Module 6.1 ‐ Storage & Roles - lpcyber1/SYS350 GitHub Wiki
Task 1: NFS File Share on Host
- To add a NFS File share to my vcenter environment, right click your datacenter and hover over storage to select
New Datastore
- Select NFS
- Select version 4.1
- Enter the name, IP, and filepath for the share
- No authentication
- I already mounted the share, so you would select to add it to your super micro server and hit complete to finish
- To add a file, I opened a terminal and wrote
echo "Liam Pauls file" >> Super27.txtthen went back to vcenter and clickedupload file
- If it fails, make sure to add your vcenters root certificates to your browser and try again
Task 2: Another NFS Datastore for VMs
- Repeated the steps I showed before and made another NFS datastore
- Made a new VM from my template
Part 2: Roles
- Created a VM folder for rbac by right clicking my datacenter and hovering over New Folder to select New VM adnd Template Folder
- Hopped on my DC and created the proper user accounts, then made the groups and added users to respective groups
- Added permissions to the
alicefolder
- Added permissions to the
shared-vmsfolder
- Cloned the console user role in the administration tab
- Selected to edit that role and unchecked the power on and power off boxes to take away those permissions
- Edited the permissions the restricted users had
Deliverables
- Deliverable 1. Provide a screenshot similar to the one below that shows the NFS properties of your NFS share.
- Deliverable 2. Provide a screenshot similar to the one below that shows the uploaded file in your NFS share.
- Deliverable 3 Take a screenshot similar to the one above showing the second NFS Datastore
- Deliverable 3.5: Take a screenshot of your new VM like the one below
- Deliverable 4 Login as alice and demonstrate you are limited to the VM placed in the alice folder. Provide a screenshot similar to the one below.
- Deliverable 5. Provide a screenshot demonstrating that Bob's Take snapshot option is grayed out.
- Deliverable 6. Ok, we've decided that the Virtual Machine console user role has far too much power. Figure out how to clone the role, name it something like "Virtual Machine console no power user". Edit this cloned role such that those assigned that role will not be able to perform power operations. Change the permissions for share-vms so that the restricted user group gets your new limited role. Provide a screenshot of Charlie's VM with the PowerOn, Off actions disabled.
- Deliverable 7. Provide a link to your tech journal that details how you created a new NFS datastore and how Permissions are applied to folders (and objects) in vSphere.
- Deliverable 8. Cover any issue you had in the completion of the lab. Consider the security implications for NFS (version 3 in particular).
I really didn't have many issues with the completion of the lab. One main problem I had was when mounting the second NFS storage, I had the file path wrong and was worried that the server was down. But quickly realized after peaking at the lab doc it was just an error on my part. This lab was a really good dive into how the Active Directory groups from Windows integrate into vCenter. From a security standpoint, without authentication I think this can be a little risky like how we did with the lab because there was nothing denying us from just simply adding it. We didn't have to enter any credentials at all. But I believe NFS is extremely useful when using a NAS to have Network Attached Storage for your production environment in a workplace.