VMware Solutions Discussions

cDOT - VSC vs. System Manager

renem

Hi volks,

I am here at a customer to implement the VSC with a cDOT System bellow. The customer has here two different department.

One for the whole vSphere environment and one for the storage environment. Of course both department knows the vsc-user

and the password to access the storage system. 

After reading a lot of documentation it is not a good idea to give the vsc-user only access to the vserver management IP address

due to a lot of restrictions in the VSC like 

• NFS path checking 

• Reports on space that is shared by volumes using data deduplication 

• EMS logging 

• Storage-side log collections for the nSANity Diagnostic and Configuration Data Collector program 

Unfortunately the vsc-user must have access to the cluster management IP. 

AND here begins the problem.

If the vsc-user has access to the cluster management IP, even it is read only, all the vSphere guys can install the System Manager

(ok - if they have the .exe) , can login into the cluster, can read and watch all the stuff and can ask tons of stupid questions !

Everyone have experience with this problem, or have a solution, even it is only a workaround ?

Regards,

Rene

1 REPLY 1

wehrli

have the same issue..

there is the possibility to restrict the ip-access list with -firewall policy- on the cluster, but then system manager can be installed on allowed IP and it works again. so maybe there is no way to allow ontapi for the vsc-user using vsc-plugin, but not for the system-manager (application / user blocking).

regards

thomas

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public