vCenter security - limiting the devs to a Resource Pool

Similar Questions

• Root user cannot create VMS within the Resource Pool after you rename the Cluster

  Currently, vCenter manages two clusters. I renamed a single cluster and the root user seems now are not allowed to create a new Virtual Machine in resource pools to the title of the group with the changed name. I tried to change the name of the cluster to its original name... no luck.

  The root user can still create a VM under the individual cluster nodes, but not in a resource pool.

  The cluster that has not been renamed yet can be managed completely with the root user. Resource pools it allow me to create a virtual machine.

  I found this last issue and checked on each cluster node that the ACEDataRoleId is-1 for each section: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 1031192

  I am at a loss, any help would be greatly appreciated! Thank you!

  I think it's a bug. When I created a new data center and migrate all nodes in cluster about him, the permissions problem I was experiencing did not follow.

  Thank you for your help.

• Get the resource pool structure

  Hello

  I try to get the VMS in our resource pools. We have a pool of resources like this structure:

  Ministere1

  -

  ---

  Dev

  -

  ---

  Level 1

  -

  ---

  Level 2

  -

  ---

  Prod

  -

  ---

  Level 1

  -

  ---

  Level 2

  Department2

  -

  ---

  Dev

  -

  ---

  Level 1

  -

  ---

  Level 2

  -

  ---

  Prod

  -

  ---

  Level 1

  -

  ---

  Level 2

  Running get-resourcepools the output is like this:

  ID name

  =====================

  Resources ResourcePool-resgroup-8

  Tier1 ResourcePool-resgroup-1011

  Level 2 ResourcePool-resgroup-1012

  Ministere1 ResourcePool-resgroup-305

  Prod ResourcePool-resgroup-306

  Tier1 ResourcePool-resgroup-307

  Level 2 ResourcePool-resgroup-308

  Department2 ResourcePool-resgroup-291

  Level 2 ResourcePool-resgroup-770

  Prod ResourcePool-resgroup-294

  Tier1 ResourcePool-resgroup-296

  Level 2 ResourcePool-resgroup-297

  dev ResourcePool-resgroup-767

  dev ResourcePool-resgroup-759

  Tier1 ResourcePool-resgroup-769

  If I get the virtual machines on each resourcepool in the list above, I'd be unable to distinguish if Tier1 is from the branch of a branch of Department2\Prod or Department1\Dev.

  How can I get that information, that is to say, the 'level 1' resourcepool (ResourcePool-resgroup-296) is in which parent resource group.

  Thank you

  Chi

  There are 2 things to consider before attack us the script.

  (1) resource pools can be created in 2 different locations, under a Cluster and a standalone host

  (2) in the vSphere environment, there are some hidden files. One of them is the pool of resources of the parent 'resources '.

  You can find this file under each group and each stand-alone host.

  The script uses a function called Get-RpPath, which makes it much easier to recursively down the structure of resource pool

  The script now prints the hidden folder "Resources" as the beginning but this can be replaced by the name of the cluster or standalone host just above.

  The script begins with the collection of all of the 'Resources' folders that are hidden in your vSphere environment and recursively then descends from the quest of sub-resourcepools.

  $indent = 4
  
  function Get-RpPath{
       param($rp, $level)
  
       Write-Host ($rp.Name).PadLeft($level + $rp.Name.Length, "-")
       foreach($child in $rp.ChildConfiguration){
            $nrp = Get-View -Id $child.Entity
            if($nrp.GetType().Name -eq "ResourcePool"){
                 Get-RpPath $nrp ($level + $indent)
            }
       }
  }
  
  $clusters = Get-Cluster
  $hosts = Get-VMHost | where {-not ($_.ParentId -like "Cluster*")}
  
  $RProot = $clusters | % {
       Get-Inventory -NoRecursion -Location $_ | where {$_.gettype().Name -eq "ResourcePoolImpl"}
  }
  $RProot += ($hosts | % {
       Get-Inventory -NoRecursion -Location $_ | where {$_.gettype().Name -eq "ResourcePoolImpl"}
  })
  
  $RProot | Get-View | % {
       Get-RpPath $_ 0
  }
  

• Where information on permissions, folders, and the stored resource pools?

