2.7
Table Of Contents
- VMware vFabric Data Director Administrator and User Guide
- Contents
- About VMware vFabric Data Director Administrator and User Guide
- VMware vFabric Data Director Overview
- Managing Data Director Resources
- Resource Management Overview
- Resource Bundles and Resource Pools
- Storage Resources and Data Director
- System Resource Bundle
- Resource Assignment
- vSphere Resource Pools and Data Director
- Viewing Resource Information
- Create the System Resource Pool
- Create the System Resource Bundle
- Monitor Resource Usage
- Create a Resource Pool
- Create a Resource Bundle
- Assign a Resource Bundle to an Organization
- Perform Advanced Cluster Configuration
- Managing Users and Roles
- User Management Overview
- Authenticating Users
- Role-Based Access Control
- Predefined Roles
- Privileges
- Propagation of Permissions and Roles
- Organization Privileges and Permissions
- Add Users to Your Organization
- Add Roles to an Organization
- Grant a Permission to a User
- Modify Organization Security Settings
- About vCenter Single Sign-On
- Register vFabric Data Director with the vCenter Single Sign-On Service
- Import vCenter Single Sign-On Service Users
- Remove vCenter Single Sign-On Registration Before Uninstalling vFabric Data Director
- Building DBVMs and Base DB Templates
- Database Virtual Machine OVA Files
- Deploy a DBVM OVA File
- Disk Configuration for DBVMs and DB Templates
- Build an Oracle, SQL Server, or Empty Base DBVM
- Build a MySQL Base DBVM
- Build an Oracle and SUSE Linux Base DBVM
- Build an Oracle DBVM with a Custom Linux Operating System
- Requirements for the Kickstart File
- Build a Base DBVM with a Custom Operating System
- Create and Validate a Base DB Template
- Database Update Configuration
- Configure a vFabric Postgres Update Chain
- Update an Oracle Database
- Identify Existing Target DBVM
- Create a Base Database VM from an Existing Template
- Apply a Patch to the Base Database Virtual Machine
- Convert a Base DBVM into a Base DB Template
- Validate a Base DB Template
- Assign a Base DB Template to a Resource Bundle
- Enable a Base DB Template
- Configure an Oracle Update Chain
- Update a Database
- Managing Organizations
- IP Whitelists
- Managing Database Groups
- Managing Database Templates
- Managing Databases
- Database Lifecycle
- Requirements for Creating Databases
- Database Creation
- Using Tags
- Managing the Organization Catalog
- Batch Operations and Scheduled Tasks
- Updating Databases
- Database Administration
- Cloning Databases
- Managing Database Entities
- Safeguarding Data
- Backup Strategies
- Backup Types
- Backup Template Settings
- Preconfigured Backup Templates
- Select a Database Backup Template
- Schedule Regular Database Backups
- Create a Database Snapshot
- Recover a Database from Backup
- Import Backups
- Recover a Database from Last State
- Use VMware Data Recovery to Back Up Data Director
- Database End of Life and Backups
- Perform Point-in-time Recovery of Management Server Database
- Add Pre-Action and Post-Action Scripts to the DBVM for Selected Agents
- High Availability and Replication
- Monitoring the Data Director Environment
- Managing Licenses
- IP Pool Management
- VMware vCloud Director Integration
- Reconfiguring Data Director Networks
- Change the vCenter IP Address
- Reconfigure the Web Console Network Mapping or Network Adapter
- Reconfigure the vCenter Network Mapping
- Reconfigure the vCenter Network Adapter Settings
- Reconfigure the DB Name Service Network or DB Name Service Network Adapter
- Reconfigure the Internal Network or Internal Network Adapter Mapping
- Verify Network Settings in Data Director
- Reconfigure the Database Access Network Used by a Database Group
- Modify IP Pool Settings
- Managing SSL Keys and Certificates
- Regenerate Management Server Key and Certificate
- Import Management Server Key and Certificate
- Edit Management Server Certificate
- Regenerate DB Name Server Key and Certificate
- Import DB Name Server Key and Certificate
- Edit DB Name Server Certificate
- Regenerate DBVM Key and Certificate
- Import DBVM Key and Certificate
- Edit DBVM Certificate
- Data Director Troubleshooting
- vCenter Server Stops Responding
- Disk Usage Exceeds Acceptable Levels
- Resource Bundles Become Unusable Because DRS Is Disabled
- Missing Resource Pool
- Troubleshooting for SSL Communication
- Database Cannot Be Connected Using the JDBC Connection String
- Unable to Import or Login Users of the Single Sign-On Service
- Index
In the figure, user Bob is logged in to Data Director and has been granted access to the system and to the
organization Alliance. Bob is also granted the SysAdmin role at the system level, and the DBAdmin role in the
organization Alliance. Bob's SysAdmin role applies to the system level. The SysAdmin role does not propagate
to any organizations. The role DBAdmin in organization Alliance and the role DBAdmin in organization
Benefits are separate roles that apply only within their organizations. Bob has the DBAdmin role in the Alliance
organization but does not have access to the Benefits organization.
Authenticating Users
User authentication is based on user login and password.
User login accounts and credentials are unique in Data Director. This enables managing credentials, roles,
permissions, and privileges for each user based on the user login account.
Create users and passwords in the following ways.
n
A system or organization administrator creates the user account and assigns a password.
n
A user registers for a Data Director account and specifies a password as part of the registration request.
Data Director encrypts the password and stores it with the user information. When the user logs in, that user's
credentials are stored in an HTTP session. Data Director uses the credentials to validate that the user is
authorized to view organization objects (database groups and databases) and to perform tasks.
Role-Based Access Control
Role-based access control enables system and organization administrators to control user access to Data
Director and to control what users can do after they log in. To implement role-based access control, system
and organization administrators associate (or revoke) privileges, permissions, and roles with (or from) user
login accounts.
Users
User logins (users) are unique accounts that enable users to access Data
Director. They include a password and identifying information such as name,
email address, and phone number. Because user login accounts are unique,
system and organization administrators can control each user's access and
actions by granting or revoking privileges, permissions, and roles to or from
the user's login account.
Users can be active or inactive. Inactive users cannot log in.
Privileges
Privileges control all actions in Data Director. They define the allowable actions
within an organization. Privileges apply to particular types of Data Director
objects. For example, you can apply the Stop Database privilege to
organizations, database groups, and databases and apply the Create
Database privilege to organizations and database groups. Privileges by
themselves are not associated with specific objects within an organization.
Permissions
Permissions associate a user and privilege pair with an object in Data Director.
Examples are granting a user permission to start or stop a specific database, to
modify an organization's backup templates, or to create other users in an
organization.
You can grant permissions to users by assigning a role to a user, or by granting
permissions directly to the user.
Roles
Roles are collections of permissions that can be associated with or granted to
users. Roles provide a convenient way to package all the permissions required
to perform a job, such as that of database administrator. Roles apply only to
the entity in which they are created. If you create a role at the system level, it
Chapter 3 Managing Users and Roles
VMware, Inc. 35