piedthepiper
asked on
Users/Groups in vsphere 5.1 intigration
Currently the devs used a script that uses a single user - security & accountability = bad
1) Setup up a groups system whereby dev1 and dev2 and in future lots of devs can have access to vsphere via Production Domain group membership (ie ability to create/delete vms but only those belonging to/created by their "group")
NB: This would also give users like dev1/dev2 the ability to log into vsphere to see vms created etc.
My initial thought is an AD group, but I am not sure how to proceed past that?
Its a 5.1 vSphere environment
1) Setup up a groups system whereby dev1 and dev2 and in future lots of devs can have access to vsphere via Production Domain group membership (ie ability to create/delete vms but only those belonging to/created by their "group")
NB: This would also give users like dev1/dev2 the ability to log into vsphere to see vms created etc.
My initial thought is an AD group, but I am not sure how to proceed past that?
Its a 5.1 vSphere environment
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is it possible to link a folder to a specific Cluster or resource pool?
So if they create a vm in that folder, I know it will go to the Dev cluster or dev resource pool?
So if they create a vm in that folder, I know it will go to the Dev cluster or dev resource pool?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What about creating a cluster folder?
and assign rles/permissions to that folder, so they can only access that cluster?
for example a dev cluster?
and assign rles/permissions to that folder, so they can only access that cluster?
for example a dev cluster?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In the web client it is possible to create a hosts and clusters folder, you cant do this in the thick client from what I can tell, so this is a 5.1+ feature.
Could I create a hosts and clusters folder called Dev and add those hosts to it, and then give the developers AD group access to it with the correct vcenter permissions.
So that way they could only get access to those resources in that folder?
This way they have access to a finite set of resources and there is no chance of it impacting production?
Could I create a hosts and clusters folder called Dev and add those hosts to it, and then give the developers AD group access to it with the correct vcenter permissions.
So that way they could only get access to those resources in that folder?
This way they have access to a finite set of resources and there is no chance of it impacting production?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This may end up being something like vCloud, although they are unsure yet
ASKER
Please dont say resource pools lol