HP Matrix Operating Environment 7.3 Update 1 Installation and Configuration Guide for Provisioning with Virtual Resources

ManualsBrandsHP ManualsSoftwareHP Matrix Operating Environment w/Insight Control 24x7 Supp Tracking Lic

161

162

163

164

165

166

167

168

169

170

A Configuring vCenter server accounts

To manage ESX resources through a vCenter Server, authorization and credentials are required

for server discovery of the vCenter server and for virtual resource operations. The discovery process

is described in Chapter 6 (page 56)and the virtual machine environment settings are described in

Chapter 7 (page 64).

The credentials for both discovery and virtual resource operations may be the same or different

depending on the security requirements in your environment. In some environments you can use a

single set of credentials with full administrator privileges to the vCenter Server—if so, you do not

need to configure any specific permissions.

Other environments require you to use a non-administrator account for virtual resource discovery

and management. Follow the instructions here to configure the required permissions.

vCenter Server non-administrator required discovery permissions

HP SIM must generate a UUID to identify the vCenter server. This UUID requires at least a machine

readable serial number supplied through either SNMP or WBEM/WMI protocols. The discovery

process attempts to use both protocols using the credentials defined in the discovery task for the

vCenter Server.

To properly configure the vCenter server for SNMP:

• Install SNMP services.

• Configure SNMP community names and then use those names in the discovery task.

• Allow SNMP packets from the CMS host.

• Set SNMP firewall permissions.

To configure the vCenter server to accept WMI protocol queries from the CMS:

• Create a Windows user or group to execute WMI queries.

• Give the Windows user or group COM security Launch and Activation Permission for both

local and remote access.

• Grant the Windows user or group Execute Methods, Enable Account, and Remote Enable

permissions on the WMI CIM namespace root and all subnamespaces.

• Set firewall permissions for DCOM and WMI.

Review the Microsoft article on the interaction of UAC and WMI to determine which account to

use and whether to disable UAC on the vCenter server at:

http://msdn.microsoft.com/en-us/library/aa826699(v=vs.85).aspx

vCenter server non-administrator required role permissions

1. Create a user account on the vCenter server.

2. Login to vCenter server using the vSphere client through Administrator privileges and add a

new role which has the following permissions set in Home→Administration→Roles→Add Role.

• DVPortgroup.Delete

• DVPortgroup.Modify

• DVPortgroup.ScopeOp

• DVSwitch.Delete

• DVSwitch.Modify

• DVSwitch.PortConfig

• Datacenter.Create

• Datacenter.Rename

• Datacenter.Delete

vCenter Server non-administrator required discovery permissions 169