Home > Citrix, VMWare, vSphere 4, XenDesktop > XenDesktop 3.0 and vCenter 4.0 permissions

XenDesktop 3.0 and vCenter 4.0 permissions

October 15th, 2009 Leave a comment Go to comments

We are currently implementing a XenDesktop 3.0 environment on vSphere 4.

Today I started to lock down the permissions the Xen Desktop Delivery Controllers (DDC) have on vCenter. There is not much documentation on this. Except for the kb article on VMWare Infrastructure 3 and XenDesktop which is lean and mean. But then i stumbled on this great blog post: http://theether.net/kb/100114

Which describes the solution to the error “This virtual machine could not be retrieved from the hosting infrastructure”
The solution basicly describes the proper permissioning for the accunts which access Virtual Center from the DDC and this even works for vCenter 4!

In VirtualCenter:

- Select View | Administration

- Click Add Role
- Enter the name XenDesktopGlobal
- Check Global | Manage Custom Attributes
- Click OK

- Click Add Role
- Enter the name XenDesktopDataCentre
- Check Datastore | Browse Datastore
- Check Virtual Machine | Inventory | Create
- Check Virtual Machine | Provisioning | Deploy Template
- Check Resource | Assign Virtual Machine to Resource Pool
- Click OK

- Click Add Role
- Enter the name XenDesktop
- Check Global | Set Custom Attribute
- Check Virtual Machine | Interaction | Power On
- Check Virtual Machine | Interaction | Power Off
- Check Virtual Machine | Interaction | Suspend
- Check Virtual Machine | Interaction | Reset
- Click OK

- Select View | Inventory | Hosts And Clusters

- Select Hosts & Clusters
- Select the Permissions tab
- Right click and select Add Permission from the context menu
- Select XenDesktopGlobal for Assigned Role
- Click Add
- Select the account used in the Logon Information properties of the Desktop Group
- Click OK
- Click OK

- Select the Datacentre that contains the virtual desktops
- Select the Permissions tab
- Right click and select Add Permission from the context menu
- Select XenDesktopDataCentre for Assigned Role
- Click Add
- Select the account used in the Logon Information properties of the Desktop Group
- Click OK
- Click OK

- Select the Cluster or Resource Pool that contains the virtual desktops
- Select the Permissions tab
- Right click and select Add Permission from the context menu
- Select XenDesktop for Assigned Role
- Click Add
- Select the account used in the Logon Information properties of the Desktop Group
- Click OK
- Click OK

Source: http://theether.net/kb/100114

Categories: Citrix, VMWare, vSphere 4, XenDesktop Tags: , , , , , ,
  1. No comments yet.
  1. No trackbacks yet.