VMware Cloud Director Availability requires privileges for the following users roles and rights and establishes the following sessions for performing disaster recovery (DR) operations.

VMware Cloud Director Availability Appliance root User Account

VMware Cloud Director Availability uses the root user account for access to both the virtual appliance console and the management interface. The initial deployment of each VMware Cloud Director Availability appliance sets up this account. The OVF Deployment wizard requires an initial password for the root user account, with an initial requirement being over three characters long. After the initial deployment, VMware Cloud Director Availability forces changing this initial password on the first login by using the root user, with the following requirements for the persistent root user account password.
  • The password must be over eight characters.
  • The password must contain digits, upper and lower case letters, and non-alphabetic characters.
  • The password cannot match any previous password.
  • The password must contain more than four new characters compared to the previous password.

VMware Cloud Director Availability Users

VMware Cloud Director Availability distinguishes administrator users from regular users.
  • To establish a user session with administrative rights in VMware Cloud Director Availability, the credentials for both the source and the destination sites must belong either to the ADMINISTRATORS or VRADMINISTRATORS groups. This applies for both vSphere DR and migration and for replications with cloud sites backed by VMware Cloud Director.
    Caution: vSphere DR and migration between vCenter Server sites allow all users that authenticate in VMware Cloud Director Availability full control over the replications.

    After authenticating, the users are also allowed to list, migrate, and have access as a replication destination to all vSphere objects that the principal can access.

    For example, the single sign-on user Administrator@vsphere.local is a member of the ADMINISTRATORS group.

  • In VMware Cloud Director sites, providers manage VMware Cloud Director Availability objects and the local VMware Cloud Director Availability appliances after authenticating as VMware Cloud Director System Administrator users. By default, the System Administrator role has all VMware Cloud Director rights. Users belonging to that role can manage any local and monitor any remote VMware Cloud Director Availability inventory object. To manage VMware Cloud Director Availability objects in the remote site, authenticate as a System Administrator to the remote site.

  • Tenants perform disaster recovery operations and manage the VMware Cloud Director Availability objects after authenticating as:
    • For vSphere DR and migration, as VRUSERS single-sign-on users the tenants can perform disaster recovery operations in the local site, can manage any local VMware Cloud Director Availability object, and can monitor any remote VMware Cloud Director Availability object.
    • In VMware Cloud Director sites, as Organization Administrator users, tenants can perform disaster recovery operations in the local site, can manage any local VMware Cloud Director Availability object, and can monitor any remote VMware Cloud Director Availability object that belongs to the VMware Cloud Director organization. To manage remote VMware Cloud Director Availability objects, authenticate as an Organization Administrator user to the remote site.

VMware Cloud Director Availability creates the VRADMINISTRATORS and the VRUSERS groups in the local vCenter Server instance during the appliance deployment.

vSphere Privileges for VMware Cloud Director Availability Administrators

As a provider or an on-premises administrator, allow the least privileges for the roles of the user accounts that register the vCenter Server Lookup service and operate VMware Cloud Director Availability. As a provider to prevent the tenants access to restricted infrastructure items, only allow the following minimum list of privileges as specified for audit certifications and security compliance of VMware Cloud Director Availability.

When the service user account is not administrator@vsphere.local, the following privileges must apply to the user that operates with VMware Cloud Director Availability and registers it with the vCenter Server Lookup service.

Cryptographic Operations
  • Cryptographic operations.Manage keys
  • Cryptographic operations.Register host
Datastore Privileges
  • Datastore.Configure datastore
  • Datastore.Low level file operations
Resource Privileges
  • Resource.Assign virtual machine to resource pool
Extension Privileges
  • Extension.Register extension
  • Extension.Unregister extension
  • Extension.Update extension
Global Privileges
  • Global.Disable methods
  • Global.Enable methods
Host Configuration Privileges
  • Host.Configuration.Connection
Virtual Machine Inventory Privileges
  • Virtual machine.Inventory.Register
  • Virtual machine.Inventory.Unregister
Virtual Machine Interaction
  • Virtual machine.Interaction.Power Off
  • Virtual machine.Interaction.Power On
Virtual Machine State Privileges
  • Virtual machine.Snapshot management.Create snapshot
  • Virtual machine.Snapshot management.Remove snapshot
HBR Privileges
  • Host.Hbr.HbrManagement
  • VirtualMachine.Hbr.ConfigureReplication
  • VirtualMachine.Hbr.ReplicaManagement
  • VirtualMachine.Hbr.MonitorReplication
Note: After adding a custom role in vSphere, the role is created as a Read Only role with three system-defined privileges:
  • System.Anonymous
  • System.Read
  • System.View

    These privileges are not visible in the vSphere Client but are used to read specific properties of some managed objects. All the predefined roles in vSphere contain these three system-defined privileges.

For information about the roles privileges in vSphere, see Defined Privileges in the vSphere documentation.

VMware Cloud Director Roles Rights

VMware Cloud Director for users permissions publishes the predefined global tenant roles and the rights they contain to all organizations. System Administrator users can modify the rights and the global tenant roles from an individual organization. System Administrator users can modify, create, or remove predefined global tenant roles.

For more information, see System Administrator Rights and Rights in Predefined Global Tenant Roles in the VMware Cloud Director documentation.

In VMware Cloud Director, for tenant roles different than the default Organization Administrator, at minimum grant exactly the following rights:

  • General: Administrator Control
  • vApp: Edit VM Compute Policy *
  • vApp: Edit VM Properties
  • vApp: Delete
  • vApp: Edit VM Network
  • vApp: Edit Properties
  • vApp: Power Operations
  • vApp: View VM metrics
  • vApp: View ACL
  • Organization: View
  • Organization Network: View
  • Organization vDC Network: View
  • Organization vDC Compute Policy: View
  • Organization vDC: View ACL
  • Access All Organization VDCs
  • Catalog: View Private and Shared Catalogs
  • Catalog: View ACL
  • Organization vDC Named Disk: Delete
  • Organization vDC Named Disk: Create
  • Organization vDC Named Disk: View Properties
  • Organization vDC Named Disk: Edit Properties
  • Organization vDC Gateway: View L2 VPN **
  • Organization vDC Gateway: Configure L2 VPN **
Note:
  • VMware Cloud Director Availability requires each and all of the above rights for the correct operation of the VMware Cloud Director tenant user.
  • * VMware Cloud Director Availability 4.3 and later require the vApp: Edit VM Compute Policy right that is not part of the Default Rights Bundle.
  • ** In VMware Cloud Director service, to stretch an L2 network to an SDDC in the VMware Cloud™ on AWS, VMware Cloud Director Availability 4.4 and later require both the Organization vDC Gateway: View L2 VPN and the Configure L2 VPN rights that are not part of the Default Rights Bundle.

VMware Cloud Director Availability Users Sessions Extension

Each VMware Cloud Director Availability user session must have a VMware Cloud Director user and a VMware Cloud Director organization associated with the session.

For more information about the sessions and authenticating to remote sites, see Extended Session Authentication in the User Guide.

See the Cloud Service disaster recovery operations that require an extension of the user session in the following table.

Operation Incoming Replication Outgoing Replication
Required Session on Source Site Required Session on Destination Site Required Session on Source Site Required Session on Destination Site
start Yes Yes Yes Yes
stop No Yes Yes Yes
reconfigure No Yes Yes Yes
failover No Yes Yes Yes
migrate Yes Yes Yes Yes
sync No Yes Yes Yes
pause No Yes Yes Yes
resume No Yes Yes Yes
reverse Yes Yes Yes Yes
failover test No Yes Yes Yes
failover test cleanup No Yes Yes Yes