XenServer Management on Steroids with SCVMM 2012 Part 4
In Part 3 we discussed how to create your Private cloud. Now that we have it created, it’s time to assign resources, and Create roles for your Private cloud. Creating roles is really where we start digging into Delegation of administration. One of the lacking features in both XenServer 6.0.2, and even in the newly shipped version 6.1. To recap, XenServer has delegation of administration but it’s pool wide!
Assigning Resources to your Private Cloud
1. Now that your have you’re newly created Private Cloud, you will need to Associate Virtual Machines to it. This can be done in a few simple steps. Under the “VMs and Services” section of the SCVMM console, once you’re in the section right click on a Virtual Machine of interest and select properties as seen in Figure 39
Figure 39– Assigning Resources to your Private Cloud
2. Once the Virtual Machine Properties dialog comes up look for the “Cloud” section which is shown below in Figure 40. Click the drop down, and select the Private Cloud which you would like to associate this resource with than click “OK” to continue.
Figure 40– Assigning Resources to your Private Cloud
3. Now that you assigned a virtual machine to your Private Cloud, it’s time to check to see if it was assigned successfully. Under the “VMs and Services” section in the SCVMM console, click your Private Cloud, in this case it’s “School ABC” and you will see to the right our VM we just assigned is shown below in Figure 41
Figure 41– Assigning Resources to your Private Cloud
This completes the Assigning resources section. It’s that simple!
Defining roles
Before we can present the newly created Private Cloud to your dedicated admin’s we need to define roles, and there specific properties, which consist of Members, Scopes, Quotas, Resources, and Actions.
1. First up, we need to create a new user role which will be used to provide the delegation and self service functionality. As you can see Figure 42 our first step is to click the Settings option which is on the left viewing pane. This will bring us to the SCVMM settings section.
Figure 42 – Creating a User Role
2. Once we are in the settings section, you will see at the top of the screen the option to “Create User Role” which is shown in Figure 43click this to open up the “Create User Role Wizard” dialog box.
Figure 43– Creating a User Role
3. Enter a Name and Description for your new role as seen in Figure 44.
Figure 44 – Creating a User Role
4. As you can see below in Figure 45, there are three different profiles you can attach to a specific role. For purposes of this article and use of the self-service functionality with App Controller we are going to go with “Self-Service User” than click “Next.”
Figure 45 – Creating a User Role
5. Here is where we add the Member’s for our newly created role. We can add both user’s and Groups. Click “Add” than proceed with choosing your User/Group. As shown in Figure 46 I chose to add an Active Directory group, which was prefixed with the school name, and the type of role.
Figure 46 – Creating a User Role
6. Our next step is to define the Scope for your newly created role. So basically all actions defined here can be executed on ONLY the selected private cloud’s. So in the example in Figure 47 “School ABC VM Admins” will have exclusive access to “School ABC” private cloud.
Figure 47 – Creating a User Role
7. You will notice if the scope you selected in Figure 48 has a assigned quota from back in Figure 35 above it will be shown under the “Available Capacity” section.
Figure 48 – Creating a User Role
8. In the Resources Tab this is where you can assign resources to your role. Basically this is where you assign “Virtual Machines” for your role to be applied to. Refer back to the “Assigning Resources to your Private Cloud” Section” above for how to assign a Virtual Machine to a Private Cloud. Click “Add” shown in Figure 49
Figure 49 – Creating a User Role
9. Resources shown below come from the “Scope” section of the “Add User Role” wizard. All Virtual Machines that you assigned to your “Private Cloud’s” will show depending on the scope’s you have selected. As you can see below in Figure 50, the Two Virtual Machines shown in Figure 41above match what’s shown under the “School ABC” Private Cloud. Once your select your resources, click “OK” to continue.
Figure 50 – Creating a User Role
10. Once you select “OK” from step 9, you will see the two Virtual Machines added which are shown below in Figure 51. Click “OK” to continue on.
Figure 51 – Creating a User Role
10. Under the Actions section is where you define the permissions which your allowing the delegated administrators defined in the “Members” section can have access to. Remember this “Role” is applied to your “Resources” which you defined in step 9. In Figure 52you can see I just allowed the “CheckPoint” “Deploy” “Pause and Resume” “Remote Control” “Shutdown” and “Stop” Actions. Once your finish, select “Next” to continue.
Figure 53 – Creating a User Role
11. In this section, if your role requires a Run As account, please add it here by clicking the “Add” button, than click “Next” to proceed. The Run As section can be seen below in Figure 54
Figure 54 – Creating a User Role
12. Displayed in Figure 55is the Summary for your new defined User role. Verify all of the settings displayed are correct. If they are select “Finish” to complete creating the role.
Figure 55 – Creating a User Role
13. To Verify that the user role is created selecting “Settings” in the SCVMM console side pane and select “User Roles” As you can see below in Figure 56 the “School ABC VM Admins role” exists. This means our new role was created successfully.
r
Figure 56 – Creating a User Role
That’s it! You now have resources assigned to your private cloud and a delegated group based on the specific permissions you allowed. This will allow for user’s in the “School ABC VM Admins” group to ONLY see resources in the School ABC Private cloud. This fill’s the delegation of administration gap which is lacking in XenServer. Next up is Part 5, Configuring App Controller 2012 – Self-Service This is where we tie all of the previous step’s together to create our self-service portal where the delegated admin’s will be able provide admin and self-service functions.
As always, feel free to comment and make suggestions. I look forward to your feedback!
Leave a Reply