Assign the permissions to the service account svc-vrops-nsx that are required to access monitoring data from the NSX Manager instances in the region in vRealize Operations Manager.

Procedure

  1. Log in to the NSX Manager by using a Secure Shell (SSH) client.
    1. Open an SSH connection to the NSX Manager virtual machine.
      NSX Manager Host name
      NSX Manager for the management cluster lax01m01nsx01.lax01.rainpole.local
      NSX Manager for the shared compute and edge cluster lax01w01nsx01.lax01.rainpole.local
    2. Log in using the following credentials.
      Setting Value
      User name admin
      Password nsx_admin_password
  2. Create the local service account svc-vrops-nsx on the NSX Manager instance.
    1. Run the following command to switch to Privileged mode of NSX Manager.
      enable
    2. Enter the admin password when prompted and press Enter.
    3. Switch to Configuration mode.
      configure terminal
    4. Create the service account svc-vrops-nsx.
      user svc-vrops-nsx password plaintext svc-vrops-nsx_password
    5. Assign the svc-vrops-nsx user access to NSX Manager from the vSphere Web Client.
      user svc-vrops-nsx privilege web-interface
    6. Commit these updates to NSX Manager.
      write memory
    7. Exit the Configuration mode.
      exit
  3. Assign the security_admin role to the svc-vrops-nsx service account.
    1. Log in to the Windows host that has access to your data center.
    2. Start the Postman application and log in.
    3. Select POST from the drop-down menu that contains the HTTP request methods.
    4. In the URL text box next to the selected method, enter the following URL.
      NSX Manager POST URL
      NSX Manager for the management cluster https://lax01m01nsx01.lax01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true
      NSX Manager for the shared edge and compute cluster https://lax01w01nsx01.lax01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true
    5. On the Authorization tab, configure the following authorization settings and click Update Request.
      Setting Value
      Type Basic Auth
      User name admin
      Password nsx_admin_password
    6. On the Headers tab, enter the following header details.
      Setting Value
      Key Content-Type
      Value text/xml
    7. In the Body tab, select raw and paste the following request body in the Body text box and click Send.
      <accessControlEntry>
        <role>security_admin</role>
        <resource>
          <resourceId>globalroot-0</resourceId>
        </resource>
      </accessControlEntry>
      
      The Status changes to 204 No Content.
    8. Repeat the step for the other NSX Manager instance.