Security and Access Control

For Training Cloud System, the security configuration is made of Domain controller, VMM server, Private Clouds. All of above work together to make sure the user has enough privilege to do all of experiment and the user’s operations cannot impact each other.
UserAccess.png

User Accounts in Domain Controller

Students can access the Training Cloud system via valid user accounts. Different accounts for administrator and 30 normal users are created. Accounts are configured as administrator in the DC because all of users need to access domain machines. And to avoid incorrect operations, the privilege of user is limited in the VMM user roles.

User Role in VMM Server

SCVMM 2012 CTP1 supports 3 types of user role: Administrators and delegated administrators, Self-Service User. The relationship of them is as following
  • Administrators and delegated administrators can create Self-Service User roles.
  • Delegated administrators can create Self-Service User roles for Private Clouds that are in the scope of user roles.
  • In SCVMM 2012 CTP1, self-service user roles were designed to provide a richer environment for creating, deploying, and managing virtual machines as well as services in a private cloud.
In Training Cloud System, the privilege of self-service user role is shrunk. They only can operate the existed VM which assigned to them. No deploy service, no create VMs and no delete VMs. That would keep the system much safer from unexpected breakdown.

Private Cloud

Private Cloud is a layer based on the host group. It hides physical resources and infrastructure configuration from end users. It can reduce the risk and strengthen the management of physical resources.
In Training Cloud System, there are 30 Private Clouds created on 3 Shuttle machines. It separates different operation area for each SSU and grant different functionalities for them. It reduces the impace of different users on the same environment.

Last edited May 25, 2012 at 2:55 AM by xinwenting, version 2

Comments

No comments yet.