Configuring the VMM Library to Support Self-Service Users
Updated: May 13, 2016
Applies To: System Center 2012 SP1 - Virtual Machine Manager, System Center 2012 R2 Virtual Machine Manager, System Center 2012 - Virtual Machine Manager
This topic provides guidance on new methods that are available for sharing resources with self-service users in Virtual Machine Manager (VMM) and describes the self-service user's view of the Library workspace. If you already understand the background information and want detailed steps for configuring the library, see How to Configure the VMM Library to Support Self-Service Users.
To enable self-service users to create their own virtual machines and services and deploy them to private clouds, VMM provides additional ways for administrators to make resources available to self-service users. As of VMM in System Center 2012, self-service users can use the VMM console, and can see their logical and physical resources in the Library workspace. In earlier releases of VMM, self-service users who were assigned the Create action had to use virtual machine templates that were created by an administrator and assigned to their self-service user role to create their virtual machines. Those self-service users had no access to the library. Assigned templates were available only in selection lists.
As of VMM in System Center 2012, self-service users who are assigned the Author action can create their own templates and profiles, and can share their service templates and virtual machine templates with other self-service users. A user data path is provided to the self-service user role to enable those users to upload and share their own resources. Read-only library paths are provided on private clouds to enable the administrator to share resources among all cloud users. Lastly, the design of the Library workspace in VMM has been updated to meet the needs of those self-service users.
Providing Resources for Self-Service Users
Use the following methods to provide resources to self-service users who deploy services and virtual machines in private clouds:
Read-only library shares for private clouds Use the read-only library shares for private clouds to share resources that should be widely available to self-service users who deploy services to a cloud. For example, an administrator might store the Application Frameworks resources that are provided with VMM on a read-only library share for a private cloud so that cloud users can use the resources to sequence and deploy their own applications. For more information about the Application Frameworks resources, see Application Framework Resources in VMM.
Self-service user data paths Configure user data paths on self-service user roles to provide a place where members of a self-service user role can upload and share their own resources. The user data path also is the best place for administrators to store resources that only members of a self-service user role need to use. For example, a user data path might store the application packages for services that a self-service user role deploys. Permissions on the user data path are controlled through the file system. VMM discovers all files that the current self-service user has access to. Access control permissions determine whether the users have Read/Write or Read/only access.
To enable administrators to audit and manage resources on users' data paths, the data paths must be on a library share.
Only self-service users whose user role has the Author action or the Deploy action can actually use these physical resources in VMM. The Author action enables members to create templates and profiles for their own virtual machines and services. The Deploy action enables members to deploy virtual machines by using VHDs as well as virtual machine templates that are assigned to or shared with their user role. For more information, see How to Create a Self-Service User Role in VMM.
Assigned resources To make virtual machine templates and service templates available to the self-service users who will deploy virtual machines and services in a private cloud, assign the templates to the self-service user roles. In addition, self-service users with the Author action can benefit from using standard guest operating system profiles, hardware profiles, application profiles, SQL Server profiles, and virtual machine templates that an administrator provides. Self-service users do not need access to the physical resources that are referenced by templates and by profiles assigned to their self-service user role.
When you create templates for self-service users, be aware of the following changes in VMM:
- In VMM, the concept of a "self-service owner" for a template no longer exists. A template that is to be shared by members of a self-service user role should have no owner assigned. When a template with no owner is assigned to a self-service user role that has the Author, Deploy, or Deploy (Template Only) action assigned to it, all members can use the template. However, when an owner is assigned to the template, only the owner can use the template.
- VMM provides new types of quotas for self-service users' deployed virtual machines. The quota points that are assigned to virtual machine templates in earlier releases of VMM still are supported as "custom quotas." Administrators also can place individual- or role-level quotas on virtual CPU, memory, storage, and the total number of virtual machines deployed in each private cloud that is in the scope of a self-service user role. For more information, see How to Create a Self-Service User Role in VMM.
Shared resources Allow self-service users to share their resources with other self-service users. You can configure self-service user roles to allow the owners of virtual machine templates and service templates to share their resources with other members of their own self-service user role, with another self-service user role, or with an individual member of another self-service user role. For example, members of a Service Developers self-service user role might share their fully tested service templates with a Service Manager self-service user role for deployment into a production environment. The Share action enables a self-service user role to share resources; the Receive action enables a self-service user role to receive resources that are shared by another self-service user role. For more information, see How to Enable Self-Service Users to Share Resources in VMM.
A Self-Service User's View of the VMM Library
The Library workspace provides self-service users with the following capabilities:
Instead of the Library Servers node that administrators see, self-service users see a Cloud Libraries node, which displays physical resources that are available to self-service users through private clouds. The Cloud Libraries node displays a node for each of the private cloud that is in the scope of the self-service user role. Each private cloud node displays physical resources on read-only library shares that have been configured for the private cloud.
Administrators see both the Library Servers node and the Cloud Libraries node. Delegated administrators see only the library servers and cloud libraries that are in the scope of their user roles.
In the Self-Service User Data node, self-service users see physical resources that they have access to on the user data path for their self-service user role. Access control permissions in the file system determine what the users see.
In the Templates and Profiles nodes, self-service users see only templates and profiles that they own, that are assigned to their self-service user roles, or that are shared with them by other self-service users.