HCX Manager (HCX) configuration and operation requires an understanding of the various accounts and roles involved in deploying, managing, and operating the system.
User Accounts
HCX has the following account requirements for site manager deployments:
Account |
Requirements |
Additional Information |
---|---|---|
admin |
|
|
Account for vCenter Server Registration |
The account must belong to the vSphere administrators group and have the administrator role assigned. |
|
Account for NSX Registration |
This account must have the Enterprise Admin role assigned. If NSXv, this account must have the Enterprise Administrator role assigned. |
Note:
This account is not required for HCX Connector installations. It is required only when extending NSX Segments, or migrating NSX tags. |
Accounts for HCX Role Mapping (This account refers to SSO User accounts that map to an HCX role.) |
The user’s group must be included in the HCX Role Mapping configuration. |
|
Site Pairing Accounts |
The user’s group must be included in the HCX Role Mapping configuration (on the remote HCX Cloud system being paired). The user's group can be in either the Administrators group or the Tenant group. |
The site pairing user is entered along with the HCX Cloud URL in the site pairing configuration on the source HCX system. The following are typical scenarios:
|
The vCenter Server and the NSX Manager registration accounts (“service accounts”) must have global object access.
Role Mapping
Access to HCX services and features depends on the assigned user role. User roles are assigned in the HCX appliance management interface during the initial HCX activation and configuration.
- Administrator
-
SSO groups assigned to the Administrator role have unrestricted access to perform all HCX configurations and operations.
- Tenant
-
This role is intended for use by Service Providers. SSO groups assigned to the Tenant role cannot add or delete HCX Network Profiles.
Note:The Tenant role is not available in HCX Connector deployments.
vSphere Privileges for Migration Operations
User groups assigned to the Administrator or the Tenant role must have these vSphere vCenter Server privileges to perform migrations.
vCenter Resource Type |
User Privilege |
Description |
---|---|---|
ComputeResource |
|
Privileges required on the destination compute resource object when performing a migration operation. |
HostSystem |
|
Privileges required on the destination HostSystem object when performing a migration operation. |
ClusterComputeResource |
|
Privileges required on the destination ClusterComputeResource object when performing a migration operation. |
ResourcePool |
|
Privileges required on the destination ResourcePool object when performing a migration operation. |
Folder |
|
Privileges required on the destination Folder object when performing a migration operation. |
Datacenter |
|
Privileges required on the destination data center objects when performing a migration operation. |
Datastore |
|
Privileges required on the destination datastore objects when performing a migration operation. |
DistributedVirtualPortgroup/Network |
Network.Assign |
Privileges required on the destination network objects when performing a migration operation. |
VirtualMachine |
|
Privileges required on the source virtual machines when performing a migration operation. |