Implementing VMware Horizon 7.7
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Creating a vCenter role and granting permissions

VMware Horizon requires access to the vCenter Server in order to perform tasks related to the creation or management of virtual desktops. To facilitate this access, we first need to create an Active Directory (AD) user account that the Horizon Connection Server will use to access the vCenter Server; in this chapter, we will use an account named svc-horizon. To make it easier to update the Horizon Connection Server AD account in the future, we will create a vCenter role that includes all the required privileges. Once created, the role can be quickly applied to AD user accounts. Perform the following steps to create the role in vCenter:

  1. In vSphere Web Client, navigate to HomeAdministration | Roles, click the green + sign indicated by the red arrow, and then enter a role name such as Horizon Connection Server, as shown in the following screenshot:
  1. From within the Create Role window, expand each privilege group listed in the following table and check the required privilege items. All listed privileges must be checked in order for the Horizon Connection Server to function properly. Click on OK when you have finished creating the role:
  1. In vSphere Web Client, click the following in order, Home | Hosts and Clusters, the vCenter Server at the top level of the inventory, the Manage tab, the Permissions section, and finally the green + sign indicated by the red arrow. This will open the Add Permission window used in the next step:
  1. In the Add Permission window, click on the Add… button to open the Select Users/Groups window.
  2. In the Domain: drop-down menu, select the AD domain that contains the Horizon administrator user or security group. In our example, the domain is named VJASON.
  3. In the Users and Groups list, select the Horizon Connection Server service account. For our sample environment, we have searched for and selected an account named svc-horizon. Once selected, click on the Add button as shown in the following screenshot. Click on OK to close the Select Users/Groups window:
  1. In the Add Permission window then Assigned Role drop-down menu, select the Horizon Connection Server role we created in step 2 as shown in the following screenshot, and then click OK to close the window and complete the action:

The Horizon Pod now has the sufficient permissions on the vCenter Server that it will use to deploy and manage desktops and Windows RDS servers.

上一章目录下一章