Highlighted
rob_steele
3 Argentium

Avamar 5SP3 and vCenter 4.1 Security

Jump to solution

I am looking for the permissions required for backing up image level backups in vCenter using Avamar but I did not see what the minimal security requirements are for the avamar user account we are using in vcenter.

Currently it is working with administrator rights, but we want to lock down the account to just what it needs. Does anyone have any insight into this or know of any good docs that outline the image level backup process including required secuirty rights ?

All the VMware Installation guide offers is this about creating the account:

Task 2: Create Dedicated vCenter User Account
EMC strongly recommends that you set up a separate vCenter user account that is strictly dedicated for use with Avamar. Use of a generic user account such as "Administrator" might hamper future troubleshooting efforts because it might not be clear which "Administrator" actions are actually interfacing or communicating with the Avamar server. Using a separate vCenter user account ensures maximum clarity should it become necessary to examine vCenter logs.

0 Kudos
1 Solution

Accepted Solutions
Silas_Simon
1 Copper

Re: Avamar 5SP3 and vCenter 4.1 Security

Jump to solution

Yes – Please read the Release notes attached.

0 Kudos
4 Replies
Silas_Simon
1 Copper

Re: Avamar 5SP3 and vCenter 4.1 Security

Jump to solution

Hello Rob,

The minimum rights required for VMware backups are :

Datastore >

• Allocate Space

• Browse datastore

• Low level file operations

• Move datastore

• Remove datastoreTOR

• Remove file

• Rename datastore

Folder >

• Create Folder

Global >

• Cancel task

• Log event

• Settings

Network >

• Assign network

• Configure

Resource >

• Assign virtual machine to resource pool

Sessions >

• Validate session

Tasks >

• Create task

• Update task

Virtual machine > Configuration >

• Add existing disk

• Add new disk

• Add or Remove device

• Advanced

• Change CPU count

• Change Resource

• Disk change Tracking

• Disk Lease

• Host USB device

• Memory

• Modify device setting

• Raw device

• Reload from path

• Remove disk

• Rename

• Reset guest information

• Settings

• Swapfile placement

• Upgrade virtual hardware

• Extend Virtual disk

Virtual machine > Interaction >

• Power Off

• Power On

• Reset

Virtual machine > Inventory >

• Create new

• Register

• Remove

• Unregister

Virtual machine > Provisioning >

• Allow read-only disk access

• Allow virtual machine download

• Mark as Template

Virtual machine > State

• Create snapshot

• Remove Snapshot

• Revert to snapshot

Regards,

Silas Simon

0 Kudos
rob_steele
3 Argentium

Re: Avamar 5SP3 and vCenter 4.1 Security

Jump to solution

Thanks Silas ! Do you have an official document outlining this ?

0 Kudos
Silas_Simon
1 Copper

Re: Avamar 5SP3 and vCenter 4.1 Security

Jump to solution

Yes – Please read the Release notes attached.

0 Kudos
rob_steele
3 Argentium

Re: Avamar 5SP3 and vCenter 4.1 Security

Jump to solution

Thanks a bunch !

0 Kudos