Video showing details on how to grant granular permissions to create VMs without giving them too much authority on Hosts and VMs that they do not own.
A User was recently granted Admin rights to his vSphere Server. However, when he logged into vCenter, he still did not have the necessary rights to create VMs or Browse Datastores. I needed to resolve the problem without giving him too much authority at the Datacenter and vCenter root levels.
After some experimentation, I came up with the solution in the video below.
vShield technology can simplify your security management tasks.
On Wednesday, Oct. 27, 2010, I attended a VMUG Webinar featuring Serge Maskalik, Senior Manager of the vShield Team.
It was great to see how committed VMware is about addressing security concerns in virtual environments.
One of the key features of vShield is the capability to allow multiple security zones on the same Host while still ensuring complete separation of communication between the different zones. This can open up possibilities for improved utilization of host resources by not requiring completely separate hardware for each security zone.
There are also other benefits such as decreased reliance on complicated VLAN setups, which could present logistical concerns in an SRM deployment.
Federal customers are already deploying vShield, and the technology is still undergoing stringent evaluation by Government Security standards to obtain approval for deployment in agencies with even stricter requirements.
I will post more thoughts on vShield as I learn more about the technology.