vCenter Single Sign-On supports storing the user and group data in Active Directory or locally to the operating system of the machine where vCenter Single Sign-On is installed.

If your vCenter Server has been associated with an Active Directory Server, create a user there, skip steps 3-6 in this procedure, and perform the rest of the steps to configure the new user access to the vSphere inventory.

Procedure

  1. Log in to the VMware vSphere Web Client (VWC) using administrator credentials.
  2. Select Administration (highlighted for emphasis) from the Menu.
    Figure 1. Administration
  3. Click Users and Groups.
    The browser displays a screen similar to the following:
    Figure 2. Users and Groups
  4. Select the SSO domain to which you wish to add the user from the Domain dropdown (e.g., vsphere.local)
  5. Click ADD USER to add a user.
    The browser displays the Add User dialog similar to the following:
    Figure 3. Add User
  6. Complete the fields in the dialog, giving the user the name vla_appliance_user and assigning a conforming password, and then Click ADD.
    The browser closes the dialog and displays the Users and Groups page with your new user added, similar to the following:
    Figure 4. vCenter Users and Groups
    Note: The list now includes the vla_appliance_user user, selected for emphasis.
  7. Click Roles in the Navigation pane.
  8. Click the plus icon in the pane to the right of the Navigator pane (pointed to by the arrow for emphasis).
    Figure 5. Administration - Roles
    The browser displays the New Role dialog.
  9. In the New Role dialog, find and check the following privileges for the role:
    Table 1. Role Privileges
    Privilege List
    Virtual machine -> Provisioning -> Read customization specifications
    The New Role dialog on choosing the Selected privileges should look similar to the following:
    Figure 6. New Role
    Note: vCenter migration feature requires additional privileges for all vCenter servers that will be involved in the migration process.
    Table 2. Role Privileges for vCenter migration feature
    Privilege List
    Datastore -> Allocate space
    Network -> Assign network
    Resource -> Assign virtual machine to resource pool
    Resource -> Migrate powered off virtual machine
  10. Click Next.
  11. In the Role name field, type: VMware LaMa Appliance.
  12. Click Finish to create the role.
    The browser closes the New Role dialog. You should now see the new role in the list similar to the following:
    Figure 7. Roles
    Note: The VMware LaMa Appliance role selected for emphasis.
  13. Click Hosts and Clusters from the Menu.
  14. Click on the vCenter Server you want the VMware VLA to manage.
  15. Click Permissions.
    Your browser displays a page similar to the following:
    Figure 8. Hosts and Clusters-Manage-Permissions
  16. Click the plus icon to add permission.
    Your browser displays a page similar to the following:
    Figure 9. Add Permission
  17. Choose your SSO domain and select the user vla_appliance_user.
  18. In the Role list box, select VMware LaMa Appliance.
    Your browser displays a page similar to the following:
    Figure 10. Add Permission
  19. Make sure the Propagate to children check box is checked.
  20. Click OK.
    This saves the permission.
    Note: If the permission is set not for the vCenter Server you want the VMware VLA to manage then it may result in the absence of the objects in LaMa Virtualization Landscape.

Results

You successfully created new vCenter Server user for the VLA and added required permission for it.