jueves, 25 de septiembre de 2014

VMware: Administración de Usuarios, Grupos y Roles en vSphere 5.5

Since Single Sign-On was completely rebuilt from the ground up in vSphere 5.5  I was in a bit of a struggle while configuring roles and permissions for users accessing VMware vCenter.


With Single Sign-On (from here simply referred as SSO) redesign in vSphere 5.5 VMware introduced a new common domain named vsphere.local.
Users authentication is now managed by SSO server and not by vCenter itself. This is because VMware is looking to provide a common authentication platform across all its services. SSO now lets users authenticate into vCenter, vCD and vCO. New products, like vCOps, will probably authenticate users against SSO in their future releases.

So, here's how to create users, groups and manage permissions in vSphere 5.5.

First login to vSphere 5.5 Web Client which, by default, is accessible from this URL:

https://<your_vCenter_Server_IP_or_FQDN>:9443/vsphere-client


Login into vCenter with following credentials:

User: Administrator@vsphere.local
Password: vmware


NOTE: This is the default password for VMware vCenter Server Appliance. If you deployed vCenter as standalone installation you were prompted to choose for a password during installation process.


Go to Roles -> Single Sign-On -> Users and Groups. Click the green New User button to add new users.


Ensure that vsphere.local is set in Domain picker. This is because our users will not be local users but will be authenticated against SSO server.

Now let's create a Group. Move to Groups tab and click New Group button.


Then to add user(s) to this group select the newly created group, click Add Member icon, select user(s), click Add, then Ok.


Finally we need to assign our user(s) or group(s) permissions within our specific product. In this case we assign permissions within vCenter. Permissions are assigned product-wide and not domain-wide this is because a certain user or group could for example retain administrative permissions in vCenter and read-only permissions in vCD.

Go to your vCenter, click Manage -> Permission tab, add button


Click Add, select VSPHERE.LOCAL in Domain picker, choose your group, or user if want to grant permission only to single user and not to entire group, then click Add -> Ok.


Select role for user/group then click Ok.


You can now login with new user's credentials to verify correct permission grant.


Since in this example TestUser is member of TestGroup which has Read-Only permission assigned we can access vCenter and its object but cannot manage/interact with them as expected.


Permissions can be customized to properly fit your specifications. This can be done by accessing Roles -> Access Control -> Roles.

There are two different groups of roles: system roles, which cannot be modified, and sample rolesthat can be edited.

If you need to create a custom role best practices suggest you to clone an existing one and edit the cloned one.

That's all!!

Fuente: 
http://hostilecoding.blogspot.com/2013/11/vmware-users-groups-and-roles.html
http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-72BFF98C-C530-4C50-BF31-B5779D2A4BBB.html

jueves, 18 de septiembre de 2014

Windows 2000 en VmWare vSphere con VmWare tools

Para instalar un windows 2000 en VmWare vSphere hay que primero descargar el paquete e instalarlo:
http://www.microsoft.com/en-us/download/details.aspx?id=20806

Debido a que si no esta instalado no se podra instalar vmware tools.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2007120

Para instalar vmware tools hay que seguir los siguientes pasos:

Procedure
  1. Select the menu command to mount the VMware Tools virtual disc on the guest operating system.

    vSphere Client – Inventory > Virtual Machine > Guest > Install/Upgrade VMware ToolsvSphere Web Client – All Actions icon > Configuration > Install/Upgrade VMware Tools
  2. If you are using vCenter Server and are performing an upgrade or reinstallation, in the Install/Upgrade VMware Tools dialog, selectInteractive Tools Installation or Interactive Tools Upgrade and click OK.

    The process starts by mounting the VMware Tools virtual disc on the guest operating system.
  3. If you are installing VMware Tools for the first time, click OK in the Install VMware Tools information screen.

    If autorun is enabled for the CD-ROM drive in the guest operating system, the VMware Tools installation wizard appears.
  4. If autorun is not enabled, to manually launch the wizard, click Start > Run,type D:\setup.exe, where D: is your first virtual CD-ROM drive, and click OK.
  5. Follow the on-screen instructions. To install nondefault components, select the Custom setup.
  6. If the New Hardware wizard appears, go through the wizard and accept the defaults.
  7. When prompted, reboot the virtual machine.
After the installation completes, the VMware Tools label on the Summary tab in vCenter Server changes to OK.

Prerequisites
  • Power on the virtual machine.
  • Verify that the guest operating system is running.
  • For vSphere virtual machines, to determine whether you have the latest version of VMware Tools, in the vSphere Client inventory, select the virtual machine and click the Summary tab.
  • If the guest operating system is a Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, or Windows 7 operating system, log in as an administrator. Any user can install VMware Tools in a Windows 95, Windows 98, or Windows Me guest operating system.

Fuente:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2007120
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2004754