A VMware VirtualCenter Design Flaw?

June 19th, 2008 by Adnan Hindi

forest_image Here is an interesting little obstacle we ran into when setting up our virtualization environment.

We found that when we were in VMware VirtualCenter, we can add permissions via the inventory datastore & networks view but once we did that there was no easy way to view or delete the permissions within the same view. You need to go back and navigate the hosts/clusters view, one at a time, in order to view where these permissions showed up and if necessary delete/modify them one at a time as well, or check where that role is applied within the administration/roles view.

While this might work for small environments or for a couple of administrators, it absolutely wouldn’t work for large environments with hundreds of hosts or thousands of virtual machines or a complex resources structure with complex storage. Or what about environments with multiple administrators? One administrator makes a change to permissions, but the next administrator has no idea and a change to permissions here cascades through and impacts all VMs in that datacenter. Sounds like a good way to shoot yourself in the foot!

So is this a design flaw? Was the point of the “Add Permissions” feature for datastores and networks to prevent users from getting to those datastores/networks? Or was it to maybe give the appearance of ACL functionality? Or something like a poor man’s quota management? And if you’re going to let administrators add permissions in a view, why not let them view and delete just as in the other views?

Does anyone know why this feature is even available here for datastores and networks in VirtualCenter without really taking the feature all the way? Maybe I’m not seeing the forest for the trees at the moment but if you know or have used this, please do share…

Popularity: 6% [?]

2 comments June 19th, 2008

2 Comments Add your own

1. rdg | July 3rd, 2008 at 6:23 am

I stumbled upon this “design miracle” today – it’s definitely good I did while making a test run in a lab. Moreover – when you add permissions in Datastore/Network view you can overwrite any others you had at Datacenter level without being informed of it. That may be non-issue with small sites, but VMWare is definitely targeting the big datacenters.

Definitely should be fixed.

Reply
2. shanrhodes | January 3rd, 2009 at 6:58 am

I had just came a great MS Hyper-V resource. It show a step-by-step how to do Hyper-V

installation.It even introduce you to how to use all the advanced features of hyper-V like

MSCS, Quick Migration, & Snapshots.Check it out: MS windows 2008 Hyper-V important information

Reply

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post | Subscribe to the comments via RSS Feed