VMware Solutions Discussions

VSC 6.1 Installation and configuration with new vSphere 5.5 deployment

AdrianMyatt
5,699 Views

I have deployed a brand new 2012 R2 Server with vSphere 5.5 Update 3b and have NetApp Datastores mapped via both FC and NFS.

 

I have installed the VSC 6.1 plugin and it is showing as registered (twice for some reason) in the legacy client (See attachment 1)

 

VSC roles have been created in the Web client (see attachment 2)

 

I am using a mixture of Data ONTAP 7.3.7 and 8.x.x 7-Mode.

 

When I attempt to view any VSC related menus, I see only "No actions Available" so I am unable to add any Storage appliances. (See attachment 3)

 

If I attempt to assign VSC Roles within vCentre, I get an error regarding the operation being denied (see attachment 4)

 

I have read the RBAC Configuration for Experienced Users document and it doesn't explain enough for me as a beginner. (Kinda obvious from the title, I know!)

 

I don't know if the roles missing from the appliances are relevant at this point but I can't even get far enough into the VSC plugin in the web console to even add an appliance!

 

So, there are two things I believe I need:

 

  1. What do I need to do to get the menus to appear in the Web Console so I can add appliances and then configure/manage them
  2. What do I need to do with the RBAC, either using the GUI or the CLI, to get the required roles created

In the RBAC GUI, I specify "VSC for VMware" however it only goes as far as v5.0. There is no entry for 6.x

It asks me to specify a Group, Role and User but I am unsure as to what to put in these fields to associate the required privileges on the NetApp appliance with the roles on vCenter. I tried setting the Group to "Administrators", Role to "VSC Administrator" and User to "administrator" on our test SAN. This created 3 new roles "VSC Administrator.2", "VSC Administrator.3" and "VSC Administrator.4" however they all have different capabilities. It also produced an error in the GUI "Command failed: Could not modify group <Administrators>. Error: Invalid role name"

 

If anyone has been through this config and can give me any guidance, it would be much appreciated.

 

Thanks,

Adrian

1 ACCEPTED SOLUTION

AdrianMyatt
5,532 Views

I was accessing the plugin from the Web Client, thanks. It turns out the rights to use the plugin had only been applied to the local administrator and not the AD account used to install it.

 

I logged in as the local administrator administrator@vsphere.local" and applied the "VSC Administrator" role to our AD admin group which fixed the problem. When I logged back in as myself, I was able to view the menus and all appliances had been discovered.

 

On the RBAC side of things, I logged a ticket with NetApp Support and they explained that because I was using the root account to connect to the appliances, it would automatically be given the correct capabilities on each Filer. You only need to create downloevel RBAC roles on the filers if you plan to restrict access to lower level roles.

View solution in original post

3 REPLIES 3

AdrianMyatt
5,689 Views

Update: I just logged on with the administrator@vsphere.local account and the plugin is present and working. I can see all menus and all our Filers are connected.

 

This suggests the problem I am having is that AD integrated vSphere accounts do not have the correct rights to view the plugin in the Web Client.

EricNTAP
5,632 Views

If you're trying to use VSC 6.1 from within the thick client, it will not work.  VSC 6.0+ is only for vSphere Web Client.

 

For the updated RBAC XML file, download the latest ONTAP Privs file.  You can find more information here:

How to use the RBAC User Creator for Data ONTAP

AdrianMyatt
5,533 Views

I was accessing the plugin from the Web Client, thanks. It turns out the rights to use the plugin had only been applied to the local administrator and not the AD account used to install it.

 

I logged in as the local administrator administrator@vsphere.local" and applied the "VSC Administrator" role to our AD admin group which fixed the problem. When I logged back in as myself, I was able to view the menus and all appliances had been discovered.

 

On the RBAC side of things, I logged a ticket with NetApp Support and they explained that because I was using the root account to connect to the appliances, it would automatically be given the correct capabilities on each Filer. You only need to create downloevel RBAC roles on the filers if you plan to restrict access to lower level roles.

Public