You need to configure the environment

A company has data centers in Seattle and New York. A high-speed link connects the data centers.
Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V
Server 2012 R2. Administrative users from the Seattle and New York offices are members of Active
Directory Domain Services groups named SeattleAdmins and NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center. You
create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data
centers, respectively.
You have the following requirements:
Administrators from each data center must be able to manage the virtual machines and services
from their location by using a web portal.
Administrators must not apply new resource quotas or change resource quotas.
You must manage public clouds by using the existing SCVMM server.
You must use the minimum permissions required to perform the administrative tasks.
You need to configure the environment.
What should you do?

A company has data centers in Seattle and New York. A high-speed link connects the data centers.
Each data center runs a virtualization infrastructure that uses Hyper-V Server 2012 and Hyper-V
Server 2012 R2. Administrative users from the Seattle and New York offices are members of Active
Directory Domain Services groups named SeattleAdmins and NewYorkAdmins, respectively.
You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center. You
create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data
centers, respectively.
You have the following requirements:
Administrators from each data center must be able to manage the virtual machines and services
from their location by using a web portal.
Administrators must not apply new resource quotas or change resource quotas.
You must manage public clouds by using the existing SCVMM server.
You must use the minimum permissions required to perform the administrative tasks.
You need to configure the environment.
What should you do?

A.
For both the Seattle and New York admin groups, create a User Role and assign it to the
Application Administrator profile. Add the Seattle and New York private clouds to the corresponding
User Role.

B.
For both the Seattle and New York admin groups, create a User Role and assign it to the Delegated
Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

C.
For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant
Administrator profile. Add the Seattle and New York private clouds to the corresponding User Role.

D.
Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V
host in Seattle and New York, respectively.

Show Hint

Leave a Reply 27

Your email address will not be published. Required fields are marked *

dickie

dickie

I would say A, not B. I’m pretty sure Delegated Administrators CAN apply and change resource quotas. Comments anyone?

Reply

Whoa

Whoa

Agreed with B:

“Fabric Administrator (Delegated Administrator)
Members of the Delegated Administrator user role can perform all administrative tasks within their assigned host groups, clouds, and library servers, except for adding XenServer and adding WSUS servers. Delegated Administrators cannot modify VMM settings, and cannot add or remove members of the Administrators user role.”

Fabric Administrators can manage VMs and Clouds as indicated above. They can NOT place quotas, Tenant Administrators can manage quotas.

Reply

Monkeh

Monkeh

I have been wondering about this myself and despite originally thinking you were right I am not sure you are right dickie

https://technet.microsoft.com/en-us/library/dd548291.aspx

From the above:

Role Types in VMM

The following user role types, based on profiles of the same name, are defined for VMM:

Delegated Administrator role—Members of a role based on the Delegated Administrator profile have full VMM administrator rights, with a few exceptions, on all objects in the scope defined by the host groups and library that are assigned to the role. A delegated administrator cannot modify VMM settings or add or remove members of the Administrator role.

Self-Service User role—Members of a role based on the Self-Service User profile can manage their own virtual machines within a restricted environment. Self-service users use the VMM Self-Service Web Portal to manage their virtual machines. The portal provides a simplified view of only the virtual machines that the user owns and the operations that the user is allowed to perform on them. A self-service user role specifies the operations that members can perform on their own virtual machines (these can include creating virtual machines) and the templates and ISO image files that they can use to create virtual machines. The user role also can place a quota on the virtual machines that a user can deploy at any one time. Self-service users’ virtual machines are deployed transparently on the most suitable host in the host group that is assigned to the user role.

From the above it looks like an SSU can change quotas where nothing is mentioned about quotas in the DA role description

Any other thoughts dickie (or anyone else)?

