After you upgrade vRealize Operations Manager, assign the permissions that are required to access monitoring data from the Management NSX Manager and Compute NSX Manager in Region A and Region B in vRealize Operations Manager to the operations local service account svc-vrops-nsx.

Prerequisites

  • Ensure that SSH has been enabled on the Management NSX Manager and Compute NSX Manager in Region A.

  • On a Windows host that has access to you data center, install a REST client, such as the RESTClient add-on for Firefox.

Procedure

  1. Log in to the NSX Manager by using a Secure Shell (SSH) client.
    1. Open an SSH connection to the NSX Manager virtual machine.

      Region

      NSX Manager

      Host name

      Region A

      NSX Manager for the management cluster

      mgmt01nsxm01.sfo01.rainpole.local

      NSX Manager for the shared compute and edge cluster

      comp01nsxm01.sfo01.rainpole.local

      Region B

      NSX Manager for the management cluster

      mgmt01nsxm51.lax01.rainpole.local

      NSX Manager for the shared compute and edge cluster

      comp01nsxm51.lax01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      • mngnsx_admin_password

      • compnsx_admin_password

  2. Create the local service account svc-vrops-nsx on the NSX Manager instances.
    1. Run the following command to switch to Privileged mode of the NSX Manager.
      enable
    2. Enter the admin password when prompted and press Enter.
    3. Switch to Configuration mode.
      configure terminal
    4. Create the service account svc-vrops-nsx.
      user svc-vrops-nsx password plaintext svc-vrops-nsx_password
    5. Assign the svc-vrops-nsx user access to NSX Manager from the vSphere Web Client.
      user svc-vrops-nsx privilege web-interface
    6. Leave the Configuration mode
      exit
    7. Commit these updates to the NSX Managers:
      copy running-config startup-config
  3. Assign the security_admin role to the svc-vrops-nsx service account.
    1. Log in to the Windows host that has access to your data center.
    2. In a Firefox browser, go to chrome://restclient/content/restclient.html
    3. From the Authentication drop-down menu, select Basic Authentication
    4. In the Basic Authorization dialog box, enter the following credentials, select Remember me and click Okay.

      Setting

      Value

      User name

      admin

      Password

      • mngnsx_admin_password

      • compnsx_admin_password

      The Authorization: Basic XXX header appears in the Headers pane.

    5. In the Request pane, enter the following header details and click Okay.

      Request Header Attribute

      Value

      Name

      Content-Type

      Value

      Application/xml

      The Content-Type:application/xml header appears in the Headers pane.

    6. In the Request pane, from the Method drop-down menu, select POST, and in the URL text box, enter the following URL.

      Region

      NSX Manager

      POST URL

      Region A

      NSX Manager for the management cluster

      https://mgmt01nsxm01.sfo01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

      NSX Manager for the shared edge and compute cluster

      https://comp01nsxm01.sfo01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

      Region B

      NSX Manager for the management cluster

      https://mgmt01nsxm51.lax01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

      NSX Manager for the shared edge and compute cluster

      https://comp01nsxm51.lax01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

    7. In the Request pane, paste the following request body in the Body text box and click Send.
      <accessControlEntry>
        <role>security_admin</role>
        <resource>
          <resourceId>globalroot-0</resourceId>
        </resource>
      </accessControlEntry>
      




      The Status changes to 204 No Content.

    8. Repeat the step for the other NSX Manager instances in Region A and Region B.