vSphere RBAC Part I : Introduction

vSphere-O&S
maher islaieh

introduction

We have seen in last two articles how to join ESXI host to active directory and how to configure AD authentication on  vCenter application as well VCSA

But all of these configurations  are useless

until

We configure RBAC , so domain users are able to access and manage  vSphere environment [ESXI host and vCenter ]

In this article we  will see how to configure RBAC and test also if domain users are able to manage vSphere environment

VMware RBAC

VMware Role-based access control  RBAC enables Active Directory Domain  administrators to access and Manage vSphere Environment [ESXI and vCenter ]  

. To implement role-based access control, system and organization administrators associate (or revoke) privileges, permissions, and roles with (or from) user login accounts.

RBAC is the security mechanism that can greatly lower the cost and complexity of shared vCenter Server security administration.

 RBAC simplifies security operations by using roles, hierarchies, and constraints to organize privileges.

vCenter Server offers flexible role-based access control to define the roles and privileges for different administrators within the vCenter Server environment.

Roles and privileges in the vCenter Server system can easily be modified and new roles quickly created.

 

 

Network Diagram

For Better View > Open Image in different TAB

please have a look to network diagram above 

we have Active Directory   .pioneers.lab with the following users  

also we 3 ESXI servers

  • ESXI151 with  Built-in Account Root@ESXI151  
  • ESXI152 with  Built-in Account Root@ESXI152 
  • ESXI153 with  Built-in Account Root@ESXI153 
  •  

also 1 VCSA server with the following users  

  • Built-in Account Root@VCSA161 to manage VCSA as operating system  
  • Built-in account Administrator@vSphere.lab to manage vCenter application  

we will Configure AD users to Access and Manage  ESXI hosts VCSA 

 

Conclusion

in this article RBAC Part I we have got an overview about vSphere RBAC 

next articles : we will see how allow Active Directory users  to configure ESXI host 

then we will see how to grant AD users to manage Vcenter application rather than account administrator@vSphere.local 

maher islaieh
http://www.net-pioneers.com

Related Articles

ESXcli Part I : introduction

maher islaieh

vSphere Optimization and Scale : Course Introduction

maher islaieh

vSphere Security : ESXI Certificate with ADCS

maher islaieh