Lately I haven’t been able to allocate as much time as I’d like towards studying for the VCP5 exam. Hopefully, with my completed projects at work I can ramp up the studies again. This time I began studying security with vCenter Server. The biggest take away, in my opinion, is the creation of privileges and roles. This is an important topic for environments which have multiple VMware administrators.
If you’re following along with my series of notes you will find the following table of contents helpful.
Objective 1.1 – Install and Configure vCenter Server
Objective 1.2 – Install and Configure VMware ESXi
Objective 1.3 – Plan and Perform Upgrades of vCenter Server and VMware ESXi
Objective 1.4 – Secure vCenter Server
Identify common vCenter Server privileges and roles
- vCenter permissions are based on role-based access control (RBAC)
- Three types of roles
- No Access – When assigned to an object, user cannot see that object when logging into vCenter.
- Read Only – Can see the objects but cannot manage them.
- Administrator – Has all privileges.
- Clone the role and give it a new name
- Virtual machine power user
- Virtual machine user
- Resource pool administrator
- VMware consolidated backup user
- Datastore consumer
- Network consumer
- When creating additional roles in vCenter.
Describe how permissions are applied and inherited in vCenter Server
- Apply the role to the highest object in the inventory to which permissions will apply and then allow permissions to propagate to child objects.
- Most specific and most directly applied permissions wins.
- Permission applied directly to an object supersedes a permission that has been inherited.
- Permissions applied to a user supersedes that of which was inherited by being in a group.
Configure and administer the ESXi firewall
- Allow/block services and ports and/or IP addresses.
- By default, blocks all incoming and outgoing traffic except for SSH, DNS, DHCP, and SNMP.