Hello, total vCenter Noob here. I have been tasked with setting up a virtualization infrastructure for a small software development company as a pilot project.
I have a VMware vSphere 5 Essentials license, three physical servers to play with (Xeon E5-1650, 32GB of RAM), as well as a Synology NAS with some iSCSI space available on it.
I have been able to get the basic things running, ESXi is installed and running on the three servers, vCenter is also running (on one of the three servers).
Where I’m having problems is how to setup and enforce “access controls” on the whole thing.
This is what management wants: one group (active directory group) to have access to and limited control of one of the servers and another group to have access to and limited control of the second server. The third server is to be sort of a catch all that only really IT is supposed to be using.
As an example of what’s required: group A is supposed to be able to create and use new VMs on one physical server and group B is supposed to be able to do the same thing on a second physical server but people from group A must be prevented from interfering with VMs on group B’s physical server and vice versa. In addition to that, there is a very strong push for keeping things as simple as possible. Ideally, local storage (2TB/server) should be favored to maximize performance (only one company wide gigabit LAN is currently available), though I understand that sharing local storage is not really possible across physical servers.
I’d love to hear people’s thoughts on a strategy that would achieve the required access controls while keeping things as simple as possible. I’m also wondering if running vCenter on one of the servers that vCenter is supposed to “manage” is a good idea. Can an automatic gracefully shut down be achieved during a power outage assuming each server has its own UPS?
PS, Each physical server is running an instance of vSphere Management Assistant (vMA) to handle “graceful” shutdown of server during a prolonged power outage (when UPS battery gets low) We are running on Eaton 5S 1500LCD UPSes that only offer USB connectivity.