Your network contains a Hyper-V cluster named Cluster1.
You install Microsoft System Center 2012 Virtual Machine Manager (VMM).
You create a user account for another administrator named User1.
You plan to provide User1 with the ability to manage only the virtual machines that User1
creates.
You need to identify what must be created before you delegate the required permissions.
What should you identify?
A.
A service template
B.
A Delegated Administrator
C.
A cloud
D.
A host group
Wouldn’t you create an empty host group first then a delegated administrator role so you can assign User1 the required admin permissions to only that host group, User1 can only manage the virtual machines that he creates and not all hosts/VM’s ?
Premium file says D and I agree.
I believe the given answer is correct. You would delegate the Application Self-Service User role. Defined as: Members of the Self-Service User role can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.
Here is an explanation of the other Delegated Administrator Roles:
Administrator
Members of the Administrators user role can perform all administrative actions on all objects that VMM manages. Administrators have sole responsibility for these features of VMM: only administrators can add stand-alone XenServer hosts and XenServer clusters (known as pools) to VMM management. Only administrators can add a Windows Server Update Services (WSUS) server to VMM to enable updates of the VMM fabric through VMM.
Fabric Administrator (Delegated Administrator) – Members of the Delegated Administrator user role can perform all administrative tasks within their assigned host groups, clouds, and library servers, except for adding XenServer and adding WSUS servers. Delegated Administrators cannot modify VMM settings, and cannot add or remove members of the Administrators user role.
Read-Only Administrator – Read-only administrators can view properties, status, and job status of objects within their assigned host groups, clouds, and library servers, but they cannot modify the objects. Also, the read-only administrator can view Run As accounts that administrators or delegated administrators have specified for that read-only administrator user role.
Tenant Administrator
As of VMM in System Center 2012 Service Pack 1 (SP1), you can create Tenant Administrator user roles. Members of the Tenant Administrator user role can manage self-service users and VM networks. Tenant administrators can create, deploy, and manage their own virtual machines and services by using the VMM console or a web portal. Tenant administrators can also specify which tasks the self-service users can perform on their virtual machines and services. Tenant administrators can place quotas on computing resources and virtual machines.
I’m going to disagree with myself. After reading through a Exam Ref and looking around, I believe the right answer is:
C: Cloud
http://blogs.technet.com/b/yungchou/archive/2013/04/19/system-center-2012-sp1-explained-creating-private-clouds-and-deploying-services-with-system-center-2012-sp1-virtual-machine-manager.aspx
I am wrong (twice). Workout is right. Host Group (D:) is the right answer.
I tested this in MS Virtual Tech Labs and you can delegate Self-Service User roles against Host Groups and Clouds.
Host Groups are the quick and dirty administrative bucket (like an OU) to delegate permissions to. A Cloud is a more granular collection of VM’s, networking, etc. that make up the cloud.
And since the requirement is to only allow the user to admin the VM’s they create, it seems that a Host Group boundary is what you are looking for.
@Jimilives — Are you sure now ?? !!! 🙂
Agreed. Answer D looks like correct answer
Agreed it’s D
the answer is you need a cloud to delegate permissions to user1 which by the way is an application user. The cloud defines the scope not the host group.
https://technet.microsoft.com/en-us/library/gg696971(v=sc.12).aspx
As of System Center 2012 R2, VMM administrators can use the Create User Role Wizard to configure user roles with a set of permitted actions on a per-cloud basis in addition to the global settings. These settings apply only to the tenant administrator and the self-service user roles. With these settings, the user’s effective permitted actions for a given cloud are the combination of their global permitted actions and cloud permitted actions.
I am thinking Testking King is correct. Cloud
Answer should be D) Host Groups
You can’t configure a cloud until you have either Host Groups or VMware resource pool:
“You can create a private cloud from either of the following sources:
-Host groups that contain resources from Hyper-V hosts, VMware ESX hosts and Citrix XenServer hosts
-A VMware resource pool”
https://technet.microsoft.com/en-us/library/gg610625(v=sc.12).aspx
From https://technet.microsoft.com/en-us/library/gg610625(v=sc.12).aspx
“During private cloud creation, you select the underlying fabric resources that will be available in the private cloud, configure library paths for private cloud users, and set the capacity for the private cloud. Therefore, before you create a private cloud, you should configure the fabric resources, such as storage, networking, library servers and shares, host groups, and hosts”
From https://technet.microsoft.com/en-us/library/gg610645(v=sc.12).aspx
“-You can assign host groups to the Delegated Administrator and the Read-Only Administrator user roles to scope the user roles to specific host groups. Members of these user roles can view and manage the fabric resources that are assigned to them at the host group level.
-You can create a private cloud from resources in host groups. When you create a private cloud, you select which host groups will be part of the private cloud. You can then allocate all or some of the resources from the selected host groups to the private cloud.”
“You can create a private cloud from resources in host groups. When you create a private cloud, you select which host groups will be part of the private cloud. You can then allocate all or some of the resources from the selected host groups to the private cloud.”