I would like the ability to monitor our VDI hosts, but not the corresponding VMs. Per the instructions in the VMAN administrator guide, this is achieved by setting the permissions on the credentials used to connect to the vCenter. However, I am unable to achieve the correct combination of permissions. Below is what we have tried. And by we, I mean my tech team that is responsible for vCenter. I do not have permissions to make any changes, so I am relying on information provided by them.
- Configure the account with read access to all objects
- Remove read access to the corresponding VMs
This worked fine until a new VM is created as it inherits the permissions from the host. Therefore, it requires manually removing the read access on each new VM when it is created.
My tech team has contacted our VMware TAM contact and they were unable to provide a better solution.
So, my question is. Has anyone successfully implemented the above scenario? If so, how did you go about doing it?