Setting permissions for ControlUp in VMware vCenter

In order to connect your vCenter Server to ControlUp for monitoring purposes, it's highly recommended to create a special dedicated user (Service Account) in Active Directory and assign it with privileges in vCenter Server that will be used only for this purpose.  

In this article we'll explain how and where to create the user and what permissions will be needed in order to preform tasks in the ControlUp Console. 

First step is to create a user in your Active Directory. Example for username: CU_VMware

**If you already have a service account that you want to use with CU it's also possible. You DO NOT have to create a special user just for ControlUp.

2nd step - login to your vSphere Web Client and go to(>) clusters.jpgHosts and Clusters and select the root folder (vsphere.png) > Manage > Permissions > click on 2018-04-16_12-13-19.jpgand add the user we've created. (CU_VMware)

**Make sure that the correct domain is selected when searching for CU_VMware.

 ** If you wish to exclude specific vSphere Clusters from ControlUp, you will need to change the permission on the root folder (vsphere.png) to -No Access- role and then on each Cluster that you DO want to see in ControlUp, highlight the Cluster > Manage > Permissions > add the CU_VMware with Read-Only role (or a custom vCenter role that you created) 

There is two kinds of roles that you can assign the user. It can be either the built-in vCenter "Read-Only" role which will give you the ability to view ALL the virtual machines running on a specific vSphere cluster via ControlUp and the other role is a custom role that you create in vCenter Server and assign it with certain permissions to preform actions (as the image below)

 

VM.jpg

 

** If you would like to know how to create a new custom vCenter role - click here

vCenter Server privileges required to utilize the ControlUp Console actions under “VM Power Management” are located in Virtual Machine > Interaction > Power Off \ Power On \ Reset (attached image for example.)

power.jpg

3rd step - go to vms.jpgVMs and Templates > Manage > Permissions and add CU_VMware with No Access permissions. 

At this point only Clusters that you've allowed the user to view should be in the ControlUp Console. 

Note - if you're still not seeing VM's in your grid - confirm that "Show Agentless Managed VMs" is checked. 

vms.jpg

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request
Powered by Zendesk