NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

VMware Solutions Discussions

cDOT - VSC vs. System Manager

renem
3,763 Views

Hi volks,

I am here at a customer to implement the VSC with a cDOT System bellow. The customer has here two different department.

One for the whole vSphere environment and one for the storage environment. Of course both department knows the vsc-user

and the password to access the storage system. 

After reading a lot of documentation it is not a good idea to give the vsc-user only access to the vserver management IP address

due to a lot of restrictions in the VSC like 

• NFS path checking 

• Reports on space that is shared by volumes using data deduplication 

• EMS logging 

• Storage-side log collections for the nSANity Diagnostic and Configuration Data Collector program 

Unfortunately the vsc-user must have access to the cluster management IP. 

AND here begins the problem.

If the vsc-user has access to the cluster management IP, even it is read only, all the vSphere guys can install the System Manager

(ok - if they have the .exe) , can login into the cluster, can read and watch all the stuff and can ask tons of stupid questions !

Everyone have experience with this problem, or have a solution, even it is only a workaround ?

Regards,

Rene

1 REPLY 1

wehrli
3,763 Views

have the same issue..

there is the possibility to restrict the ip-access list with -firewall policy- on the cluster, but then system manager can be installed on allowed IP and it works again. so maybe there is no way to allow ontapi for the vsc-user using vsc-plugin, but not for the system-manager (application / user blocking).

regards

thomas

Public