Module  8 Configuring User Roles and the Virtual Machine Manager Self-Service Portal
Module Overview <ul><li>Configuring User Roles  </li></ul><ul><li>Installing and Configuring the VMM Self-Service Portal <...
Lesson  1 : Configuring User Roles  <ul><li>Role-Based Security Overview  </li></ul><ul><li>What Types of Objects Can You ...
Role-Based Security Overview Membership: <ul><li>Determines which users are part of a particular user role </li></ul><ul><...
What Types of Objects Can You Delegate?  You can delegate permission to these user roles : <ul><li>Host groups </li></ul><...
Role Types  Administrators: <ul><li>Full access to all actions </li></ul><ul><li>Full access to all objects </li></ul><ul>...
Creating a User Role in VMM 2008 R2    Select the user role profile   Wizard configuration options
Demonstration: Creating A User Role  <ul><li>In this demonstration, you will see how to:  </li></ul><ul><ul><li>Add new me...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Discussion: Designing Role-Based Security   Designing Role-Based Security
Lesson 2: Installing and Configuring the VMM Self-Service Portal   <ul><li>Implementing the VMM Self-Service Portal  </li>...
Implementing VMM Self-Service Portal  To implement the VMM Self-Service Portal : <ul><li>Install the VMM Self-Service Port...
Requirements for the VMM Self-Service Portal Hardware requirements Recommendations Up to 10 concurrent connections  Enable...
Demonstration: Installing the VMM Self-Service Portal <ul><li>In this demonstration, you will see how to install the VMM S...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Demonstration: Configuring User Access to the Self-Service Portal <ul><li>In this demonstration, you will see how to use t...
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Securing the VMM Self-Service Portal <ul><li>Configure SSL for the Self-Service Portal  </li></ul><ul><li>Enable Integrate...
Considerations for Implementing the VMM Self-Service Portal <ul><li>Consider limiting virtual machine creation permissions...
Lab : Configuring the VMM Self-Service Portal  <ul><li>Exercise 1: Preparing the Host Group and User Role Requirements  </...
Lab Scenario <ul><li>Contoso, Ltd., has completed its initial deployment of the VMM infrastructure, now is addressing some...
Lab Review <ul><li>Why did Dylan’s account not have access to any virtual machines the first time the user logged in to th...
Module Review and Takeaways <ul><li>Review Questions </li></ul><ul><li>Common Issues and Troubleshooting Tips </li></ul><u...
Upcoming SlideShare
Loading in …5
×

