cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
614
Views
0
Helpful
3
Replies

KVM per-user restrictions

Hello,

 

Is it possible to restrict specific KVM sessions for certain users in UCSM? Let's say I have 4 blades dedicated for Linux systems, and 4 blades for VMware systems. I would like to allow KVM access to Linux blades only to Linux admins, and to VMware blades only to VMware admins. Yet better, not to specific blades, but rather service profiles. Is it possible using local UCSM users? Or maybe there is specific av-pair which can be assigned by TACACS+?

 

Best regards,

Krzysztof

1 Accepted Solution

Accepted Solutions

Create under root suborg for Linux and VMware; create appropriate locales and users, who are assigned to this locales, and can manage objects under this org.

If your service profiles are located under the proper org, users can only modify this SP's, and access KVM with the proper username / pw.

Caveat:

There is only one admin (=super user) in the whole UCS domain.

 

View solution in original post

3 Replies 3

Walter Dey
VIP Alumni
VIP Alumni

V2.2. supports

CIMC inband access which supports the following services:
• KVM Console
• SSH to CIMC for SoL
• vMedia for ISO, virtual CD/DVD, removable disk, and floppy

Therefore you can give end users the IP address of the CIMC of their servers, and they can access them in band, without going first to UCS Manager.

Only Cisco UCS M3 and M4 servers support inband CIMC access. Inband CIMC access for Cisco UCS
M1 and M2 servers is not supported.

An inband IPv4 address can be assigned to a physical server
An inband IPv4 address can be derived from a service profile associated with the physical server
 

OK, but I want to make sure that Linux admins will not access VMware blades. Giving certail IP to users is not eought, as other users can access that IP (even by mistake). Is it possible to assign such granular restrictions?

Create under root suborg for Linux and VMware; create appropriate locales and users, who are assigned to this locales, and can manage objects under this org.

If your service profiles are located under the proper org, users can only modify this SP's, and access KVM with the proper username / pw.

Caveat:

There is only one admin (=super user) in the whole UCS domain.

 

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card