VMware Cloud Director Availability uses the following users and establishes the followings sessions.

VMware Cloud Director Availability Appliance root User Account

VMware Cloud Director Availability uses the root user account for access to both the virtual appliance console and the management interface. The initial deployment of each VMware Cloud Director Availability appliance sets up this account. The OVF Deployment wizard requires an initial password for the root user account, with an initial requirement being over three characters long. After the initial deployment, VMware Cloud Director Availability forces changing this initial password on the first login by using the root user, with the following requirements for the persistent root user account password.
  • The password must be over eight characters.
  • The password must contain digits, upper and lower case letters, and non-alphabetic characters.
  • The password cannot match any previous password.
  • The password must contain more than four new characters compared to the previous password.

VMware Cloud Director Availability Users

VMware Cloud Director Availability distinguishes administrator users from regular users. To establish a user session with administrator rights, the credentials for both the source and the destination sites must belong to the ADMINISTRATORS or VRADMINISTRATORS group. For example, the single sign-on user Administrator@vsphere.local is a member of the ADMINISTRATORS group.

  • Service providers manage VMware Cloud Director Availability objects and the local VMware Cloud Director Availability appliances after authenticating as VMware Cloud Director System Administrator users. By default, the System Administrator role has all VMware Cloud Director rights. Users belonging to that role can manage any local and monitor any remote VMware Cloud Director Availability inventory object. To manage VMware Cloud Director Availability objects in the remote site, authenticate as a System Administrator to the remote site.

  • Tenant users perform disaster recovery operations and manage local VMware Cloud Director Availability objects after authenticating as VMware Cloud Director Organization Administrator users. These users can perform disaster recovery operations in the local site, can manage any local VMware Cloud Director Availability object, and can monitor any remote VMware Cloud Director Availability object that belongs to the VMware Cloud Director organization. To manage remote VMware Cloud Director Availability objects, authenticate as an Organization Administrator user to the remote site.

VMware Cloud Director publishes the predefined global tenant roles and the rights they contain to all organizations. System Administrator users can modify the rights and the global tenant roles from individual organizations. System Administrator users can modify, create, or remove predefined global tenant roles.

For more information, see System Administrator Rights and Rights in Predefined Global Tenant Roles in the VMware Cloud Director documentation.

For tenant roles, different than the default Organization Administrator, at minimum grant exactly the following rights in VMware Cloud Director:

  • General: Administrator Control
  • vApp: Edit VM Properties
  • vApp: Delete
  • vApp: Edit VM Network
  • vApp: Edit Properties
  • vApp: Power Operations
  • vApp: View VM metrics
  • vApp: View ACL
  • Organization: View
  • Organization Network: View
  • Organization vDC Network: View
  • Organization vDC Compute Policy: View
  • Organization vDC: View ACL
  • Access All Organization VDCs
  • Catalog: View Private and Shared Catalogs
  • Catalog: View ACL
  • Organization vDC Named Disk: Delete
  • Organization vDC Named Disk: Create
  • Organization vDC Named Disk: View Properties
  • Organization vDC Named Disk: Edit Properties
  • Organization vDC Gateway: View L2 VPN
  • Organization vDC Gateway: Configure L2 VPN
Note: VMware Cloud Director Availability requires each and all of the above rights for the correct operation of the tenant user.

VMware Cloud Director Availability Users Sessions Extension

Each VMware Cloud Director Availability user session must have a VMware Cloud Director user and a VMware Cloud Director organization associated with the session.

For more information about the sessions and authenticating to remote sites, see Extended Session Authentication in the VMware Cloud Director Availability User Guide.

See the Cloud Service disaster recovery operations that require an extension of the user session in the following table:

Operation Incoming Replication Outgoing Replication
Required Session on Source Site Required Session on Destination Site Required Session on Source Site Required Session on Destination Site
start Yes Yes Yes Yes
stop No Yes Yes Yes
reconfigure No Yes Yes Yes
failover No Yes Yes Yes
migrate Yes Yes Yes Yes
sync No Yes Yes Yes
pause No Yes Yes Yes
resume No Yes Yes Yes
reverse Yes Yes Yes Yes
failover test No Yes Yes Yes
failover test cleanup No Yes Yes Yes