I would like to know if it's possible to disable cloning, suspending and snapshotting at the VM level. I have checked out hardening docs and well as some extensive searching for VMX parameters and can't come up with anything.
Thanks in advance!
Welcome to the Community - You will have to do it through permissions by creating a new role and assigning it to the user - this of course is assuming you have vCenter - because vCenter has a much finer granulation in Permissions than the host by itself -
Thank you for the prompt response and the welcome! I was looking more along the lines of at the VM level. So that way if I create a OVF of this VM, once deployed, it won't be cloned, suspended and snapshot'd. I guess you could think of this as an appliance or a single purpose VM.
I understand that at the VCenter level or ESX level, I can restrict user rights, but I was hoping for a VMX flag(s)/parameter(s).
Even with a VMX parameter you would need to disable datastore browsing since the VMX file is easily edited.
Here is a very extensive list of VMX parameters http://sanbarrow.com/vmx.html
Thank you for the response. That was the first list I checked. No such luck there. I know that an admin will have the access needed to reverse this change (if it's done through VMX config) but they will have to go out of their way to re-enable it.
another option would be to create a folder (VM's&Templates), set proper permissions on that folder and move the guests in question into that folder. This way you can do it on a VM by VM basis. Any VM in said folder will have the restrictions.
Lots of great suggestions....THANKS!
I really need something that will travel with the VM itself...like in the VMX file. Any ideas?
With vCenter, you should be able to apply the permissions to the VM itself and as long as the VM is in that vCenetr environment the permissions will stay with the VM.
Thank you for the reply. I think I'm ok for keeping them within the same VCenter.....it's foreign envionrmental portability that's the trick I can't find.