Cloud Management Platform vRealize Operations

User Permissions: Staying Secure with vROps

Jake Martin, Blue Medora

VMware’s vRealize Operations (vROps) takes advantage of user accounts and security in a number of different ways. Secure monitoring and varied access to particular sections of information by managing user permissions are just a few of the options available that we will discuss.

The majority of vRealize Operations management packs require a service or admin account to authenticate to the internal vROps REST API. The default admin account can provide this functionality, but is not considered ideal for network security.

Manage Credentials

Figure 1 – Using the default vRealize admin account for authentication

Creating a Service Account

The more ideal situation is to create a service account, whose only purpose is to authenticate to the internal REST API. This, as well as all user configurations within vROps, can be accomplished within the Access Control tab, which can be reached by navigating to Administration then Access Control as seen below in Figure 2.

Creating a Service Account

Figure 2 – The Access Control tab of vROps

User Permissions with Groups

Another useful configuration is groups. These can be accessed by navigating to Administration -> Access Control -> User Groups. With groups you could, for example, add all of the members of the data center team to a single group, then allow that group access to all NetApp dashboards and alerts, but deny them access to SAP dashboards and alerts. In this way, when a data center user logs into vROps they are only presented with alerts pertaining to NetApp.

manage user permissions with groups

Figure 3 – User groups in vRealize Operations

User Permissions with Roles

If groups are too broad of a configuration or if you want to customize access even further, vROps Roles could be the answer. Within roles you have the ability to create or modify new and existing roles, granting a wide range of rights and privileges. It is then as simple as assigning a role to a newly created user to grant that user all rights and privileges within it.

manage user permissions with roles

Figure 4 – Roles in vRealize Operations

Depending on the desired outcome, one or a combination of these approaches could be used to lock down your vROps cluster and protect your sensitive data. With the user friendly interface, even beginner admins should have no issue customizing the system to suit their needs while still keeping their security on lockdown.