Assign the operations local service account svc-vrops-nsx the permissions that are required to access monitoring data from the NSX Manager ROBO in vRealize Operations Manager.

Prerequisites

  • Ensure that SSH has been enabled on the NSX Manager in ROBO.

  • On a Windows host that has access to your data center, install a REST client. An example of a suitable REST client is the RESTClient add-on for the Mozilla Firefox web browser.

Procedure

  1. Log in to the NSX Manager by using a Secure Shell (SSH) client.
    1. Open an SSH connection to the NSX Manager virtual machine nyc01nsxm01.rainpole.local
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      nyc01nsx_admin_password

  2. Create the local service account svc-vrops-nsx on the NSX Manager instances.
    1. Run the following command to switch to Privileged mode of the NSX Manager.
      enable
    2. Enter the admin password when prompted and press Enter.
    3. Switch to Configuration mode.
      configure terminal
    4. Create the service account svc-vrops-nsx.
      user svc-vrops-nsx password plaintext svc-vrops-nsx_password
    5. Assign the svc-vrops-nsx user access to NSX Manager from the vSphere Web Client.

      user svc-vrops-nsx privilege web-interface

    6. Leave the Configuration mode .
      exit
    7. Commit these updates to the NSX Managers:

      copy running-config startup-config

  3. Assign the security_admin role to the svc-vrops-nsx service account.
    1. Log in to the Windows host that has access to your data center.
    2. In a Firefox browser, go to chrome://restclient/content/restclient.html
    3. From the Authentication drop-down menu, select Basic Authentication.
    4. In the Basic Authorization dialog box, enter the following credentials, select Remember me and click Okay.

      Setting

      Value

      User name

      admin

      Password

      nyc01nsx_admin_password

      The Authorization: Basic XXX header appears in the Headers pane.

    5. From the Headers drop-down menu, select Custom Header.
    6. In the Request Header dialog box, enter the following header details and click Okay.

      Request Header Attribute

      Value

      Name

      Content-Type

      Value

      Application/xml

      The Content-Type:Application/xml header appears in the Headers pane.

    7. In the Request pane, from the Method drop-down menu, select POST, and in the URL text box, enter the following URL.

      NSX Manager

      POST URL

      NSX Manager for the ROBO

      https://nyc01nsxm01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

    8. In the Request pane, paste the following request body in the Body text box and click Send.
      <accessControlEntry>
        <role>security_admin</role>
        <resource>
          <resourceId>globalroot-0</resourceId>
        </resource>
      </accessControlEntry>
      




      The Status changes to 204 No Content.