VMware Cloud Director Availability uses the following users and establishes the followings sessions.
VMware Cloud Director Availability Appliance root User Account
- The password must be over eight characters.
- The password must contain digits, upper and lower case letters, and non-alphabetic characters.
- The password cannot match any previous password.
- The password must contain more than four new characters compared to the previous password.
VMware Cloud Director Availability Users
VMware Cloud Director Availability distinguishes administrator users from regular users. To establish a user session with administrator rights, the credentials for both the source and the destination sites must belong to the ADMINISTRATORS or VRADMINISTRATORS group. For example, the single sign-on user Administrator@vsphere.local is a member of the ADMINISTRATORS group.
Service providers manage VMware Cloud Director Availability objects and the local VMware Cloud Director Availability appliances after authenticating as VMware Cloud Director System Administrator users. By default, the System Administrator role has all VMware Cloud Director rights. Users belonging to that role can manage any local and monitor any remote VMware Cloud Director Availability inventory object. To manage VMware Cloud Director Availability objects in the remote site, authenticate as a System Administrator to the remote site.
Tenant users perform disaster recovery operations and manage local VMware Cloud Director Availability objects after authenticating as VMware Cloud Director Organization Administrator users. These users can perform disaster recovery operations in the local site, can manage any local VMware Cloud Director Availability object, and can monitor any remote VMware Cloud Director Availability object that belongs to the VMware Cloud Director organization. To manage remote VMware Cloud Director Availability objects, authenticate as an Organization Administrator user to the remote site.
VMware Cloud Director publishes the predefined global tenant roles and the rights they contain to all organizations. System Administrator users can modify the rights and the global tenant roles from individual organizations. System Administrator users can modify, create, or remove predefined global tenant roles.
For tenant roles, different than the default Organization Administrator, at minimum grant exactly the following rights in VMware Cloud Director:
- General: Administrator Control
- vApp: Edit VM Properties
- vApp: Delete
- vApp: Edit VM Network
- vApp: Edit Properties
- vApp: Power Operations
- vApp: View VM metrics
- vApp: View ACL
- Organization: View
- Organization Network: View
- Organization vDC Network: View
- Organization vDC Compute Policy: View
- Organization vDC: View ACL
- Access All Organization VDCs
- Catalog: View Private and Shared Catalogs
- Catalog: View ACL
- Organization vDC Named Disk: Delete
- Organization vDC Named Disk: Create
- Organization vDC Named Disk: View Properties
- Organization vDC Named Disk: Edit Properties
VMware Cloud Director Availability Users Sessions Extension
Each VMware Cloud Director Availability user session must have a VMware Cloud Director user and a VMware Cloud Director organization associated with the session.
For more information about the sessions and authenticating to remote sites, see Extended Session Authentication in the VMware Cloud Director Availability User Guide.
See the Cloud Service disaster recovery operations that require an extension of the user session in the following table:
|Operation||Incoming Replication||Outgoing Replication|
|Required Session on Source Site||Required Session on Destination Site||Required Session on Source Site||Required Session on Destination Site|
|failover test cleanup||No||Yes||Yes||Yes|