Installation guide
Table Of Contents
- vSphere Basic System Administration
- Contents
- Updated Information
- About This Book
- Getting Started
- vSphere Components
- Starting and Stopping the vSphere Components
- Using vCenter Server in Linked Mode
- Linked Mode Prerequisites
- Linked Mode Considerations
- Join a Linked Mode Group After Installation
- Reconciling Roles When Connecting vCenter Server to a Linked Mode Group
- Isolate a vCenter Server Instance from a Linked Mode Group
- Change the Domain of a vCenter Server System in a Linked Mode Group
- Configure the URLs on a Linked Mode vCenter Server System
- Linked Mode Troubleshooting
- Monitor vCenter Server Services
- Using the vSphere Client
- Configuring Hosts and vCenter Server
- Host Configuration
- Configuring vCenter Server
- Access the vCenter Server Settings
- Configuring Communication Among ESX, vCenter Server, and the vSphere Client
- Configure vCenter Server SMTP Mail Settings
- Working with Active Sessions
- SNMP and vSphere
- System Log Files
- Managing the vSphere Client Inventory
- Managing Hosts in vCenter Server
- Virtual Machine Management
- Consolidating the Datacenter
- Consolidation First Time Use
- Consolidation Prerequisites
- About Consolidation Services
- Configuring Consolidation Settings
- Find and Analyze Physical Systems
- Viewing Analysis Results
- Converting Physical Systems to Virtual Machines
- Viewing Consolidation Tasks
- Troubleshooting Consolidation
- Negative Impact on vCenter Server Performance
- Windows Systems Not Discovered
- Windows Operating Systems Prevent Guided Consolidation from Collecting Performance Data
- Available Domains List Remains Empty
- Guided Consolidation Erroneously Reports Analysis Disabled
- Disable Guided Consolidation
- Uninstall Guided Consolidation
- Deploying OVF Templates
- Managing VMware vApp
- Creating Virtual Machines
- Access the New Virtual Machine Wizard
- Select a Path Through the New Virtual Machine Wizard
- Enter a Name and Location
- Select a Resource Pool
- Select a Datastore
- Select a Virtual Machine Version
- Select an Operating System
- Select the Number of Virtual Processors
- Configure Virtual Memory
- Configure Networks
- About VMware Paravirtual SCSI Adapters
- Select a SCSI Adapter
- Selecting a Virtual Disk Type
- Complete Virtual Machine Creation
- Installing a Guest Operating System
- Installing and Upgrading VMware Tools
- Install VMware Tools on a Windows Guest
- Install VMware Tools on a Linux Guest from the X Window System
- Install or Upgrade VMware Tools on a Linux Guest with the tar Installer
- Install or Upgrade VMware Tools on a Linux Guest with the RPM Installer
- Install VMware Tools on a Solaris Guest
- Install VMware Tools on a NetWare Guest
- Display the VMware Tools Properties Dialog Box
- VMware Tools Upgrades
- Upgrade VMware Tools Manually
- Configure Virtual Machines to Automatically Upgrade VMware Tools
- Custom VMware Tools Installation
- WYSE Multimedia Support
- Managing Virtual Machines
- Changing Virtual Machine Power States
- Transitional Power States
- Automatically Start or Shutdown Virtual Machines with Host Start or Shutdown
- Configure vSphere Toolbar Power Controls
- Power On or Power Off a Virtual Machine Manually
- Suspend a Virtual Machine
- Resume a Suspended Virtual Machine
- Scheduling a Power State Change for a Virtual Machine
- Adding and Removing Virtual Machines
- Configure Virtual Machine Startup and Shutdown Behavior
- Changing Virtual Machine Power States
- Virtual Machine Configuration
- Virtual Machine Hardware Versions
- Virtual Machine Properties Editor
- Edit an Existing Virtual Machine Configuration
- Virtual Machine Hardware Configuration
- Change the Video Card Configuration
- Change the DVD/CD-ROM Drive Configuration
- Change the Floppy Drive Configuration
- Change the SCSI Device Configuration
- Change the Virtual Disk Configuration
- Change the Memory Configuration
- Change the Virtual Ethernet Adapter (NIC) Configuration
- Change the Parallel Port Configuration
- Change the SCSI Controller or SCSI Bus Sharing Configuration
- Change the Serial Port Configuration
- Change the Virtual Processor or CPU Configuration
- Virtual Machine Options
- Virtual Machine Resource Settings
- Adding New Hardware
- Rescan a Host
- Start the Add Hardware Wizard
- Add a Serial Port to a Virtual Machine
- Add a Parallel Port to a Virtual Machine
- Add a DVD/CD-ROM Drive to a Virtual Machine
- Add a Floppy Drive to a Virtual Machine
- Add an Ethernet Adapter (NIC) to a Virtual Machine
- Add a Hard Disk to a Virtual Machine
- Add a SCSI Device to a Virtual Machine
- Add a PCI Device
- Add a Paravirtualized SCSI Adapter
- Converting Virtual Disks from Thin to Thick
- Working with Templates and Clones
- Customizing Guest Operating Systems
- Preparing for Guest Customization
- Customize Windows During Cloning or Deployment
- Customize Linux During Cloning or Deployment
- Create a Customization Specification for Linux
- Create a Customization Specification for Windows
- Managing Customization Specification
