Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
3
Replies

KVM per-user restrictions

Go to solution
Krzysztof Zaleski
Level 1
Level 1

‎06-26-2014 01:30 PM - edited ‎03-01-2019 11:43 AM

Hello,

 

Is it possible to restrict specific KVM sessions for certain users in UCSM? Let's say I have 4 blades dedicated for Linux systems, and 4 blades for VMware systems. I would like to allow KVM access to Linux blades only to Linux admins, and to VMware blades only to VMware admins. Yet better, not to specific blades, but rather service profiles. Is it possible using local UCSM users? Or maybe there is specific av-pair which can be assigned by TACACS+?

 

Best regards,

Krzysztof

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Walter Dey
VIP Alumni
VIP Alumni
In response to Krzysztof Zaleski

‎06-26-2014 02:45 PM

Create under root suborg for Linux and VMware; create appropriate locales and users, who are assigned to this locales, and can manage objects under this org.

If your service profiles are located under the proper org, users can only modify this SP's, and access KVM with the proper username / pw.

Caveat:

There is only one admin (=super user) in the whole UCS domain.

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Walter Dey
VIP Alumni
VIP Alumni

‎06-26-2014 02:28 PM

V2.2. supports

CIMC inband access which supports the following services:
• KVM Console
• SSH to CIMC for SoL
• vMedia for ISO, virtual CD/DVD, removable disk, and floppy

Therefore you can give end users the IP address of the CIMC of their servers, and they can access them in band, without going first to UCS Manager.

Only Cisco UCS M3 and M4 servers support inband CIMC access. Inband CIMC access for Cisco UCS
M1 and M2 servers is not supported.

An inband IPv4 address can be assigned to a physical server
An inband IPv4 address can be derived from a service profile associated with the physical server
 

0 Helpful

Go to solution
Krzysztof Zaleski
Level 1
Level 1
In response to Walter Dey

‎06-26-2014 02:34 PM

OK, but I want to make sure that Linux admins will not access VMware blades. Giving certail IP to users is not eought, as other users can access that IP (even by mistake). Is it possible to assign such granular restrictions?

0 Helpful

Go to solution
Walter Dey
VIP Alumni
VIP Alumni
In response to Krzysztof Zaleski

‎06-26-2014 02:45 PM

Create under root suborg for Linux and VMware; create appropriate locales and users, who are assigned to this locales, and can manage objects under this org.

If your service profiles are located under the proper org, users can only modify this SP's, and access KVM with the proper username / pw.

Caveat:

There is only one admin (=super user) in the whole UCS domain.

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card