![]() Note: Starting with NSX Advanced Load Balancer version 21.1.4, Preserve Client IP for NSX-T Overlay is supported. The admin can select a VMware Identity Manager (VIDM) or an LDAP user and assign the required roles to it. Local user creation is not allowed on NSX-T. This section discusses the roles required to be assigned to the NSX-T user. Select the VM folder in which the Avi SEs have to be created.Ĭlick on the + sign to add a new permission. Log in to vCenter UI and navigate to VMs and Templates. The Add Permission screen is as shown below: Search for and select the required username (this will be used for authentication in the Avi cloud configuration).Ĭlick on Propogate to children. Log in to vCenter UI and navigate to Global Permissions.Ĭlick on the + sign to add a new permission: Role SummaryĪssign the global and folder level roles, as discussed below: Assigning AviRole - Global If the vCenter admin does not want to restrict VM operations to a folder and wants to assign the permissions globally, a single AviRole can be created with permissions as shown below and applied as Global Permissions instead of creating AviRole - Global and AviRole - Folder. Assign virtual machine to resource poolĬlick on Folder and select the permissions as shown below:Ĭlick on Resource and select the permissions as shown below:Ĭlick on Tasks and select the permissions as shown below:Įnter the Role name as AviRole-Folder and enter a Description, if required.This role restricts the VM operations only to the folder to which the role is applied. It contains the permissions to create an SE folder, create SE VM from template, assign it to a resource pool, and perform operations on the VM like adding devices, powering it on/off, and connecting its vNICs to networks. ![]() This role must be applied to the folder where the admin wants the Avi service engine VMs to be created. Navigate to Administration > Roles as shown below:Ĭlick on the + sign to create a new role.Ĭlick on Content Library and select the permissions as shown below:Ĭlick on Datastore and select the permissions as shown below:Ĭlick on Network and select the permissions as shown below:Ĭlick on Virtual Machine and select the permissions as shown below:Ĭlick on vApp and select the permissions as shown below:Įnter the Role name as AviRole-Global and enter a Description, if required. The AviRole-Global needs the following permissions: It allows the user to upload SE OVF to the content library, allocate space on datastore to create a virtual machine (VM) and assign networks to it. This section discusses the roles required to be assigned to the vCenter user. This article discusses the roles and permissions required by the vCenter and NSX-T users and the steps to configure them. The NSX-T cloud connector interacts with vCenter for Service Engine (SE) lifecycle management, and with NSX-T manager to sync and create objects for networking and security.įor this, the admin needs to configure vCenter and NSX-T user credentials which have required permissions for Avi to be able to perform these operations. Roles and Permissions for vCenter and NSX-T Users Overview
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |