Monday, March 31, 2014

Part 10 - vCOps Custom UI - Configuring User Authentication & Permissions!

I would begin this post by thanking and welcoming BLUE MEDORA as a new sponsor for vXpress. Blue Medora has been doing some fantastic innovation around IT Infrastructure Management by extending the monitoring capabilities of leading monitoring solutions available in the market. They have done a ton of great work around vCOps by developing content packs which can help you unleash the full value of vCenter Operations Manager. I would encourage you to have a look at how they have changed the landscape of leading enterprise monitoring solutions by clicking on the image below.

"Blue Medora specializes in increasing the value of leading IT infrastructure management platforms. Blue Medora has developed a range of validated/certified integration products that extend the monitoring and management capabilities of IBM, Oracle, and VMware’s market-leading systems management platforms to the world's leading cloud, virtualization, ERP, CRM, enterprise directory, messaging software, and more."

In Part 9 of this this series, I explained the various user authentication options available in vCenter Operations Manager User Interfaces. In the last section of that post we discussed the options around authentication methodology used by Custom User Interface. Here is what I wrote in that article:-

"CUSTOM UI AUTHENTICATION METHOD - The authentication to this UI is a bit tricky and is not as simple as the vSphere UI. I think it was intelligent of VMware for not mapping this with a direct role based access control as Custom Information should only be shared to selective people irrespective of the rights they might have the vCenter Server. By default, only the admin account works in the Custom User Interface. In order to increase this scope, you have an option to integrate vCOps with your current active directory with LDAP integration. You can simply pull in a specific group or the entire organization into vCenter Operations Manager and give them pre-defined roles with pre-canned permissions or create a custom role with customized permissions. This makes things more flexible as this will allow you to share specific content with specific people. For e.g. If you create a Capacity Dashboard for a CxO you would want that you share the same exclusively with the CxOs in your organization and not with administrators. In such a case Custom UI LDAP integration helps as we have the option to share specific dashboards with specific users and also give them controlled rights on those dashboards."

In this post I will continue where I left and I will guide you with step by step instructions to integrate vCenter Operations Manager Custom User Interface with LDAP and then look at various roles & permissions available within the Custom User Interface. Let's have a look at the steps.

1- Login to the vCOps Custom UI with admin credentials.
username - admin
password - admin (default in case you have not changed)

2- Click on the Admin -> Security

3- Under the Manage Security section click on the icon highlighted in the screenshot below. This is the Import from LDAP option which allows you to do the LDAP integration with a directory service such as AD.

4- Click on Add in front of the LDAP Host.

5- Enter the required details as shown in the screenshot below. Click on Load LDAP Groups and click on OK. Do not forget to check the Auto Sync button.

6- On the Next screen click on Lookup. Expand the group from where you need to add users into vCOps Custom UI. In my case, I have created 3 dummy users in my AD. I have assigned the pre-defined Groups to these users. I will discuss these predefined Groups in my next post and also help you create new custom Groups.

Click on OK after making the required selection.

7- Once you click on OK you will notice that the users you selected have been imported and have been placed in the Groups which we assigned to them. (See screenshot).

That's it. You can now log out from the admin account and login as any of the added users from the Active Directory.

I will close this post now and will soon come back with the next part which would speak about the Access Rights in vCenter Operations Manager Custom User Interface!

Till then.. Stay tuned!!

***Share & Spread the Knowledge***

No comments:

Post a Comment