Hyper-V Server: add "read only" users for Hyper-V Manager
We have over a dozen Hyper-V 2008 R2 Servers (standalone, not Server Core or OS role) in our organization. Love it! Great stuff.
That said, the management of Hyper-V Server leaves a bit to be desired at times. To be specific, how can I create "read only" users that can user Hyper-V Manager to connect to our corp Hyper-V Servers, but only to see which virtual instances are running? In other words, user JSmith might have full-control over HVcorp1 server (local admin on that server), but only read-access to the HVcorp4 server. Is this possible? Can they simply be assigned to a local group on the HVcorp4 server -- such as the "users" group?
I found this Technet article which explains some of this functionality, but the process seems unnecessarily laborious.
http://social.technet.micr
Isn't there a better way?? If so, how?
Thanks,
Chumplet
That said, the management of Hyper-V Server leaves a bit to be desired at times. To be specific, how can I create "read only" users that can user Hyper-V Manager to connect to our corp Hyper-V Servers, but only to see which virtual instances are running? In other words, user JSmith might have full-control over HVcorp1 server (local admin on that server), but only read-access to the HVcorp4 server. Is this possible? Can they simply be assigned to a local group on the HVcorp4 server -- such as the "users" group?
I found this Technet article which explains some of this functionality, but the process seems unnecessarily laborious.
http://social.technet.micr
Isn't there a better way?? If so, how?
Thanks,
Chumplet
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would say for deployment it all depends on how critical an application it becomes. I recommend you use a separate physical machine for SCVMM instead of making it a guest VM. The deployment is very straight forward and wizard driven, so if you had a total hardware failure on that box, the most you would lose is any custom deployment images you may have built, and if you are backing those up to tape, you have a simple recovery model. The SCVMM default is to install to local disk with sql express, and then you tell it where your Hyper-V or even Vmware clusters, or stand alone servers are located, and it automatically begins to manage them, so you have full control of VM's and their deployments. the library takes a little getting used to for storing golden image builds, but works well. I would definitely recommend you install the SCVMM SP1 media so you have full dynamic memory support. You can install the Self Service Portal on either the same box or a separate one, its very lightweight.
the self service portal application is on the SCVMM SP1 media for install, but the app and the documentation is here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=fef38539-ae5a-462b-b1c9-9a02238bb8a7&displaylang=en
the self service portal application is on the SCVMM SP1 media for install, but the app and the documentation is here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=fef38539-ae5a-462b-b1c9-9a02238bb8a7&displaylang=en
The article you point to is what we would do.
AzMan is your best friend when it come to getting granular with access permissions.
We manage multiple Hyper-V standalone and clustered servers using native tools. You are not alone. :)
Philip
AzMan is your best friend when it come to getting granular with access permissions.
We manage multiple Hyper-V standalone and clustered servers using native tools. You are not alone. :)
Philip
ASKER
Wow! Just got through getting SCVMM R2 installed, and what a product it is! Just insanely powerful and full-featured, especially compared to the standard Hyper-V Manager console, which is lacking in many ways.
Anyhow, I do have the Self-Service Portal installed and working, but there is a lot for me to figure out there. Looks like a great direction, though.
Thank you for your help :)
Chumplet
Anyhow, I do have the Self-Service Portal installed and working, but there is a lot for me to figure out there. Looks like a great direction, though.
Thank you for your help :)
Chumplet
ASKER
Honestly, I'm somewhat ashamed to say that for all of our Hyper-V Server use around here, we don't actually use SCVMM at all. We do, however, have access to that product by nature of our MSDN Subscription.
Can you help me understand how SCVMM is rolled out? Would I install it onto a stand-alone box that users would connect to? Should the self-service portal be installed on a separate box, or on the same?
Thanks.