cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2730
Views
0
Helpful
2
Replies

KVM only access via UCSM

pjwhitby_2
Beginner
Beginner

Am I able to restrict users to the KVM console only within UCSM?

What Roles do I need to assign to the user to ensure all they can do is access the KVM Console?

It is not a huge issue if they obtain read-only rights tot he UCSM itself.

1 Accepted Solution

Accepted Solutions

Robert Burns
Cisco Employee
Cisco Employee

Create a new role called "KVM-Only" or similar and assign only the "service-profile-server-oper" privilege.  Next, create a user such as "KVM-User" and assign only the KVM-Only role to it.  They will be able to launch the full UCSM or the KVM Launcher, but only have KVM access privileges.

The alternate solution if you'd like to only grant KVM access while preventing UCSM login/access.     Configure an IPMI-profile with ipmi-user named something such as "helpdesk" for example. While creating "helpdesk" provide the admin ipmi privilege. Assign this IPMI-profile to the service-profile of your server.      Then use the following link on your browser

http:///ucsm/kvm.jnlp

or

http:///ucsm/kvm.jnlp?kvmIpAddr=w.x.y.z (where w.x.y.z is the Management IP 
of the blade or Service profile you wish to provide access to)

It will open up a KVM login screen. Enter the username "helpdesk" and assigned password and the IP address of the server-CIMC which you configured.  The CIMC IP address can be found under the equipment tab by selecting the blade, then on the right selection Inventory - CIMC.  The CIMC IP will be listed under the "Management Interface" section.             This will open the KVM of that server. Also the ipmi-user vinay-kvm WILL NOT be able to login to regular UCSM GUI     Note that in version 1.3 - the CIMC IP is static and will remain with the slot/server hardware.  In the latest version 1.4, you can attach the CIMC/IPMI IP address to your service profile so it will follow it around wherever the profile is associated.

Regards,

Robert

View solution in original post

2 Replies 2

Robert Burns
Cisco Employee
Cisco Employee

Create a new role called "KVM-Only" or similar and assign only the "service-profile-server-oper" privilege.  Next, create a user such as "KVM-User" and assign only the KVM-Only role to it.  They will be able to launch the full UCSM or the KVM Launcher, but only have KVM access privileges.

The alternate solution if you'd like to only grant KVM access while preventing UCSM login/access.     Configure an IPMI-profile with ipmi-user named something such as "helpdesk" for example. While creating "helpdesk" provide the admin ipmi privilege. Assign this IPMI-profile to the service-profile of your server.      Then use the following link on your browser

http:///ucsm/kvm.jnlp

or

http:///ucsm/kvm.jnlp?kvmIpAddr=w.x.y.z (where w.x.y.z is the Management IP 
of the blade or Service profile you wish to provide access to)

It will open up a KVM login screen. Enter the username "helpdesk" and assigned password and the IP address of the server-CIMC which you configured.  The CIMC IP address can be found under the equipment tab by selecting the blade, then on the right selection Inventory - CIMC.  The CIMC IP will be listed under the "Management Interface" section.             This will open the KVM of that server. Also the ipmi-user vinay-kvm WILL NOT be able to login to regular UCSM GUI     Note that in version 1.3 - the CIMC IP is static and will remain with the slot/server hardware.  In the latest version 1.4, you can attach the CIMC/IPMI IP address to your service profile so it will follow it around wherever the profile is associated.

Regards,

Robert

perfect, thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: