Learn how to connect your vSphere with OVHcloud IAM.
This will allow you to:
- Log in to your vSphere using an OVHcloud account.
- Manage your users' rights levels through IAM policies.
- you have an OVHcloud account
- you know how to manage account users
- you know how to configure policies for IAM
Enabling OVHcloud IAM does not deactivate your existing Hosted Private Cloud users. You can still use them to connect directly to the different elements of your Hosted Private Cloud, without going through IAM.
OVHcloud IAM is not available for environments with advanced security and certification options (PCI-DSS, HIPAA).
Enable IAM on your server
You can enable the IAM option on your Hosted Private Cloud from the OVHcloud API. Execute the following call:
This operation may take up to 30 minutes.
Create IAM roles
Once the option is activated, IAM roles are created by default and can be used in OVHcloud IAM access policies.
You can create new roles by executing the following call:
The management of vSphere permissions for each IAM role is carried out as for any other Hosted Private Cloud user, via the API or from the OVHcloud Control Panel.
You can see them in the OVHcloud Control Panel by clicking
Hosted Private Cloud, then your PCC environment, and then on the
Using IAM policies
You can create IAM policies from the OVHcloud IAM menu.
Each IAM role in your Hosted Private Cloud corresponds to an IAM action in the form: "pccVMware:vSphere:assumeRole?role name".
For example, for the iam-admin role, the action is "pccVMware:vSphere:assumeRole?iam-admin".
This action must be specified in the "Actions added manually" section of the policy creation.
Disable IAM on your server
Execute the following call to disable the connection with the OVHcloud IAM: