VMware Cloud Community
mhervhin
Contributor
Contributor
‎07-16-2012 12:25 AM

vCenter Server Service Accounts

Hi there,

I would like to ask if there's anyone here in the community who have configured an AD user account to be an administrator of the vCenter Server but cannot login to it interactively using a vSphere Client? What we would like to achieve is to give a service account, for example, a vCOps admin account an administrator role in vCenter Server, but this service account cannot login to the vSphere Client and manage the inventory objects on it?

I would appreaciate any inputs regarding this kind of setup.

Thanks in advance. Smiley Wink

Tags (1)
0 Kudos
5 Replies
iw123
Commander
Commander
‎07-16-2012 12:33 AM

Hi, Just to clarify - you have added an AD account permission at the datacenter level in vcenter, and given it the administrator role, but you are unable to log in using the VI client?

*Please, don't forget the awarding points for "helpful" and/or "correct" answers
0 Kudos
mhervhin
Contributor
Contributor
‎07-16-2012 01:17 AM

Hi  iw123,

Thanks for the prompt answer.

Apologies about the confusion this have made to you. However, what we would like to actually happen is to give an administrator role to an AD account (a service account, for example, vCOps admin or vShield Admin account) on the vCenter Level, but this account will not be able to access the vCenter using the VI client? Hope this makes sense. Smiley Sad

Is there a way to do this kind of setup?

Thanks again.

0 Kudos
iw123
Commander
Commander
‎07-16-2012 01:30 AM

HI,

I'm not sure that this is possible using vcenter permissions - We have blocked access to vi client functionaility before by using firewall rules, but that doesnt really apply to accounts as such. Is there a reason why you wish to block vi client access for that account, but still need admin privileges?

*Please, don't forget the awarding points for "helpful" and/or "correct" answers
0 Kudos
mhervhin
Contributor
Contributor
‎07-16-2012 01:41 AM

Hi iw123,

Thanks again.

Yes, we want to give such service accounts that needs to be integrated to the vCenter Server an administrator privilege in order for the functionalities to work properly. However, for security reasons we do not want to give these accounts a GUI access to the vCenter Server and have control and modify the settings of the inventory objects etc.

I really appreciate your prompt respond to my inquiries.

0 Kudos
iw123
Commander
Commander
‎07-16-2012 01:58 AM

Hi,

There are other things to consider rather than just the VI client access such as powercli, web access etc, as these are other methods in which an account with the administrative role can access and modify objects in vcenter.

*Please, don't forget the awarding points for "helpful" and/or "correct" answers
0 Kudos