10215 A 08

502 views

Published on

  • Be the first to comment

  • Be the first to like this

10215 A 08

  1. 1. Module 8 Configuring User Roles and the Virtual Machine Manager Self-Service Portal
  2. 2. Module Overview <ul><li>Configuring User Roles </li></ul><ul><li>Installing and Configuring the VMM Self-Service Portal </li></ul>
  3. 3. Lesson 1 : Configuring User Roles <ul><li>Role-Based Security Overview </li></ul><ul><li>What Types of Objects Can You Delegate? </li></ul><ul><li>Role Types </li></ul><ul><li>Creating a User Role in VMM 2008 R2 </li></ul><ul><li>Demonstration: Creating A User Role </li></ul><ul><li>Discussion: Designing Role-Based Security </li></ul>
  4. 4. Role-Based Security Overview Membership: <ul><li>Determines which users are part of a particular user role </li></ul><ul><li>Members may be individual users or groups </li></ul><ul><li>Members maybe in multiple user roles including user roles based on different profiles </li></ul>Profile determines : <ul><li>Which actions are permitted </li></ul><ul><li>Which user interface is accessible </li></ul><ul><li>How the scope is defined </li></ul>Scope determines : <ul><li>On which objects a user may take actions </li></ul>Membership Profile Scope User Role
  5. 5. What Types of Objects Can You Delegate? You can delegate permission to these user roles : <ul><li>Host groups </li></ul><ul><li>Library servers </li></ul><ul><li>Virtual machines </li></ul>
  6. 6. Role Types Administrators: <ul><li>Full access to all actions </li></ul><ul><li>Full access to all objects </li></ul><ul><li>Can use the Admin console or PowerShell interface </li></ul>Delegated Administrators: <ul><li>Full access to most actions </li></ul><ul><li>Scope can be limited by host groups and Library servers </li></ul><ul><li>Can use the Admin console or PowerShell interface </li></ul>Self-Service users <ul><li>Limited access to a subset of actions </li></ul><ul><li>Scope can be limited by host groups and Library share </li></ul><ul><li>Can use the Self-Service Portal or PowerShell interface </li></ul>
  7. 7. Creating a User Role in VMM 2008 R2   Select the user role profile Wizard configuration options
  8. 8. Demonstration: Creating A User Role <ul><li>In this demonstration, you will see how to: </li></ul><ul><ul><li>Add new members to the administrator profile </li></ul></ul><ul><ul><li>Create a delegated administrator profile, and delegate specific host groups and libraries to that profile </li></ul></ul>
  9. 9. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
  10. 10. Discussion: Designing Role-Based Security   Designing Role-Based Security
  11. 11. Lesson 2: Installing and Configuring the VMM Self-Service Portal   <ul><li>Implementing the VMM Self-Service Portal </li></ul><ul><li>Requirements for the VMM Self-Service Portal </li></ul><ul><li>Demonstration: Installing the VMM Self-Service Portal </li></ul><ul><li>Demonstration: Configuring User Access to the Self-Service Portal </li></ul><ul><li>Securing the VMM Self-Service Portal </li></ul><ul><li>Considerations for Implementing the VMM Self-Service Portal </li></ul>
  12. 12. Implementing VMM Self-Service Portal To implement the VMM Self-Service Portal : <ul><li>Install the VMM Self-Service Portal </li></ul><ul><li>Create or configure host groups </li></ul><ul><li>Add default virtual machine paths </li></ul><ul><li>Create a self-service user role </li></ul><ul><li>Assign self-service user accounts or groups as virtual machine owners </li></ul><ul><li>Create virtual machine templates (optional) </li></ul>
  13. 13. Requirements for the VMM Self-Service Portal Hardware requirements Recommendations Up to 10 concurrent connections Enables monitoring and managing the hardware and software in a distributed environment More than 10 concurrent connections Enables automated installation and configuration of software and operating system updates Operating system Requirements Windows Server 2003 and Windows Server 2003 R2 <ul><li>Web Server </li></ul><ul><li>Windows Powershell </li></ul><ul><li>.NET Framework 2.0 </li></ul>Windows Server 2008 and Windows Server 2008 R2 <ul><li>Web Server server role with selected role services </li></ul><ul><li>Windows Powershell </li></ul>
  14. 14. Demonstration: Installing the VMM Self-Service Portal <ul><li>In this demonstration, you will see how to install the VMM Self-Service Portal </li></ul>
  15. 15. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
  16. 16. Demonstration: Configuring User Access to the Self-Service Portal <ul><li>In this demonstration, you will see how to use the VMM Self-Service Portal </li></ul>
  17. 17. Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
  18. 18. Securing the VMM Self-Service Portal <ul><li>Configure SSL for the Self-Service Portal </li></ul><ul><li>Enable Integrated Windows Authentication for the Self-Service Portal </li></ul><ul><li>Disable ISAPI Handlers that are not needed </li></ul><ul><li>Add Self-Service user roles </li></ul>
  19. 19. Considerations for Implementing the VMM Self-Service Portal <ul><li>Consider limiting virtual machine creation permissions </li></ul><ul><li>Plan for Hyper-V host and storage capacity </li></ul><ul><li>Consider limiting virtual machine management tasks </li></ul><ul><li>Plan for geographical locations </li></ul><ul><li>Standardize Hyper-V host server builds and configurations </li></ul><ul><li>Implement Performance and Resource Optimization </li></ul><ul><li>Use Active Directory groups for Self-Service user roles </li></ul><ul><li>Configure the Self-Service Administrative Contact </li></ul>
  20. 20. Lab : Configuring the VMM Self-Service Portal <ul><li>Exercise 1: Preparing the Host Group and User Role Requirements </li></ul><ul><li>Exercise 2: Implementing the Self-Service Portal </li></ul>Logon information Estimated time: 5 0 minutes NYC-Host1, NYC-Host2 Host machines Virtual machines NYC-DC1 User name Administrator Password Pa$$w0rd
  21. 21. Lab Scenario <ul><li>Contoso, Ltd., has completed its initial deployment of the VMM infrastructure, now is addressing some of the other business requirements that relate to the project. One requirement is that the research department must manage their own virtual environment and needs to deploy and manage their own virtual servers and test workstations. You can configure the VMM environment so that key members of the research department can create and manage virtual machines, and so that all members of the research department can manage the virtual machines dedicated to the department. You need to ensure that the members of the research department can manage only the virtual machines on host computers assigned to the department. </li></ul>
  22. 22. Lab Review <ul><li>Why did Dylan’s account not have access to any virtual machines the first time the user logged in to the Self-Service Portal? </li></ul><ul><li>How many virtual machines will members of the Research Admins user role be able to create? </li></ul>
  23. 23. Module Review and Takeaways <ul><li>Review Questions </li></ul><ul><li>Common Issues and Troubleshooting Tips </li></ul><ul><li>Real-world Issues and Scenarios </li></ul><ul><li>Best Practices </li></ul>

×