To allow deploying and managing SDDC components on the Management domain vCenter Server inventory, you assign account permissions to the service account for communication from vRealize Suite Lifecycle Manager to vSphere.

Procedure

  1. In a Web browser, log in to vCenter Server by using the vSphere Client.
    Setting Value
    URL https://sfo01m01vc01.sfo01.rainpole.local/ui
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. Assign global permissions to the service account.
    1. Select Menu > Administration.
    2. In the left pane, select Access control > Global permissions.
    3. Click the Add permission icon, enter these values, and click OK.

      Setting

      Value

      Domain

      rainpole.local

      User/Group

      svc-vrslcm-vsphere

      Role

      vRealize Suite Lifecycle Manager to vSphere Integration

      Propagate to children

      Selected

  3. Restrict access to the workload domain in Region A for the svc-vrslcm-vsphere service account.
    1. In the Global inventory lists inventory, under Resources, click vCenter Servers.
    2. Select the Workload domain vCenter Server, sfo01w01vc01.sfo01.rainpole.local, and click the Permissions tab.
    3. In the User/Group column, click the RAINPOLE\svc-vrslcm-vsphere service account, and click the Change role icon.
    4. From the Role drop-down menu, select No access, leave the Propagate to children check-box selected, and click OK.
  4. If there are other workload domains that are added to the SDDC, repeat Step 3 for each additional Workload domain vCenter Server.