vCenter Roles and Privilages

Role and Privileges

Vcenter privileges are fairly different than the  Active directory (Discretionary access control ) . vCenter uses role based access control - RBAC .

There are three type of roles 

• System
• Sample
• Custom 

System Roles

There are 3 type of system roles these are default and cannot be changed

• NO access  - User cannt see the object
• Read Only - User can see the object but right click options are grayed out
• Administrator - users have all the privilege on the object

Sample Roles : default sample roles are 

• Virtual machine power on 
• Datastore consumer
• Network consumer
• Virtual Machine User
• Resource Pool administrator
• vmware consolidated backup user

Note : Its advised not to change the Sample roles . Its better to clone the roles and apply to the object

Custom Roles:

When you create additional roles in the vCenter are called custom roles.

How Permissions are applied and inherited ?

• Permissions applied on the objects supersedes a permission that is inherited
• Permissions applied on the user supersedes permission which is inherited from being part of a group.

Examples :

• User A - has admin access on DataCenter and No Access on VM1.Result  : This implies User A can see and modify all the objects under the datacenter but he cant see VM1

• Group_A - Power on VMGroup_B - take SnapshotUser_A - Memeber of Group_A and Group_BUser_B- Group_AUser_C- Group_BResult : User_A can power on and take snapshot of all the vmsUser_B - Can take snapshot of vms but cant power on the vmUser_C - can only power on the machine
  
• Group_A : Administrator
  Group_B: Read only VM2
  User_A : Group_A , Group_B
  User_B : Group_A
  User_C: Group_B
  Result : User_A : Can see and perform admin activity on all the objects accept VM2
  User_B : Has Administrative privilege on all the object including the vm2
  User_C : Can see only VM2 , no other objects in the datacenter
  
• Group_A - Power on VMGroup_B - Take Snapshot
  User_A - ReadOnly on Datacenter
  Result : Even though user is part of both groups A and B , user will be able to see only the objects but all the options will be grayed out.

Multiple Page files - single volume

Using GUI , you can define only one page files for each volume. It is possible to create multiple page files for a single volume , it can be done by modifying registry . 


To create multiple paging files on one volume 

• On the drive or volume you want to hold the paging files, create folders for the number of paging files you want to create on the volume. For example, C:\Pagefile1, C:\Pagefile2, and C:\Pagefile3.
• Click Start, Click Run, type regedit in the Open box, and then click OK.
• In the left pane, locate and click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\MemoryManagement
• Find the Pagingfiles value, and then double-click it to open it.
• Remove any existing values, and add the following values:
  c:\pagefile1\pagefile.sys 3000 4000
  c:\pagefile2\pagefile.sys 3000 4000
  c:\pagefile3\Pagefile.sys 3000 4000
• Click OK, and then quit Registry Editor.
• Restart the computer to cause the changes to take effect.

Vmware Standalone converter

Vmware Standalone converter - This VMware product is used to convert

1. Physical to virtual 
2. virtual to virtual 
3. Import virtual machines hosted in the workstation or Hyper V.
4. Import third party backup machine which can be managed by vCenter .

This is a free product which can be downloaded from vmware website . Alternative to this Plate Spin can be used to Physical to virtual machine conversion which is of-course a paid product.The latest version of stand alone converter is 5.1.

Components

1. Converter Standalone server : Consists of two services , Converter Standalone server and Converter Standalone worker.
2. Converter Standalone agent : installs on the source physical machine to import to virtual machine. you can always choose uninstall the agent from physical machine once the import it complete.
3. Converter Stand alone Client : Converter Standalone server works with client. It consists of user interface for server which provides  access for conversion and configuration wizard

How the converter works : 

• Stand alone converter uses cloning and system re-configuration steps to create and configure the destination virtual machine so that it works successfully in the vCenter environment.Migration process is non-destructive for the source machine so you can continue using the source machine after conversion completes

• Cloning process is copying of Physical volumes to destination virtual machine.Cloning involves copying the data from source machines hard disk and transferring the data to destination virtual machine. The Destination machine can have different geometry size, file layout and other characteristics.