Reply

dickie

dickie

Hmm I see your point. I guess it boils down to whether a delegated admin can make resource or quota changes. Also, the question mentions ‘using a web portal’ which doesn’t seem to be a feature of the delegated admin.
See https://technet.microsoft.com/en-us/library/gg696971.aspx
More thoughts welcome 🙂

Reply

MM

MM

Good point about the web portal. I must admit when I first saw this my gut instinct was A but having seen what I posted above about SSU being able to change quotas I am not not so sure.

dickie, if you are the same person I have seen comment somehwere else on the Internet 😉 I believe congratulations are in order? 🙂

Reply

dickie

dickie

Yeah thanks MM, so pleased to get this one out of the way. Just got past the 700. This question didn’t come up luckily!

Reply

Peter

Peter

The source above is slightly outdated. It talks about VMM 2008.
According to the Official Ref Guide 70-414, Page 118
Delegated Administrator can perform all administrative tasks.
Tenant Administrator can create quotas on resources and VMs.
Application Administrator A self-service user can create and manage his/her own machines and services only.
Bottom line: must not apply quotas, minimize permissions required to manage its systems. The answer A. Application Administrator.

Reply

JamesL

JamesL

Agree with dickie and Peter

A makes sense to me

D doesn’t make any sense
C does not minimise permissions (As per the link posted by dickie above)
B does not minimise permissions (As per the link posted by dickie above)

Reply

FSM

FSM

B is the right answer. Application Administrators (SCVMM2012) a.k.a. Self-Service Users (SCVMM2008) can place quotas on computing resources and virtual machines. This is described in the ‘Create User Role Wizard” in SCVMM2012, so A can’t be the answer because you don’t meet the requirement “Administrators must not apply new resource quotas or change resource quotas.” Tenant Administrators can also place quotas on computing resources and virtual machines. So the right answer should be B.

Reply

Google

Google

Sites of interest we’ve a link to.

Reply

Google

Google

Every as soon as in a even though we select blogs that we read. Listed beneath are the most up-to-date web-sites that we select.

Reply

Google

Google

Sites of interest we have a link to.

Reply

Wylana

Wylana

Its to bad that the question doesn’t mention which version of SCCM is being used.

Because in the link that eric provided, at the bottem it says:

“As of System Center 2012 R2, VMM administrators can use the Create User Role Wizard to configure user roles with a set of permitted actions on a per-cloud basis in addition to the global settings. These settings apply only to the tenant administrator and the self-service user roles. With these settings, the user’s effective permitted actions for a given cloud are the combination of their global permitted actions and cloud permitted actions.”

This indicates that you can change the permissions of the Tenant Admin and Application Admin roles and so deny permissions to change quota’s.

Since it doesn’t mention the version, I would place my bet on answer A: Application Administrator aka Self Service User.

Reply

how to make an app for free

how to make an app for free

Every when inside a whilst we pick blogs that we read. Listed below are the newest internet sites that we opt for

Reply

Turen

Turen

one of our visitors lately advised the following website

Reply

Adoption Laws

Adoption Laws

Here is a great Blog You might Obtain Exciting that we Encourage You

Reply

fanuc

fanuc

The info talked about inside the article are a few of the most beneficial out there

Reply

pullulan

pullulan

Sites of interest we have a link to

Reply

プラセンタ

プラセンタ

we came across a cool web site which you may appreciate. Take a appear should you want

Reply

laptop

laptop

below youll obtain the link to some websites that we feel you’ll want to visit

Reply

phone case wood

phone case wood

just beneath, are quite a few totally not related web pages to ours, on the other hand, they are surely worth going over

Reply

LG

LG

one of our guests not too long ago advised the following website

Reply

Diy Home Energy System Review

Diy Home Energy System Review

Wonderful story, reckoned we could combine a couple of unrelated information, nevertheless truly worth taking a appear, whoa did a single discover about Mid East has got extra problerms also

Reply

Reginaldo

Reginaldo

It makes a lab. “quotas” is available only “Self-service User” and “Tenant Administrator” profiles. For others profiles this options not is available.

B is right

Reply

RC1

RC1

However, a Delegated Administrator does not have access to use a web portal. An Application Administrator can.

Reply