Configure a vCenter Server User for Horizon 7 and View Composer

To configure a user account that allows Horizon 7 to perform operations in vCenter Server, you must assign a vCenter Server role with appropriate privileges to that user.

The list of privileges that you must add to the vCenter Server role varies, depending on whether you use Horizon 7 with or without View Composer. The View Composer service performs operations in vCenter Server that require privileges in addition to the base privileges.

If you install View Composer on the same machine as vCenter Server, you must make the vCenter Server user a local system administrator on the vCenter Server machine. This requirement allows Horizon 7 to authenticate to the View Composer service.

If you install View Composer on a different machine than vCenter Server, you do not have to make the vCenter Server user a local administrator on the vCenter Server machine. However, you do have to create a standalone View Composer Server user account that must be a local administrator on the View Composer machine.

Prerequisites

In Active Directory, create a user in the Connection Server domain or a trusted domain. See Creating a User Account for vCenter Server.
Familiarize yourself with the vCenter Server privileges that are required for the user account. See Privileges Required for the vCenter Server User.
If you use View Composer, familiarize yourself with the additional required privileges. See View Composer and Instant Clone Privileges Required for the vCenter Server User.

Procedure

In vCenter Server, prepare a role with the required privileges for the user.
- You can use the predefined Administrator role in vCenter Server. This role can perform all operations in vCenter Server.
- If you use View Composer, you can create a limited role with the minimum privileges needed by Connection Server and View Composer to perform vCenter Server operations.
  In vSphere Client, click Home > Roles > Add Role, enter a role name such as View Composer Administrator, and select privileges for the role.
  
  This role must have all the privileges that both Connection Server and View Composer need to operate in vCenter Server.
- If you use Horizon 7 without View Composer, you can create an even more limited role with the minimum privileges needed by Connection Server to perform vCenter Server operations.
  In vSphere Client, click Home > Roles > Add Role, enter a role name such as View Manager Administrator, and select privileges for the role.
- If you use instant clones, you can create a limited role with the minimum privileges needed by Connection Server to perform vCenter Server operations.
  In vSphere Client, click Home > Roles > Add Role, enter a role name such as View Manager Instant Clone Administrator, and select privileges for the role. For instant-clone privileges, see View Composer and Instant Clone Privileges Required for the vCenter Server User.
In vSphere Client, right-click the vCenter Server at the top level of the inventory, click Add Permission, and add the vCenter Server user.

Note: You must define the vCenter Server user at the vCenter Server level.
From the drop-down menu, select the Administrator role, or the View Composer or View Manager role that you created, and assign it to the vCenter Server user.
If you install View Composer on the same machine as vCenter Server, add the vCenter Server user account as a member of the local system Administrators group on the vCenter Server machine.
This step is not required if you install View Composer on a different machine than vCenter Server.

What to do next

In Horizon Administrator, when you add vCenter Server to Horizon 7, specify the vCenter Server user. See Add vCenter Server Instances to Horizon 7.