introduction
in previous articles we have joined ESXI and vcenter to Active directory
and later we discuss RBAC concepts
in this article we wil see how to allow domain users to access ESXI host
ESXI Roles
ESXI come with default Roles
you can assign domain users to these roles or even create your own custom Role
below the default ESXI Roles
Default ESXI permissions
if you are familiar with Microsoft Active Directory : and you join computer to AD >> you will notice that domain administrator has been added to local administrator on that PC
in vSphere world that does NOT work
by default domain users are NOT allowed to access ESXI host even domain administrator [pioneers\administrator]
so you have to assign domain users manually with proper permissions and role
please look to image belwo when we try to login to ESXI with pioneers\administrator
add domain admin with administrator Role
now we will add domain administrator pioneers\administrator with full privileges over ESXI host ESXI151.pioneers.lab
login to ESXI web client with root credinteal
https://ESXI151
add domain users with other Role
of course you can add domain users with other Roles
for example we will assign lara@pioneers.lab with read only role
ESXI admins Group
you notice that we have to assign role on each ESXI host individually
what if we have hundreds of ESXI in our network >> this will be much headache
actually ESXI come with default group called “ESX Admins ”
SO …
when join ESXI to AD : just create group in Active directory with same name ” ESX Admins”
and any member of this group with have full control over ALL ESXI hosts in your environment
below we will create group “ESX Admin” in active directory pioneers..lab and simply add user ali@pioneers.lab to this group
>>> user ali@pioneers.lab will have full control over ALL ESXI in vsphere environment 🙂
Conclusion
Role Based Access Control RBAC allow domain users to access and manage ESXI host with different levels
please make sure to provide specific doain user with proper levle of access
ESXI come with built-in Group called “ESX admin ” which grant member to full access of ALL ESXI in your vSphere Environment