- Completing a Guest Operating System Customization
- Migrating Virtual Machines
- Cold Migration
- Migrating a Suspended Virtual Machine
- Migration with VMotion
- Host Configuration for VMotion
- CPU Compatibility and Migration
- Virtual Machine Configuration Requirements for VMotion
- Migrating Virtual Machines with Snapshots
- Migration with Storage VMotion
- Migrate a Powered-Off or Suspended Virtual Machine
- Migrate a Powered-On Virtual Machine with VMotion
- Migrate a Virtual Machine with Storage VMotion
- Storage VMotion Command-Line Syntax
- Using Snapshots
- Consolidating the Datacenter
- System Administration
- Managing Users, Groups, Roles, and Permissions
- Managing vSphere Users
- Groups
- Removing or Modifying Users and Groups
- Best Practices for Users and Groups
- Using Roles to Assign Privileges
- Permissions
- Best Practices for Roles and Permissions
- Required Privileges for Common Tasks
- Monitoring Storage Resources
- Using vCenter Maps
- Working with Alarms
- Working with Performance Statistics
- Working with Tasks and Events
- Managing Users, Groups, Roles, and Permissions
- Appendixes
- Defined Privileges
- Alarms
- Datacenter
- Datastore
- Distributed Virtual Port Group
- Distributed Virtual Switch
- Extensions
- Folders
- Global
- Host CIM
- Host Configuration
- Host Inventory
- Host Local Operations
- Host Profile
- Network
- Performance
- Permissions
- Resource
- Scheduled Task
- Sessions
- Tasks
- vApp
- Virtual Machine Configuration
- Virtual Machine Interaction
- Virtual Machine Inventory
- Virtual Machine Provisioning
- Virtual Machine State
- Installing the Microsoft Sysprep Tools
- Performance Metrics
- Defined Privileges
- Index
The group lists in vCenter Server and an ESX/ESXi host are drawn from the same sources as the user lists. If
you are working through vCenter Server, the group list is called from the Windows domain. If you are logged
on to an ESX/ESXi host directly, the group list is called from a table maintained by the host..
Create groups for the vCenter Server system through the Windows domain or Active Directory database.
Create groups for ESX/ESXi hosts using the Users and Groups tab in the vSphere Client when connected
directly to the host.
NOTE If you use Active Directory groups, make sure that they are security groups and not distribution groups.
Permisions assigned to distribution groups are not enforced by vCenter Server. For more information on
security groups and distribution groups, see the Microsoft Active Directory documentation.
Removing or Modifying Users and Groups
When you remove users or groups, you also remove permissions granted to those users or groups. Modifying
a user or group name causes the original name to become invalid.
See the Security chapter in the ESX Configuration Guide or ESXi Configuration Guide for information about
removing users and groups from an ESX/ESXi host.
To remove users or groups from vCenter Server, you must remove them from the domain or Active Directory
users and groups list.
If you remove users from the vCenter Server domain, they lose permissions to all objects in the vSphere
environment and cannot log in again. Users who are currently logged in and are removed from the domain
retain their vSphere permissions only until the next validation period (the default is every 24 hours). Removing
a group does not affect the permissions granted individually to the users in that group, or those granted as
part of inclusion in another group.
If you change a user’s name in the domain, the original user name becomes invalid in the vCenter Server
system. If you change the name of a group, the original group becomes invalid only after you restart the vCenter
Server system.
Best Practices for Users and Groups
Use best practices for managing users and groups to increase the security and manageability of your vSphere
environment.
VMware recommends several best practices for creating users and groups in your vSphere environment:
n
Use vCenter Server to centralize access control, rather than defining users and groups on individual hosts.
n
Choose a local Windows user or group to have the Administrator role in vCenter Server.
n
Create new groups for vCenter Server users. Avoid using Windows built-in groups or other existing
groups.
Using Roles to Assign Privileges
A role is a predefined set of privileges. Privileges define basic individual rights required to perform actions
and read properties.
When you assign a user or group permissions, you pair the user or group with a role and associate that pairing
with an inventory object. A single user might have different roles for different objects in the inventory. For
example, if you have two resource pools in your inventory, Pool A and Pool B, you might assign a particular
user the Virtual Machine User role on Pool A and the Read Only role on Pool B. This would allow that user to
power on virtual machines in Pool A, but not those in Pool B, although the user would still be able to view the
status of the virtual machines in Pool B.
Chapter 18 Managing Users, Groups, Roles, and Permissions
VMware, Inc. 215