB-Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 123
ID: 34912643
have a look at my solution here

http://www.experts-exchange.com/Software/Virtualization/Q_26804260.html

if you require further assitance please post back
0
 
LVL 123

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 34912718
also try this

Firsly install the vSphere Client

and then

vmware-vmrc -h esx002 "[vmfs_lun1] BARBUS9/BARBUS9.vmx"

esx002 - ESX server name can be an IP address
[datastore name] - mine is vmfs_lun1

there is a space after ] before the folder name of the VM and VM.vmx

this will give you direct console access to the virtual machine.


0
 
LVL 123
ID: 34912738
You will be prompted to enter username and password for the ESX host server, so you'll need to add these to the users.

But you'll then have a direct console access.

 Console via vmware-vmrc only
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:CCB-Tech
ID: 34912804
Sweet! I most certainly will be trying this tomorrow. I'll get back to you then!
0
 

Author Comment

by:CCB-Tech
ID: 34916146
Okay, I got this working just fine with the root login. However, I am now trying to connect via this method but I'm getting a permission denyed error. I have Console access enabled, what else needs to be enabled?
0
 
LVL 123
ID: 34916173
do you mean you are logging in with another user and it fails?
0
 

Author Comment

by:CCB-Tech
ID: 34916186
Yes, I'm trying to log on as the user I had restricted. I can connect to the console by logging on normally to vSphere Client. But not via this way.
0
 
LVL 123
ID: 34916202
I believe the users will need elevated root permissions to connect to console using vmware-vmrc.
0
 
LVL 123
ID: 34916212
what if you grant Administrator role to the user for the Virtual Machine they need to connect to?
0
 

Author Comment

by:CCB-Tech
ID: 34917005
Woot! I found the answer. This is the link:

http://communities.vmware.com/message/1465136;jsessionid=BABB964ACFEB9B5C49468A693D377369

This is excellent though, because now the user doesn't see anything unncessary inside of vSphere client. It just goes straight to the Console. Is there any way to install just the viewer program and not all of the vSphere Client?
0
 
LVL 123
ID: 34917204
vmware-vmrc is part of the vSphere client, so not on it's own, but just remove the shortcuts and the main vSphere *.exe. If you are concerned the indididual may run it. Or publish as an application under Thin Client that is what we do for Sub-Contractors.
0
 

Author Closing Comment

by:CCB-Tech
ID: 34917877
Okay, that's not a problem at all. Truthfully I wasn't real concerned, but it is best to keep things as lean as possible. Thanks for all your help on this!
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question