  Hello world

  Lets guess a virtual Center 2.5 with some ESX 3.5, resource pools, clusters of somes, folders with permissions for some users

  I would like to know where is the information about files, resource pools, permissions and other stored data. In the registry in VC in .ini files?

  The fact is that we are going to migrate to a new Virtual Center but we want to preserve the information on the Organization to avoid retyping all the data again.

  Thanks in advance

  Hello Luis_F,

  Files, Resource Pools, etc. are stored in the database to the virtual Center. Here is a link to a diagram of the U2 virtual Center 2.0.2 schema. There are of course changes in 2.5, but the diagram can help out you.

  Diagram of U2 virtual Center 2.0.2

  Don't forget to use the buttons on the side to award points if you found it useful (you'll also points).

  Kind regards

  Harley stagnate

• VM / resource pool Configuration

  Now that I've answered my own question, and the little light in my head is enabled, I have a better understanding of the relationship between the virtual machines and Resource Pools.  But a follow-up question that I hope that experts can answer that for me is this: after I have create a pool of resources and define the limits of the resources, what I have to change anything on the virtual machines?  In other words, if the virtual machines are configured for unlimited CPU and memory, they are limited by the amount of correct pool?  What would be the reasoning to restrict the VMs and the memory, if I can control it by a pool of resources?  At least for me and please correct me if I'm wrong, if I put limits on virtual machines why I would put in resource pools?

  limits/actions/reservations for the virtual machines are now applied to resources being provided by the resource pool - for example - if you have 10 GB limit set for the pool of resources out of 64 GB of the bunch, it's-if you have a limited memory set to unlimited for the virtual machine in this resource pool the maximum amount of memory for the virtual machine will never be able to get 10 GB is However if the resource pool memory limit has the unlimited value of the virtual machine will be able to go to 64 GB

  If you find this or any other answer useful please consider awarding points marking the answer correct or useful

• N + 1 configuration with 4 physical blades that are assigned to a single resource pool

  I want to be able to define an N + 1 configuration where a resource pool gets the power of equivalent treatment of the 3-blade expandable in the fourth blade. In addition, I want to make it worth the custom action that ensures that the resource pool gets all the time shared four physical hosts in contention.

  Here is the command I use to customize this value. All I need to know is how to customize the number of shares to ensure that he is the owner of all the time the equivalents 4 blades in our cluster.

  Together-ResourcePool - ResourcePool (Get-ResourcePool 'STI WinSTIS Lab"- location xen01) MemReservationGB - 767.795356750488 - MemExpandableReservation 255.931785583496 - CpuReservationMhz 167940 - CpuExpandableReservation 55980 - CpuSharesLevel custom - NumCpuShares? -Confirm

  Please look at the picture to see the stats on the host machine. Thanks in advance for the help.

  As far as I know, the number of shares of CPU of a resourcepool is a relative number you should see with regard to the number of shares of the other resourcepools CPU.

  Chris has a very informative post, with a PowerCLI script on the subject, see Understanding the in VMware vSphere Resource Pools

• DRS rules and Resource Pools

  Is it possible to assign the DRS rules to Resource Pools instead of creating groups of DRS and adding to the DRS group VMs and then creating a rule
  I ask this question because of a problem that I currently have
  I am far from being an expert as you'll see soon and back to the use of support groups
  If it I'll give you my scenario
  I have 4 ESX host in my test group
  2 hosts are connected to zFCP
  And all 4 are connected to independent contractors
  I have a resorce pool call FC and another called ISCSI
  We constantly evolve around VM between these 2 pools
  The highest availability VM remains on the rest on ISCSI FC
  I would like to create a rule that States if a virtual machine is in the RP FC then he must reside on host A and B, and if it resides on ISCSI it can reside on any host
  I realize that there is still other issues involved here as data themselves warehouses
  but it is another matter that he owns the rights
  We migrate VMs and the data store when we leave the virtual machine to another RP 1
  If the rule would be always true
  I would like to hear from you
  on this topic
  for now I just use rules and groups of DRS
  Thank you

  I don't think this is possible from the point of view of rule affinity DRS, as he has no relationship with resources or VM disk pools. This seems to be a single-use resource pools.

