08-03-2011 07:30 PM - edited 03-01-2019 10:00 AM
Am I able to restrict users to the KVM console only within UCSM?
What Roles do I need to assign to the user to ensure all they can do is access the KVM Console?
It is not a huge issue if they obtain read-only rights tot he UCSM itself.
Solved! Go to Solution.
08-03-2011 08:33 PM
Create a new role called "KVM-Only" or similar and assign only the "service-profile-server-oper" privilege. Next, create a user such as "KVM-User" and assign only the KVM-Only role to it. They will be able to launch the full UCSM or the KVM Launcher, but only have KVM access privileges.
The alternate solution if you'd like to only grant KVM access while preventing UCSM login/access. Configure an IPMI-profile with ipmi-user named something such as "helpdesk" for example. While creating "helpdesk" provide the admin ipmi privilege. Assign this IPMI-profile to the service-profile of your server. Then use the following link on your browser
http://
or
http:///ucsm/kvm.jnlp?kvmIpAddr=w.x.y.z (where w.x.y.z is the Management IP
of the blade or Service profile you wish to provide access to)
It will open up a KVM login screen. Enter the username "helpdesk" and assigned password and the IP address of the server-CIMC which you configured. The CIMC IP address can be found under the equipment tab by selecting the blade, then on the right selection Inventory - CIMC. The CIMC IP will be listed under the "Management Interface" section. This will open the KVM of that server. Also the ipmi-user vinay-kvm WILL NOT be able to login to regular UCSM GUI Note that in version 1.3 - the CIMC IP is static and will remain with the slot/server hardware. In the latest version 1.4, you can attach the CIMC/IPMI IP address to your service profile so it will follow it around wherever the profile is associated.
Regards,
Robert
08-03-2011 08:33 PM
Create a new role called "KVM-Only" or similar and assign only the "service-profile-server-oper" privilege. Next, create a user such as "KVM-User" and assign only the KVM-Only role to it. They will be able to launch the full UCSM or the KVM Launcher, but only have KVM access privileges.
The alternate solution if you'd like to only grant KVM access while preventing UCSM login/access. Configure an IPMI-profile with ipmi-user named something such as "helpdesk" for example. While creating "helpdesk" provide the admin ipmi privilege. Assign this IPMI-profile to the service-profile of your server. Then use the following link on your browser
http://
or
http:///ucsm/kvm.jnlp?kvmIpAddr=w.x.y.z (where w.x.y.z is the Management IP
of the blade or Service profile you wish to provide access to)
It will open up a KVM login screen. Enter the username "helpdesk" and assigned password and the IP address of the server-CIMC which you configured. The CIMC IP address can be found under the equipment tab by selecting the blade, then on the right selection Inventory - CIMC. The CIMC IP will be listed under the "Management Interface" section. This will open the KVM of that server. Also the ipmi-user vinay-kvm WILL NOT be able to login to regular UCSM GUI Note that in version 1.3 - the CIMC IP is static and will remain with the slot/server hardware. In the latest version 1.4, you can attach the CIMC/IPMI IP address to your service profile so it will follow it around wherever the profile is associated.
Regards,
Robert
08-03-2011 09:23 PM
perfect, thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide