In this article, we will discuss managing users that have access to vSphere for an HPC (Hosted Private Cloud) environment and the different security settings.
Creating a User
We begin with how to create a user in the OVH US Manager. Start by logging in to the OVH US Manager. Then, click on "Hosted Private Cloud" in the left-hand column followed by the name of your HPC environment (e.g., Private Cloud).
At the top of the page click on the "Users" tab followed by the "Create" User button.
Next, you are prompted to fill out a form. Enter a "Name", "Password", and "Email" for the person you would like to grant access to vSphere.
Select the permission you wish to give to the user and then click the Next button.
Finish by clicking the Confirm button.
You have successfully created a new user that has access to vSphere.
Deleting a User
To delete a user, click on the ellipses (...) to the far right of the user in question.
User Permissions & Rights
To edit the front-facing user permissions, select the ellipses (...) to the far right of the user in question.
Click the "Modify" option from the pop-up menu. These options are two-factor authentication (Token validator), the ability to access the interfaces to work with IPs, Failover IPs, and NSX.
To edit the rights of a user for each of your data centers, click the "See/Modify the rights for each DC" option from the pop-up menu. Then, click on the Pencil icon.
The following pop-up menu appears:
The following three areas of access have the following rights:
|None||No access||No access||No access|
|Read-only||Access and ability to read settings||Access and ability to read settings||Access and ability to read settings|
|Administrator||—||—||Manage port groups on virtual switches|
|Provider||Reserved for OVH||Allowed to configure VMs on a public network||Allowed to configure VMs on a private network|
On this page, the Add resources checkbox allows the user to add hosts and data stores to the HPC environment directly from the vSphere web client, instead of via the OVH US Manager.
Click the "Hosted Private Cloud" option in the left-hand column and then select the "Security" tab. The following page appears:
From here, we can administer our security settings.
Let's start with changing the expiry date of connections to the vSphere web client.
Click the Change the expiry date button. As an example, we will have our connections timeout after 30 minutes.
Confirm the change, and you will see it reflected on the Security page.
Click the Simultaneous connections button. From here set how many users are able to login to vSphere web client at the same time. After deciding, click the Confirm button and the changes will be saved on the Security page.
vCenter Access Policy
Here we can decide whether or not to restrict vCenter access. Click vCenter access policy button and choose the option that is right for you. Keep in mind that by default the policy is set to open, which means any IP address can connect to the vSphere web client.
Click Confirm when you are done, and the changes will be reflected on the Security page.
Note: If the policy is set to 'Restricted', then at least one IP address needs to be authorized to access the vSphere web client using the Add IPs button.
With the disconnection policy, we get to decide who gets disconnected in the event that we go over the simultaneous connection limit. The options are to disconnect the first user or the last user who connected to the vSphere web client. Choose which option works best for you and click Confirm button.
Adding and Deleting IPs
By clicking the Add IPs button, we can decide which IPs can connect to the vSphere web client. If we have nothing listed here, all IPs are able to connect.
In our example, we have added an IP and will delete it by selecting the check mark next to the IP.
Next click the Delete IPs button and any selected IPs will be removed.
Now that we have created a user, defined the permissions, and determined the security settings, we are ready to access the vSphere web client. For more information regarding connecting to the vSphere web client, please check out our Getting Started with HPC article.
With the added ability to administer security policies, you can make sure that your environment is in the right hands. Having the ability to create users, delete users, change user permissions, and change security permissions makes it a breeze to keep your OVHcloud HPC secure.