10.3 vCenter Server Adapter Instance Privileges

Architecting a vRealize Operations Management Solution : Security : 10.3 vCenter Server Adapter Instance Privileges

vRealize Operations Manager collects vSphere related data from vCenter Server instances. A user account (service account) with sufficient permissions is required for vRealize Operations Manager to communicate with each vCenter Server.

vRealize Operations Manager accesses vCenter Server data based on the permissions given to its server account. Use a read-only account for data collection purposes, and a separate account to register and maintain vSphere plug-ins in vCenter Server.

The vCenter Python Actions Adapter allows a user to execute remedial action based on a recommendation against an alert. The service account credentials provided to the vCenter Python Actions Adapter must have sufficient privileges to modify objects within the vCenter Server where the alert is triggered.

Design Considerations

• Use a service account for each endpoint from which vRealize Operations Manager will collect data (vCenter Server, vCloud Director, and so on).

• If the vSphere data collection service account has read-only permissions, set up a separate service account with permissions to register and maintain vSphere plug-ins in vCenter Server.

• Use a separate service account for the vCenter Python Actions Adapter.

• Do not allow service account passwords to expire. If they do, vRealize Operations Manager will not be able to collect information from endpoints.