Creating a Special Role on an ESX Server and Assigning the Role to a New User to the Server

ESX servers terminate user sessions based on timeout periods. The default timeout period is 30 mins. When you stop an agent, sessions currently in use by the agent will remain open for this timeout period until ESX times out the session. If the agent is restarted within the timeout period, it will open a new set of sessions. If you want the eG agent to close already existing sessions before it opens new sessions, then you would have to configure all the tests with the credentials of an ESX user with permissions to View and Terminate Sessions (from vSphere 4.1, this is called the View and stop sessions permission). To know how to grant this permission to a new ESX user, do the following:

  1. Login to a system on which the VMware Infrastructure Client is installed.
  2. Double-click on the VMware Infrastructure Client icon on your desktop.
  3. A login screen then appears. To connect to the monitored ESX host, select the IP address / Name of the ESX host from the list box, and then provide the login information. To create a new user on an ESX host, you will have to login to the host as a root user. Therefore, provide the User name and Password of the root user in the login screen.
  4. The VMware Infrastructure Client console then opens (see ). This console has a tree-structured listing of VMs and resource pools on the left hand side and a series of tab pages on the right. The topmost node of the tree-structure represents the ESX host, which has the virtual machines (or guests) as its sub-nodes. To create a new user on the ESX host, first click on the Users & Groups tab page in the right panel (see ). The list of existing users on the ESX host is then displayed.

    Figure 1 : The VI Client console - Users & Groups tab page

  5. Next, right-click any where within the Users & Groups tab page to invoke a shortcut menu. Select the Add option from the menu to add a new user (see Figure 2).

    Figure 2 : Selecting the Add option

  6. Doing so opens Figure 3, wherein you need to provide the Login name of the new user, the User Name, and the Password. Confirm the password by retyping it in the Confirm text box, and click the ok button to complete the addition of the new user.

    Figure 3 : Adding a new user

  7. then appears, where you will find the newly added user name displayed.

    Figure 4 : The newly added user name displayed in the list of users to the ESX host

  8. Next, we need to assign a role with the View and Terminate Sessions privilege to this user. For that, we first need to create such a role. To achieve this, click on the Administration icon in the tool bar of Figure 4. Figure 5 then appears listing the roles that pre-exist on the ESX server.

    Figure 5 : The list of roles

  9. To create a new role, right-click anywhere in Figure 5, and pick the Add option from the shortcut menu that appears (see Figure 6).

    Figure 6 : Selecting the Add option to add a new role

  10. In Figure 7 that appears next, enter the name of the new role. Then, expand the Sessions node in the Privileges tree-structure below, and click the check box corresponding to the View and Terminate Sessions node (in an ESX server 3/3.5), or the View and stop sessions node (in vSphere 4.1 or above) (see Figure 8). Click the ok button to save the changes.

    Figure 7 : Creating a new role on an ESX server 3/3.5 with the ‘View and Terminate Sessions’ privilege

    Figure 8 : Creating a new role on vSphere 4.1 (and above) with the ‘View and stop sessions’ privilege

  11. Figure 9 then appears displaying the newly created role.

    Figure 9 : The newly created role appended to the list of roles

  12. Now, proceed to assign this role to the new user we created earlier. For that, click on the Inventory icon indicated by Figure 9, and then click on the Permissions tab page. To add a new permission, right-click anywhere within the Permissions tab page, and choose the Add Permission option (see Figure 10).

    Figure 10 : Figure 2.47: Selecting the Add Permission option

  13. Figure 11 then appears. Click on the Add button in Figure 11.

    Figure 11 : Clicking on the Add button

  14. From the Users and Groups list that then appears, select the user that you just created, and click the Add button therein (see Figure 12).

    Figure 12 : Selecting the user for whom a role is to be assigned.

  15. Upon clicking, the selected user’s name will appear against the Users box, as depicted by Figure 12.
  16. Then, click the ok button in Figure 12. Figure 13 then appears, where you will find the selected user name displayed in the Users and Groups section. To assign the new role you created to this user, select the role name from the Assigned Role list in Figure 13, and click the ok button therein.

    Figure 13 : ssigning the new role to the user

  17. Figure 14 then appears indicating the role assigned to the newly created user.

    Figure 14 : The new user and the role assigned to the user being displayed