This is the fifth part of the article series about SCVMM 2012 Beta and until now, I have installed SCVMM 2012 Beta on my management server and configured the components in my fabric. I also added a Hyper-V host to SCVMM 2012 and created a new cloud. In this fifth and final part, I will talk about self-service user roles and I will show you how to assign the cloud to a user role. So what is self-service user role? What is it used for?
With Self-Service User role, people other than the administrative staff can create and manage their own virtual machines without knowing the underlying cloud fabric. This role was also existed in VMM 2008 but in this new VMM version, it was redesigned for customers to provide a richer environment for creating, deploying and managing virtual machines as well as services in a private cloud. Table 1 is summarizing the enhancements to self-service user roles in SCVMM 2012.
Table 1: Enhancements to self-service user roles in SCVMM 2012
| SCVMM 2012 | Before SCVMM 2012 |
| Self-service users deploy their virtual machines and services to private clouds | Self-service user roles are assigned host groups, and virtual machines are deployed automatically to the most suitable host in the host group |
| Self-service users can create their own templates and profiles | Self-service users must use assigned templates |
| Self-service users can create virtual machines from building blocks such as virtual hard disks (VHDs) rather than just templates | Self-service users were allowed to create virtual machines only from existing templates that an administrator assigned to their self-service user role |
| Self-service users can use the VMM console or the Windows PowerShell – Virtual Machine Manager command shell to create and manage their own virtual machines and services, in addition to the web-based self-service interface | Self-service users can use the web-based self-service interface |
| Resources can be shared between self-service user roles. The Share action allows user role members to share resources that they own with members of self-service user roles that allow the Receive action | - |
| While working in the VMM console, a person who is a member of more than one user role can open another VMM session to operate under a different user role by using the Open New Connection action, and can then switch between VMM sessions | A self-service user who belongs to more than one self-service user role must choose which self-service user role to use when creating or deploy a virtual machine within a VMM session |
After explaining the enhancements to self-service user roles in SCVMM 2012 briefly, let’s begin with the creation of a Self-Service User role in SCVMM 2012. To do this, I run the Administrator Console as an administrator or delegated administrator. Otherwise, I couldn’t create a self-service user role. In the console, I open the Settings workspace and I click Create User Role under Home tab, in the Create group (Figure 1). This will open the Create User Role Wizard.
Figure 1: Create User Role
I enter a descriptive name on the first page and press Next button. On the Profile page, I select Self-Service User from the list and click Next. On the Members page, I add an Active Directory group which I created before to the role ( AppServerAdmins in my example). You can also add user accounts here but I think adding groups is more rational. Therefore when you need someone to be a member of the role, you can just add the related user account to the Active Directory group (Figure 2).
Figure 2: Adding members to the role
In Scope page, I select the related private cloud for the user role. I have only one private cloud here so the VMs and services that the members of user role own will be deployed to the most suitable host (which is my only host server) in my private cloud. What this sentence means is if I have more than one host in my private cloud, VMs and Services will go to the most suitable host (Figure 3). I also select the Show PRO tips checkbox in this page, so self-service users will receive Performance and Resource Optimization (PRO) tips in the PRO Tips window for their VMs and services.
Figure 3: Scope page
On the Quotas page, I can set limits on resources for private cloud that is in the scope of the user role. As you can see in Figure 4, the written limits are coming from the limits that I defined previously during cloud creation ( http://www.ipsure.com/blog/2011/step-by-step-guide-for-system-center-virtual-machine-manager-2012-beta-04/ ). Role level quotas set overall limits for all members of the user role, defining available capacity within the private cloud. Member level quotas set individual limits.
Figure 4: Quotas page
On the Resources page, you can configure resources and data path options. Under Resources, hardware profiles, operating system profiles, virtual machine templates, application profiles, SQL server profiles, service templates, and resource groups can be assigned for the self-service users to use during virtual machine creation. In Data path, a path on a library share where role members can upload and share their own resources can be defined. The user data path also is a good place for the administrator to store prepared resources that should be shared only with members of this self-service user role.
Next page is Actions page. The selections that I make here define what the self-service users can do on their own virtual machines and services (Figure 5).
Figure 5: Actions page
If the Author action is selected on Actions page, on the Run As profiles page, Run As profiles is selected for the self-service users to use in the templates and profiles that they use to create virtual machines and services. By clicking Next, Summary page appears and the wizard is finished.
So I finished the creation of a Self-Service User role in SCVMM 2012. Now it is time to show you how a Self-Service user logs on to the SCVMM 2012 in different ways. The first choice is the VMM Console. As I mentioned before, in SCVMM 2012 you can log on as another user via VMM console while you are working. If you are logged on to the VMM console as an administrator, and you also are a member of a self-service user role, you can open a new session under the self-service user role. For this purpose I click the down arrow at the top left corner of the ribbon, and then click Open New Connection (Figure 6). In the Connect to Server dialog box, I click Connect to start a second session with the current VMM instance. In the Select User Role dialog box, I select the user role (which is ApplicationServerAdmins) that I want to log on under, and then click OK (Figure 7).
Figure 6: Opening a new connection
Figure 7: Selecting a user role
The second method to connect SCVMM 2012 is web-based self-service interface (portal). To connect via this method I open a web browser and write the FQDN of my server to the address bar. The logon page is shown in Figure 8. As I enter my credentials and press Logon button, a management interface appears as it is shown in Figure 9. As you can see in the figure, the user is automatically logged on with its self-service user role rights (the user is also an administrator on SCVMM 2012). As you can see on the right side of the figure, the user can do whichever right he/she has on his/her VMs.
Figure 8: Self-service portal logon page
Figure 9: Self-service portal management interface
The third method is managing your VMs and services with powershell which I won’t get into details. So this is the end of my article series about SCVMM 2012 Beta product. I hope (and am sure) the product will be enhanced and more capable with it’s final release. See you next time.
RSS feed for comments on this post.
