This Knowledge base article provides information about the minimum permissions required by the VMware vCenter service account necessary for automatically deploying (cloning) Neverfail Engine on the Secondary server.
To configure the minimum permissions for the VMware vCenter service account, follow the procedure below.
1. Using the VMware vSphere Client, log into vCenter Server as an Administrator.
2. Navigate to Home > Roles.
3. Select the Read-only role.
4. Right-click the role and click Clone.
5. Rename the new role. For example, Neverfail Service Account.
6. Right-click the newly cloned role and select Edit Role.
7. Add the following privileges:
Datastore > Allocate Space
Datastore > Browse Datastore
Extension
Network > Assign Network
Resource > Assign Virtual Machine to Resource Pool
Tasks
Virtual Machine > Configuration
Virtual Machine > Interaction > Configure CD Media
Virtual Machine > Interaction > Power On
Virtual Machine > Interaction > Power Off
Virtual Machine > Inventory
Virtual Machine > Provisioning
Virtual Machine > Snapshot Management
8. Map the vCenter service account configured in Engine Management Server (EMS) to the newly created Neverfail Service Account role, at the vCenter Server level.
1. Select the top level for vCenter Server, then click the Permissions tab.
2. Right-click and select Add Permission .
3. Add the vCenter Server EMS user (if not already present) and assign the newly created Neverfail Service Account role.
Note: You may need to bind the role at the host level (in Hosts and Cluster View ) as well as the Datastore permissions tab level (in Datastores & Datastore Clusters ).
9. If vCenter Server User and vCenter Server Converter User configured in EMS are different, map the vCenter Server Converter user account configured in EMS to the newly created Neverfail Service Account role, at the vCenter Server level.
Important: The following step should be performed only if vCenter Server user and vCenter Server Converter user configured in EMS are different.
1. Select the top level for vCenter Server, and then click the Permissions tab.
2. Right-click and select Add Permission.
3. Add the vCenter Server Converter EMS user (if not already present) and assign the newly created Neerfail Service Account role.
Note: You may need to bind the role at the host level (in Hosts and Cluster View ) as well as the Datastore permissions tab level (in Datastores & Datastore Clusters ).