Information Technology Reference
In-Depth Information
of your data to a secondary location are two areas that can help ensure that business continuity
needs are satisi ed, even in the event of a disaster.
Master It What are three methods to replicate your data to a secondary location and
what is the golden rule for any continuity plan?
Solution First, you have the backup and restore method from tape. It is a best practice to
keep backup tapes off site and, when they are needed after a disaster, have them shipped
to the secondary site. Second, you can replicate your data by using replication at the
SAN level. This gives you the ability to replicate data over both short and long distances.
Third, you can use a disk-to-disk backup appliance, such as vSphere Replication, that also
offers off-site replication to another location. This method offers shorter backup windows
as well as the benei ts of off-site backups. Finally, the golden rule for any successful conti-
nuity design is to test, test, and test again.
Chapter 8: Securing VMware vSphere
Coni gure and control authentication to vSphere. Both ESXi and vCenter Server have
authentication mechanisms, and both products can utilize local users and groups or users
and groups dei ned in external directories. Authentication is a basic tenet of security; it's
important to verify that users are who they claim to be. You can manage local users and
groups on your ESXi hosts using either the traditional vSphere Client or the command-line
interface (such as the vSphere Management Assistant). Both the Windows-based and the
Linux-based virtual appliance versions of vCenter Server can leverage Active Directory,
OpenLDAP, or local SSO accounts for authentication as well.
Master It You've asked an administrator on your team to create some accounts on an
ESXi host. The administrator is uncomfortable with the command line and is having a
problem i guring out how to create the users. Is there another way for this administrator
to perform this task?
Solution Yes, the administrator can use the traditional vSphere Client and connect di-
rectly to the ESXi hosts on which the accounts need to be created.
Manage roles and access controls. Both ESXi and vCenter Server possess a role-based
access control system that combines users, groups, privileges, roles, and permissions.
vSphere administrators can use this role-based access control system to dei ne very granu-
lar permissions that dei ne what users are allowed to do with the vSphere Client against an
ESXi host or the vSphere Web Client against a vCenter Server instance. For example, vSphere
administrators can limit users to specii c actions on specii c types of objects within the
vSphere Client. vCenter Server ships with some sample roles that help provide an example of
how you can use the role-based access control system.
Master It Describe the differences between a role, a privilege, and a permission in the
ESXi/vCenter Server security model.
Solution A role is a combination of privileges; a role is assigned to a user or group.
Privileges are specii c actions (like power on a VM, power off a VM, coni gure a VM's
CD/DVD drive, and take a snapshot) that a role is allowed to perform. You combine
 
Search WWH ::




Custom Search