Assign the permissions to the service account svc-vrops-nsx that are required to access monitoring data from the Management NSX Manager and Compute NSX Manager in Region A in vRealize Operations Manager.

Procedure

  1. Log in to the NSX Manager by using a Secure Shell (SSH) client.
    1. Open an SSH connection to the NSX Manager virtual machine.

      NSX Manager

      Host name

      NSX Manager for the management cluster

      sfo01m01nsx01.sfo01.rainpole.local

      NSX Manager for the shared compute and edge cluster

      sfo01w01nsx01.sfo01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      • mgmtnsx_admin_password

      • compnsx_admin_password

  2. Create the local service account svc-vrops-nsx on the NSX Manager instances.
    1. Run the following command to switch to Privileged mode of the NSX Manager.
      enable
    2. Enter the admin password when prompted and press Enter.
    3. Switch to Configuration mode.
      configure terminal
    4. Create the service account svc-vrops-nsx.
      user svc-vrops-nsx password plaintext svc-vrops-nsx_password
    5. Assign the svc-vrops-nsx user access to NSX Manager from the vSphere Web Client.

      user svc-vrops-nsx privilege web-interface

    6. Exit Configuration mode.
      exit
    7. Commit these updates to the NSX Manager.
      copy running-config startup-config
  3. Assign the security_admin role to the svc-vrops-nsx service account.
    1. Log in to the Windows host that has access to your data center.
    2. In a Chrome Web browser, start the Postman application and log in.
    3. Select POST from the drop-down menu that contains the HTTP request methods.
    4. In the URL text box next to the selected method, enter the following URL.

      NSX Manager

      POST URL

      NSX Manager for the management cluster

      https://sfo01m01nsx01.sfo01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

      NSX Manager for the shared edge and compute cluster

      https://sfo01w01nsx01.sfo01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

    5. On the Authorization tab, configure the following authorization settings and click Update Request.

      Setting

      Value

      Type

      Basic Auth

      User name

      admin

      Password

      • mgmtnsx_admin_password

      • compnsx_admin_password

    6. On the Headers tab, enter the following header details.

      Setting

      Value

      Key

      Content-Type

      Value

      Application/xml

    7. In the Body tab, select raw and paste the following request body in the Body text box and click Send.
      <accessControlEntry>
        <role>security_admin</role>
        <resource>
          <resourceId>globalroot-0</resourceId>
        </resource>
      </accessControlEntry>
      

      The Status changes to 204 No Content.

  4. Repeat the procedure for the other NSX Manager.