  You could probably do with a set of scripts PowerCLI who would check two resource pools and ensure that the virtual machines to the breast have their records on the correct data store and if not do a svMotion.

• use of resource pools

  Hello

  I understand very well how the notion of 'actions '?

  What could someone explain this term compared to other resource pools in the same cluster and with a stand-alone resource pool?

  Or is it all very clear explaining that doc?

  THX

  Actions determine how a resource gets broken when there is a conflict for this resource - lets start at the level of the base of a virtual computer, since the actions for a VM and the Resource Pool work the same way - if you have three Pools of VM/resources each with 1000 equal parts - that the total mass of stocks will be 3000 and each VM/Resource Pool will get 1000-3000 or 1/3 of the total resources available, when there is a conflict - lets say the VM/resource pool has 3000 parts - so now the total mass is 5 000 shares for these VM/resource Betclic so the list of VM resources with 3000 shares 3/5 of the resources and the other 2 VM/resource pools will have 1/5 of the resource when there is a conflict-No if you had a single VM/resources shares pool would not come into play from the pool full-fledged consists this single element.

  numbers used 1000 and 3000 were chosen at random to demonstrate the sharing feature

  If you find this or any other answer useful please consider awarding points marking the answer correct or useful

• Security in the cloud

  I've always had this question in the back of my mind and always there:

  "Who hold the account root on the cloud? AND where the equipment? "

  For a customer who is owner of its hardware and software on its site are the unique root/admin, and that he wants to add, but the cloud changes this understanding. Unless that cloud providers to offer a block of material to the customer who was in turn to (former data centers). So, how can we overcome them?

  DJ

  Hello

  Hello, I assume that firms are in the cloud, because in my experience a lawyer would ask which access to information and it's always a problem.

  Not really, I know that some of those who use the cloud, the key is to understand how to properly use the cloud. For example, some lawyers use Forefront and Microsoft Exchange in the cloud. When using such a service, digital signature of e-mail makes sense but also ensure that critical data do not leave the scene, so a solution like Zscaler DLP can be justified.

  Re: jurisdiction

  You're right, it's a big problem if you are using a cloud that spans the country, but to the United States, not much cover countries and it is almost impossible for your data to be included in another country, this is why you must correctly interagate your Cloud provider to determine the limits of its jurisdiction. The European Union on the other hand can have problems with this.  A recent example is democratic party Canadian, that they wanted to use Salesforce (based in the United States), they have determined if they encryption data before placing it in Salesforce, it meets all of the conditions and that the United States could not decipher at will.  So in this case data on site encryption and placing it in the cloud are a way to work around this possible issue.

  Re: In memory has the keys

  It's true, no way around it if you do the encryption in the cloud, I suggest encryption before you leave your premises and then place it in the cloud. Very powerful in this way. Just to make sure that its usable.

  Remember it is not really on the virtual machine or the cloud itself, but security in the cloud is on the data, yes the cloud, you choose the secondary controls needs such as IDS/IPS, but ultimately it is your data that counts. Therefore, encrypt and sign necessary to confirm the integrity and confidentiality and use well known, encryption mechanisms, like something blessed by your Government which believe me did exhaustive tests and tackles cryptanalytic against it.

  Finally, do your research and due diligence, keep updated with the cloud and data attacks, so that you are prepared for the worst. This kind of intelligence is essential to the continued safety, do not depend on the tool providers to do it for you as you risk your data as such in the end data security is your responsibility.

  Re: Supplier responsibility

  In every cloud provider document I've read in the United States, you assume all risks, not them. There is no sharing of the risks here. It's your data, your responsibility. In the EU, it is a little different because of different laws.

