Creating a dedicated vCenter user to manage Remote Application Server virtual machines

0 users found this article helpful

Symptoms

Creating a dedicated vCenter user to manage Remote Application Server virtual machines.

Information

It is recommended to have a dedicated vCenter user to manage Remote Application Server virtual machines in large VMware environments running virtual machines that are not only used by Remote Application Server. This will improve performance since Remote Application Server will not need to monitor a larger number of virtual machines which it is not managing. It will also improve security since Remote Application Server cannot interfere with virtual machines outside its designated folder / resource pool.

Resolution

Remote Application Server user needs permission to traverse the tree starting from the root folder. For example, given the following structure and permissions for the Remote Application Server user:

/ [ Administrator role, **don't propagate** ]
/admin [ **no role defined** ]
/guests [ Administrator role ]
/vdi [ Administrator role ]

After that assign Administrator role (don't propagate) permissions to the required Resource Pool as well.

Remote Application Server user will be able to see the following structure:

/
/guests
/vdi

The key here is that the Remote Application Server user has administrator role set on the root folder /, but the propagate option is not set:

This will allow Remote Application Server user to traverse the tree until the desired folders (Guests and VDI Agent appliance) are reached.

You should ensure the permissions are setup correctly by logging with the Remote Application Server user using the VMware console.

Was this article helpful?

Tell us how we can improve it.