Overview

• In this Milestone, we look into adding a network based datastore onto vCenter in order to host some of our environment's VMs.
• Additionally, we look into implementing RBAC (Role Based Access Control) for our vCenter environment via configuring integrated AD/vSphere roles.

Guide Pages:

• Adding NFS File Share to vCenter
• Configuring Integrated AD Roles in vCenter

Reflection:

Overall I found this lab to be fairly straightforward as I was able to configure NFS Shares Datastores as well as AD RBAC Permissions for vCenter without much issue. I liked being able to configure user permissions for vCenter using AD User Groups as it seems useful for managing user access to VMs in larger Enterprise Environments.One key takeaway that I found interesting was learning about how NFS 4.1 is more secure than NFS 3 due to its support for Kerberos Authentication, which can help to prevent unauthorized access to the NFS Share (albeit we did not use Kerberos Authentication for our NFS shares in this lab).

---

Deliverables

Deliverable 1 - Screenshot of me successfully adding the Super13-NFS-Shared Datastore to vCenter

Deliverable 2 - Screenshot of a successful "Super13.txt" test file upload to the new "Super13-NFS-Shared" Datastore Network Share

Deliverable 3 - Screenshot of me successfully creating a new "Super13-Rocky-NFS" VM using my Rocky 9 Base Template and the "Super13-NFS-VMs" Datastore.

Deliverable 4 - Screenshot of the "alice" user successfully demonstrating their ability to login to vCenter and access VMs under their named user VM folder. Additionally, this shows that the AD User Permissions were successfully configured in vCenter.

Deliverable 5 - Screenshot of the "bob" user successfully able to login to vCenter and view VMs under the "shared-vms" folder. Additionally, the "bob" user is unable to take a Snapshot of the VM due to insufficent User Permissions configured for bob's user ("sys350-power-user" group only has "VM Console User" access).

Deliverable 6 - Screenshot of the "bob" user unable to manage Power Settings for VMs under the "share-vms" folder. This shows that the new "Virtual Machine console no power user" Role was properly configured to prevent users in the "sys350-restricted-user" group from modifying VM Power Settings in this folder.