  Encryption and digital signatures are not the end of privacy and integrity but if properly will protect your data. If you stay ontop of the intelligence about the attacks, then you will know also better ways to protect your data.

  Not all solutions of cloud IaaS and maybe if put you up an IaaS, you should consider how data moves, is operated, and know if you can use something like CipherCloud to encrypt/decrypt the data as it leaves your premises for use within your cloud IaaS...

  Best regards

  Edward L. Haletky

  Host communities, VMware vExpert,

  Author: VMware vSphere and Virtual Infrastructure Security,VMware ESX and ESXi in the 2nd business edition

  Podcast: the Podcast for security virtualization of resources: the virtual virtualization library

• can someone change my WZC and the setting of security through the internet?

  can someone change my WZC and the setting of security through the internet? I was watching a video on youtube when my stop comp. and restarted on its own. start and my security program was not able to start, had to uninstall and reinstall to turn back. He told me has encountered a problem and that you must close the program and the program would not close. It comes in a loop. Security found nothing. WZC to capture multiple signals, but now I can't pick up a. right extremist to the modem.

  It seems that if you picked up some malware.  What is the full error message on "antimalware executable?

  I would like to cancel the restoration ago 2 months... it's really too long to rely on system restore.  Too many things have been added in the meantime who is affected negatively by the restoration.

  It is very difficult to say anything from the limited information you provided, but I suggest starting by download, install, update and run a full scan with MalwareBytes Anti-Malware.

  In your answer, in addition to providing the full text of the error messages, provide all of the following:

  What version of Windows, including service pack, do you have?
  What antivirus application do you use?  Is up to date? Have you ever let her subscription lapse?
  What other antimalware applications do you have?
  What is the brand and model of your computer?
  What is the brand and model of your wireless router?

• The remote device or resource does not accept the connection

  I have a desktop computer Windows 7 connected to my router via an ethernet cable, but when I try to go to a website on Google Chrome as Google.ca, loading the page forever without even showing the page. Finally after a long wait, it finally says that the Web page is not available. I tried to go to the Web sites by using Internet Explorer, but occurs the same result. I tried to troubleshoot the problem and it "the remote device or resource does not accept the connection" is detected, but does not set automatically. I have a wireless printer connected to my router which is online and works very well. I can even connect to my router page. But still no access to Web pages don't like my outlook.com and etc. Sometimes a go open the network and sharing Center to change the settings of the card and disable the wired ethernet only to activate it again. It works only a few times, and it's really frustrating, because it is the only computer that does not connect to the internet, even with a ethernet cable. Please find a solution as soon as possible. Thank you.

  Hello Kyle,.

  Your computer is connected to a domain network?

  If your computer is connected to a domain network, then, I suggest you follow the link below to post your query in the TechNet forums, because they have more expertise on this issue.

  Forums TechNet for Windows 7
  http://social.technet.Microsoft.com/forums/Windows/en-us/home?Forum=w7itpronetworking

  Otherwise, try to follow the following suggestions to solve the problem.

  "Internet Explorer cannot display the webpage" error

  Note: Reset the Internet Explorer settings can reset security settings or privacy settings that you have added to the list of Trusted Sites. Reset the Internet Explorer settings can also reset parental control settings. We recommend that you note these sites before you use the reset Internet Explorer settings. Reset Internet Explorer is not reversible, and all the previous settings are lost after reset.

  Also refer to:

  The remote device or resource does not accept the connection

  I hope this helps. Otherwise, feel free to write us again and we will be happy to help you.

  Thank you

• Can I set up a guest account which limits the access to my computer at home.

  I'm going to do a home Exchange next month and want to leave a computer for guests to use.  Can I set up a guest account which limits the access to my computer at home. Specifically, I want to limit the client's access to Internet Explorer so that they can check your e-mails and surf the web.  Is this possible?

  Do NOT enable the guest account. The guest account is NOT designed for occasional access, it is a special system account. It is a security risk because it allows anonymous access on your machine, apart from anything else. This is why it is disabled by default.

  Just create an account user Standard, called 'Visitor', or something like.

