I wrote a post entitled Controlling vCenter Permissions for vCenter Operations Manager (vCOps) around a year ago to help administrators understand the process of “hiding” specific resources from various departments or user tiers who use vCOps. I typically use this masking process to narrow down the list of objects presented to a user and make their life easier, especially application owners who simply want to see a dashboard of their applications (instead of all 79 billion of them).
A colleague of mine was asking about using this process, or something similar, to control licensing consumption. This can be accomplished by masking off what vCOps sees with the Collector account, a special user account that is optionally used by vCOps to perform data collection when you do not desire to use the Registration user for data collection.
Fellow VCDX Tim Curless pointed out that the Collector account can be given vSphere read-only permissions at the Data Center, Cluster, or Host level to control licensing consumption. And, according to KB article 1036195, there is no further granularity offered or recommended.
However, I’ve found that giving (or revoking) the Collector account permission to view other objects will function with some interesting caveats. Depending on how much effort you wish to expend to control licensing consumption, this may be a method (although unsupported) for you to further stretch your vCOps licensing.
Configuring the Collector Account
The Collector account is configured within the vCOps administrative interface, which is found at https://vcops_ip/admin as shown below during the initial setup of the appliance:
If you’re beyond the initial setup, log into the vCOps administrative interface, navigate to the Registration tab, and use the Update button on each vCenter instance where you wish to add or modify the Collection account as shown here:
Typical Licensing Control Methods
Let’s start by reviewing two ways that you would typically reveal your virtual infrastructure to vCOPs.
Adding an Empty Cluster
To begin, I’ve given my Collector account, bobsponge, read-only access to an empty cluster named vLab that has no hosts or virtual machines. If we look at the vCOps dashboard and drill down to members of the “World” object, there are only a few: the vLab Cluster (item 1), along with the Home Lab Data Center that it lives inside (item 2), and the Wahl Network vCenter Server (item 3). There’s also a Test App I created in VMware Infrastructure Navigator (VIN), but bobsponge has no access to the members, and so it appears empty:
At this point there are no VMs being monitored, and as such my licensing count is at zero. I thought it worthy to go through this exercise to first understand what shows up when you allow the Collector account to see a cluster. For folks building a net-new environment, this would be the process and results you should expect.
Adding a Cluster with Virtual Machines
Next, I’ll give bobsponge read-only access to a vSphere cluster that contains 3 virtual machines. This cluster is called AMP, which is a term I borrowed from VCE that means Advanced Management Pod. This is my management cluster that contains all of my critical management virtual machines: a Domain Controller (item 1), SQL Server (item 2), and vCenter Server (item 3). After a few minutes, vCOps has collected data on the newly found objects as shown here:
My licensing usage count bumps up to 3 which, again, makes complete logical sense and further proves how vCOps licensing works:
[symple_box color=”yellow” text_align=”left” width=”100%” float=”none”]
Note: Although the license type is vCOps Suite Advanced 5.6, I am using vCOps 5.8
I could have also just licensed the entire Data Center or all of vCenter, but that would have consumed licenses in my other vSphere clusters and I’m trying to avoid that. Now that I’ve shown you the typical licensing methods, let’s move on to page 2, which features more creative methods.