More Fun with Granular Permissions

Navigating vCenter’s permissions puzzles to create granular rights for users within the same DRS Cluster.

Currently, the DRS Clusters in our development lab consist of machines belonging to multiple teams.

The original Lab Admin grouped the ESX Servers according to machine model number (presumably to facilitate easier vMotion i.e. sans Enhanced vMotion Compatibility). Thus, ESX Servers from different teams belong to the same clusters.

The Lab Owner would like me to make permissions as granular as possible so that non-admins will be able to create\delete, migrate, and power on\off the VMs that belong to their respective teams, only. Continue reading “More Fun with Granular Permissions”

High Availability in VMware Environments

Information regarding HA solutions for your VMware environment.

Congratulations! You successfully designed your VMware Environment including your high-speed Fibre\iSCSI SAN that connects your powerful servers to the latest and greatest disk arrays.

You are capable of running hundreds of VMs simultaneously without so much as a blip in vCenter’s Resource Monitors.

The Backup Administrator in me can’t help but ask “What is your Disaster Recovery plan?”  i.e. What happens if the cleaning crew accidentally causes a break in one of those Fibre cables in the middle of the night?  Of course, that never happens….right? Continue reading “High Availability in VMware Environments”

How-To: Grant VM Creation Rights with Granular Permissions

Video showing details on how to grant granular permissions to create VMs without giving them too much authority on Hosts and VMs that they do not own.

A User was recently granted Admin rights to his vSphere Server.  However, when he logged into vCenter, he still did not have the necessary rights to create VMs or Browse Datastores.  I needed to resolve the problem without giving him too much authority at the Datacenter and vCenter root levels.

After some experimentation, I came up with the solution in the video below.

Let me know what you think:

vShield Product Family

vShield technology can simplify your security management tasks.

On Wednesday, Oct. 27, 2010, I attended a VMUG Webinar featuring Serge Maskalik, Senior Manager of the vShield Team.

It was great to see how committed VMware is about addressing security concerns in virtual environments.

One of the key features of vShield is the capability to allow multiple security zones on the same Host while still ensuring complete separation of communication between the different zones.  This can open up possibilities for improved utilization of host resources by not requiring completely separate hardware for each security zone.

There are also other benefits such as decreased reliance on complicated VLAN setups, which could present logistical concerns in an SRM deployment.

Federal customers are already deploying vShield, and the technology is still undergoing stringent evaluation by Government Security standards to obtain approval for deployment in agencies with even stricter requirements.

I will post more thoughts on vShield as I learn more about the technology.

VMware Certified Professional 4 Home Study Lab

An inexpensive, yet effective, system for increasing practical experience with vCenter and VMware ESX and ESXi

The HP ML 110 G6 server is an excellent platform for preparing for the VCP examination.

Here are the specifications for my test system:

* Intel X3440 Quad Core with HyperThreading (CPU outperforms the other two options: Core i3 and X3430)
* 8 GB RAM (up to 16 GB RAM is supported)
* (2) Intel X-25M 80 GB SSDs
* VMware Workstation 7.0

The total cost of the set up was $1300. However, in hindsight, I did not really need the second SSD, which would bring the price closer to $1100

My VMware Workstation configuration consisted of 4 VM’s:

1 vCenter 4.1 Server
2 vSphere ESXi Servers
1 OpenFiler (for iSCSI storage)

With this setup I was able to test a variety of the features and capabilities covered during the Fast Track course, including vMotion, Storage vMotion, and DRS.

I successfully passed the Exam on October 1, 2010, and part of that success was due, in part, to my lab at home.  Make sure to get lots of hands-on experience!