Create a vCenter Server Service Account (user) with a role having the following permissions. This user can be used by the NSX Advanced Load Balancer Controller to interact with the vCenter Server and provide lifecycle management for the Service Engines.

Category

Privilege

Sub-Privilege

Content Library

  • Add library item

  • Delete library item

  • Update files

  • Update library item

Datastore

  • Allocate space

  • Remove file

Folder

Create folder

Network

  • Assign network

  • Remove

Resource

Assign virtual machine to resource pool

Tasks

  • Create task

  • Update task

vApp

  • Add virtual machine

  • Assign resource pool

  • Assign vApp

  • Create

  • Delete

  • Export

  • Import

  • Power off

  • Power on

  • vApp application configuration

  • vApp instance configuration

Virtual machine

Change Configuration

  • Add existing disk

  • Add new disk

  • Add or remove device

  • Advanced configuration

  • Change CPU count

  • Change Memory

  • Change Settings

  • Change resource

  • Display connection settings

  • Extend virtual disk

  • Remove disk

Edit inventory

  • Create new

  • Remove inventory

Interaction

  • Connect devices

  • Install VMware Tools

  • Power off

  • Power on

Provisioning

  • Allow disk access

  • Allow file access

  • Allow read-only disk access

  • Deploy template

  • Mark as virtual machine
Table 1. Design Decisions for vCenter Server Access Control for NSX Advanced Load Balancer Controller

Decision ID

Design Description

Design Justification

Design Implication

AVI-VI-VC-009

Create or use a vCenter Server User/ Role with the described privileges.

Note:

Do not use the local administrator or root user of vCenter Server for this purpose.

Required for NSX Advanced Load Balancer Controller to perform lifecycle management of the Service Engines.

Note:

Update the vCenter User credential on the Controller when password for this user account is rotated.

None