cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Connect to VMWare on a cluster level not the entire Hierarchy

We ae trying to connect to just a specific cluster no the entire network of servers as we are just one tenant. we only want to see our stuff not the other tenants. 

Timothy Robinson
(1) Solution

Best security practice is an account should only have access to the vCenter objects that are appropriate. 

Use permissions in vCenter to limit your account to only see the tenet you need to get data from. 

 

View solution in original post

(3) Replies

@terobinson - There is not a way to restrict the inventory that comes from the vCenter SDK.  You will receive all of the Clusters and Hosts that are managed by that vCenter Instance.

What I would recommend is:

1) Go to Active Inventory and find the VM Hosts that get imported into FNMS from the other clusters and set them to a status of IGNORED.  If you simply delete them, they will get created again the next time the Beacon connects to that vCenter.

2) Make sure that you are not installing the agent on the VMs in the other clusters.

Best security practice is an account should only have access to the vCenter objects that are appropriate. 

Use permissions in vCenter to limit your account to only see the tenet you need to get data from. 

 

Agreed, limiting access via strict permissions is the way to go.

If ESX hosts are used exclusively by one tenant only, I guess you could just inventory them directly instead of the whole vCenter.