Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

KVM per-user restrictions

Hello,

 

Is it possible to restrict specific KVM sessions for certain users in UCSM? Let's say I have 4 blades dedicated for Linux systems, and 4 blades for VMware systems. I would like to allow KVM access to Linux blades only to Linux admins, and to VMware blades only to VMware admins. Yet better, not to specific blades, but rather service profiles. Is it possible using local UCSM users? Or maybe there is specific av-pair which can be assigned by TACACS+?

 

Best regards,

Krzysztof

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Red

Create under root suborg for

Create under root suborg for Linux and VMware; create appropriate locales and users, who are assigned to this locales, and can manage objects under this org.

If your service profiles are located under the proper org, users can only modify this SP's, and access KVM with the proper username / pw.

Caveat:

There is only one admin (=super user) in the whole UCS domain.

 

3 REPLIES
VIP Red

V2.2. supportsCIMC inband

V2.2. supports

CIMC inband access which supports the following services:
• KVM Console
• SSH to CIMC for SoL
• vMedia for ISO, virtual CD/DVD, removable disk, and floppy

Therefore you can give end users the IP address of the CIMC of their servers, and they can access them in band, without going first to UCS Manager.

Only Cisco UCS M3 and M4 servers support inband CIMC access. Inband CIMC access for Cisco UCS
M1 and M2 servers is not supported.

An inband IPv4 address can be assigned to a physical server
An inband IPv4 address can be derived from a service profile associated with the physical server
 

New Member

OK, but I want to make sure

OK, but I want to make sure that Linux admins will not access VMware blades. Giving certail IP to users is not eought, as other users can access that IP (even by mistake). Is it possible to assign such granular restrictions?

VIP Red

Create under root suborg for

Create under root suborg for Linux and VMware; create appropriate locales and users, who are assigned to this locales, and can manage objects under this org.

If your service profiles are located under the proper org, users can only modify this SP's, and access KVM with the proper username / pw.

Caveat:

There is only one admin (=super user) in the whole UCS domain.

 

88
Views
0
Helpful
3
Replies