Jake Martin, Blue Medora
VMware’s vRealize Operations (vROps) takes advantage of user accounts and security in a number of different ways. Secure monitoring and varied access to particular sections of information by managing user permissions are just a few of the options available that we will discuss.
The majority of vRealize Operations management packs require a service or admin account to authenticate to the internal vROps REST API. The default admin account can provide this functionality, but is not considered ideal for network security.
Figure 1 – Using the default vRealize admin account for authentication
Creating a Service Account
The more ideal situation is to create a service account, whose only purpose is to authenticate to the internal REST API. This, as well as all user configurations within vROps, can be accomplished within the Access Control tab, which can be reached by navigating to Administration then Access Control as seen below in Figure 2.
Figure 2 – The Access Control tab of vROps
User Permissions with Groups
Another useful configuration is groups. These can be accessed by navigating to Administration -> Access Control -> User Groups. With groups you could, for example, add all of the members of the data center team to a single group, then allow that group access to all NetApp dashboards and alerts, but deny them access to SAP dashboards and alerts. In this way, when a data center user logs into vROps they are only presented with alerts pertaining to NetApp.
Figure 3 – User groups in vRealize Operations
User Permissions with Roles
If groups are too broad of a configuration or if you want to customize access even further, vROps Roles could be the answer. Within roles you have the ability to create or modify new and existing roles, granting a wide range of rights and privileges. It is then as simple as assigning a role to a newly created user to grant that user all rights and privileges within it.
Figure 4 – Roles in vRealize Operations
Depending on the desired outcome, one or a combination of these approaches could be used to lock down your vROps cluster and protect your sensitive data. With the user friendly interface, even beginner admins should have no issue customizing the system to suit their needs while still keeping their security on lockdown.