  Make sure that the Admin account has a password and tell them it.

  Also, make sure that all users on the computer ALSO have a strong password.

  That's all you need to do.

• IE9 "the remote device or resource does not accept the connection.

  IE9, "the remote device or resource does not accept the connection" appears when you try to open any website. My office to tell me that it is connected but cannot access any www. Meanwhile, my laptop connects fine. I have reset the settings in the internet options does not. I downloaded 'team' to connect (or similar) and asked for a connection and I thought that suspicious so uninstall this program... leaving me without access to the internet... * sigh * please can someone help me?

  Hello

  
  Method 1:
   
  Step 1:
   
  Run the network troubleshooter and see if that diagnoses the problem.
  Using the troubleshooter from network in Windows 7
  http://Windows.Microsoft.com/en-us/Windows7/using-the-network-troubleshooter-in-Windows-7
   
  Step 2:
   
  Reference:
   
  Windows wireless and wired network connection problems
  http://Windows.Microsoft.com/en-us/Windows/help/wired-and-wireless-network-connection-problems-in-Windows
   
  See also:
  How can I troubleshoot network card?
  http://Windows.Microsoft.com/en-us/Windows7/fix-network-adapter-problems
   
  Method 2:
   
  Temporarily disable antivirus programs and firewalls.

  Disable the anti-virus software

  
  http://Windows.Microsoft.com/en-us/Windows7/disable-antivirus-software

  Windows Firewall
  http://Windows.Microsoft.com/en-us/Windows7/products/features/Windows-Firewall

  http://Windows.Microsoft.com/en-us/Windows7/firewall-frequently-asked-questions

  Note: make sure that you enable the antivirus software, other security and firewall after the test programs.

  Warning:
  Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you need to disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software is disabled, your computer is vulnerable to attacks.

   
  Display the results.

• Can I use the total amount of resources (cpu/ram) of two esxi hosts if I place a cluster so that a single VM gets all resources?

  I use vCenter 5.1 with two esxi 5 guests, both exactly the same (Evga SR - 2 pc with two Intel x 5670 each) with the exception of the disk storage. Processor x 5670 a 12 hearts if HT is enabled. Since then, I have 4 of these processors that would be 48 cores. Each processor is clocked at 4 GHz for a total of 16 GHz. Each host would also 24GO of total Yes 48 GB of ram.

  I doubt that this is possible, but what I want to do is to install a virtual machine like Win 7 x 64 and give all these resources to it... all of them (perhaps leave some carrots and ram aside for guests of esxi, of course). This vm is run to 16 GHz? It would be nice if we could create a cluster with a Setup like this and give the "total available resources' for a single virtual machine running on a esxi host.

  I doubt that this is possible because I've tried that before and it wouldn't let me create a virtual machine with this number of nuclei or ram because he said that they were not available or something... as if to suggest that I can only use the total amount of resources to AN esxi host.

  There may be another way I could give this 16 GHz machine?

  Could not assign more resources to a host to a virtual computer.

• Good candidates for the resource pools?

  Hi, I do not currently use resource pools, but often the impression that I should watch more in him.  We have our four node 5.1 cluster 16 web servers (among others in the virtual computer) that are exactly the same and serve the same function.  I was wondering if those who would be good candidates to be added to a pool of resources, so they can take resources needed?  I tend to approve statically the RAM and CPU on these "just in case", but maybe it's stupid, if there is a better way.  Thank you.

  Also consider that if you have no compelling reason to prioritize resources for all virtual machines on one of the virtual computer, then you really don't have a reason to use the resource to all pools.  In this case, each virtual computer will be given some memory he needs on demand, DRS will balance the load between the hosts if a host is out of balance, and there will be fairness when ESXi pray return of VMs pages when there is a conflict.

  Discover the vSphere resources management Guide, you will find everything you always wanted to know about the Pools of resources and any other topic of management resources in general.

  http://pubs.VMware.com/vSphere-51/topic/com.VMware.ICbase/PDF/vSphere-ESXi-vCenter-Server-51-Resource-Management-Guide.PDF