Account permission requirements for VMAN
Virtualization Manager uses a set of credentials created in the appliance, in the Orion Web Console, and your VMs to issue commands and monitor data. These credentials must match to provide communication between VMAN and all VMs (VMware and Hyper-V) and VCenter.
Configure VM permissions
To properly install your products and monitor VMs, you need to set up the following accounts and permissions:
|Account Type||Account Permissions|
|VMAN account||To enable VMAN communication with your virtual environment, create your VMAN account using the same credentials for vCenter for VMware and Hyper-V. See instructions below for creating an appliance account.|
|Orion Platform administrator account||
You need an Orion Platform account that matches credentials with your VMware or Hyper-V installation. Without matching credentials, you will encounter communication and configuration issues.
If you lose access to the admin account, you can read this article Recover an Orion Web Console admin password.
We recommend having your VMware VMs managed by the VCenter. When integrating with VMan, use the VCenter account credentials. All metrics will pull through the VCenter into VMAN for VCenter and all managed VMs.
The VMware user account needs the following permissions:
The Hyper-V account used for data collection must have the Enable Account and Remote Enable permissions.
For more information about enabling account privileges in WMI, see Configuring Distributed Component Object Model and User Account Control.
Create a VMAN appliance account
You can use an existing account if it matches the virtual environment and Orion Web Console accounts.
If the account does not match, create a new account matching that information.
- Log in to the VMAN appliance.
- Click Setup and expand Advanced Setup.
A list of user accounts displays.
Click Add to create a new account, using the credentials currently used for your VMs. For the Role, select Admin.
This account must match the virtual environment and Orion Web Console accounts.
- Click Save.
Configure Orion Web Console account permissions
With the account connections between VMs and the Orion Platform completed, create and manage account permissions for administrators and users as needed for your environment. For example, you may want to limit feature access for network administrators and general IT staff.
Each user or group account can have different privileges applied to it, such as the ability to modify alert definitions or delete snapshots.
You need administrator access to the server to install and integrate VMAN.
- Click Settings > All Settings.
- Click Manage Accounts in the User Accounts section.
- Select an existing user account, and click Edit.
- Modify account information, login options, and tasks as needed.
- To restrict users access to Orion Web Console features, expand the Virtual Infrastructure Monitor Settings.
Select the views to display for VM data in the Orion Web Console. Typically, you do not need to hide VM views from users. These options only affect seeing VM data in the Orion Web Console.
The available options include view names, default, and none. If you select none, the view is hidden from the user.
Select an option to allow or disallow users from VM management tools and functions. These permissions provide native tool features through the Orion Web Console.
For example, general IT staff should not have the capability to delete snapshots or VMs. For those user accounts, select Disallow for Snapshot Management and Delete virtual machines and datastore files.
- Click Submit.