In this version of the design, you change the service account configuration for vRealize Operations Manager in vSphere to dedicate a service account to each solution in vRealize Operations Manager and to follow a consistent naming convention for accounts. Remove the global permissions for the deprecated accounts in vSphere in Region A to restrict unauthorized access to the SDDC.

About this task

Table 1. Changes in Service Account

Service Account in Verison 4.0

Service Account in Version 4.1

Role

svc-vrops@rainpole.local

  • svc-vrops-vsphere@rainpole.local

  • svc-vrops-nsx@rainpole.local

Read-only

svc-mpsd-vrops@rainpole.local

  • svc-vrops-mpsd@rainpole.local

  • svc-vrops-vsan@rainpole.local

MPSD Metrics User

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. From the Home menu of the vSphere Web Client, select Administration.
  3. Click Global Permissions under Access Control.
  4. Locate the svc-vrops service account and click Remove permission on the Manage tab.
  5. In the Delete Permission dialog box, click Yes to remove the service account.
  6. Repeat the steps remove the svc-mpsd-vrops global service account.