How to add a new user to a customized vCenter Role

The privileges and Roles allow the administrator of a VMware virtual environment to configure a granular security policy defining individual user rights.

For a VMware system administrator it’s good practice to define the user access rights from the vCenter servers. There are several technologies to secure a virtual environment, this time we are going to see how to assign a customized role to an individual user.

In our previous article we talked about how to create a customized Role to which we gave only the privileges to configure the Virtual Machines.

It’s considered a best pratice not to modify the default roles because they can be useful for future reference.

In this article we’ll explan how to create a new user which we’ll assign to a customized Role named VM Configuration Manager.

How to create custom vCenter Server Roles

The VMware vCenter comes with several privileges grouped in Roles by default. The privileges and Roles allow the administrator to configure a granular security policy defining individual user rights.
On the vCenter there are three system roles as follows:

  • No Access
  • Read-Only
  • Administrator

The system roles are permanent. there is no way to modify them. The No Access and Read-Only roles are very useful for restricting user access quickly.

The six default role samples are as follows:

  • Virtual Machine Power User
  • Virtual Machine User
  • Resource Pool Administrator
  • VMware Consolidated Backup User
  • Datastore Consumer
  • Network Administrator

While it is possible use the default sample roles as they are, it’s also possible to use them as a starting point to create custom roles. It’s considered a best pratice not to modify the default roles because they can be useful for future reference.

How to enable Lockdown Mode on VMware ESXi

The Lockdown Mode is a nice feature of VMware ESXi. When an ESXi host is in Lockdown Mode, it will only perform operations coming from the vSphere Server that is controlling it. vSphere Clients and other sources won’t “work”.

The ESXi Shell, the DCUI (Direct Console User Interface) and SSH won’t be affected.

Lockdown Mode has been created to offer improved security in complex virtual environment. It’s really easy to enable the Lockdown Mode from the DCUI.

How to create a vApp on VMware vSphere

VMware vSphere is a very flexible platform, making you able to manage a group of virtual machines and resource pools in a single entity named vApp.

Let’s think about a web application running on a VM. The application also needs a database and other resources running on differente virtual machines. From a service point of view, all the virtual machines are part of the same entity and that’s why vApp exists.

How to configure NIC Teaming on Windows Server 2012

Load balancing and failover (LBFO), also known as NIC Teaming, is a powerful feature introduced by Microsoft only with Windows Server 2012. With previous versions of Windows you could only rely on third party software, a curious limitation.

NIC Teaming allows an administrator to place in a team multiple network adapters being part of the same machine.

Working as a team, the network adapters improve bandwidth and protect from failures, sharing the same IP and network configuration.

The reason is pretty straightforward, if one of the adapters breaks, the others will take care of the local connectivity. Windows supports up to 32 adapters placed in a single team.

How to create a Template from a VM on VMware vSphere

Cloning virtual machines is a common task in virtualized environments, so common VMware created a different type of virtual machine to be used as a Template (and named Template). The difference between a VM and a Template is simple: you can’t power on a Template so you can’t modify it without converting it back to a virtual machine.

When a VM is converted to a template its .vmx file become a .vmtx file.

It’s pretty easy and quick to convert a VM to a template with VMWare vSphere Web Client, just follows these steps.

How to reset NTFS permissions with ICACLS

File and folder permissions are really important to Windows. Sometimes a user may mess with the permissions causing software or even the operating system to work in an undesired way.

There’s a simple way to solve this kind of problems without headaches, using the ICACLS command.

Launch the command prompt as an Administrator and navigate through the tree of folders you need to fix.

Then launch the command ICACLS * /T /Q /C /RESET.

ICACLS will reset the permissions of all the folders, files and subfolders. After a while, depending on the number of file, the permissions will be fixed.

Sometimes, you may need to take the ownership of a tree of folders. You can use the command takeown /R /F * before launching the ICACLS.

Be careful, taking the owenership of system folders may break your operating systems.