• System reconfiguration adjusts the migrated operating system to enable the function on virtual hardware/

 NOTE :  if you want both the source and destination machine to co -exist , you have to change the IP address and the computer Name.

HOT CLONING OF PHYSICAL MACHINE

Using the converter you can perform hot cloning , ie converting the physical machine when its running . It will allow you to convert the virtual machine without shutting down the source . 

How is works?

As the process is converting the running virtual machine , resulting virtual machine is not exact copy of the physical machine. While converting windows physical machine , you can set the converter to synchronize the destination virtual machine after hot cloning. Synchronization is performed from source to destination the blocks that were changes during  the initial cloning period.To avoid loss of data the standalone converter will shutdown certain services so that no critical changes are made at the source machine.

Stand alone converter can shutdown the source machine once the conversion / import is completed.When combined with Synchronization , the virtual machine can take over the source with least possible downtime . 

NOTE : when you hot clone dual boot systems , you can clone only the default operating system to which boot.ini file points . To clone the non-default OS you need to change the boot.ini file . For Linux , you can boot it and then clone using stand alone converter.

REMOTE HOT CLONE THAT ARE RUNNING WINDOWS

• Standalone converter installs the agent on the source machine and agent takes snapshot of the volumes.i.e VSS snapshot feature of windows is used.
• Standalone converter create the destination machine and copies the volumes from the source machine to destination machine.
• Agent installs the required drives to allow the operating system to boot in a virtual machine and personalize the virtual machine. ex change the Ip address.
• optionally uninstall the agent on the physical source machine.

Pre- requisite : 

• Turn of Simple file sharing at the source machine 
• Ensure file and print sharing is not blocked in the firewall
• Sys prep should be installed on the Standalone converter server - used for guest customization. If guest OS is windows 2003 , sys prep should be copied to %ALLUSERSPROFILE%\Application Data\VMware\VMware vCenter Converter Standalone\sysprep\svr2003 .

HOT CLONING OF LINUX MACHINE 

Unlike windows , there are no agents installed on the source machine . instead of that a helper virtual machine is created at the destination , ie esx/i host .

Working ??

• The converter creates a empty helper virtual machine at the destination which will be used as the container during the migration. The helper machine boots from the ISO file that is located on the converter standalone server

• Helper machines connects to the source using SSH and starts retrieving the data from source, you can always select the source volumes that need to be copied .
• Once copy is completed , destination virtual machine is reconfigure to boot as virtual machine.
• Converter stops the helper machines once the conversion.

DATA CLONING 

Volume Based - 

• Volumes are copied from source to destination . 
• All the dynamic files are read but converted to basic disk at the destination . 
• There are two type File System level and Block level. File level is used when destination disk is smaller than the original disk or when FAT volume is re-sized. Block level is used when preserve or larger volume size is selected for NTFS source volume.
• Supported for import existing virtual machine and hot cloning.

DISK Based

• Supported for import of existing virtual machine.
• Transfers all the sector from all the disk and preserves the volume metadata.disk properties are same as the source
• Supports both basic and dynamic disks

Linked Clone 

Is the fastest method of cloning..

SYSTEM SETTINGS AFTER CONVERSION

Following source computer settings are not changed 

• Operating system settings i.e computer name , security ID , user accounts , profiles.
• Application data and data files
• Volume serial numbers for each disk partition.

Changes after conversion 

• CPU Model and serial number 
• Ethernet adapters
• Graphic Cards
• Disks and Partitions
• Primary disk controllers

PORT REQUIREMENT

P2v of Linux Machine

V2VWindows Machine

P2 V Window Machine

LIMITATIONS

• Converter Standalone cannot detect any source volumes and file systems that are located on physical disks larger than 2TB.
• Hybrid disk cloning are not supported 
• Synchronization is supported only for volume-based cloning at the block level and Scheduling synchronization is supported only for managed destinations that are ESX 4.0 or later.
• When you convert a virtual machine with snapshots, the snapshots are not transferred to the destination virtual machine.

KEDB

• Physical to virtual machine conversion fails at 1 %
  This error is usually caused due to the bad sector in the source machine  and due to VSS error. Analyse and defragment the disks in the source machine and try again. If it doesn't work contact the hardware vendor.