Does anyone know what rights the user logging in with SSH needs on the ESXi host to complete the space reclamation from the VSI?
IHAC that doesn't like SSH being enabled, but will do it and will lock it down for a specific user, but they want that user the have the minimum rights possible on the host to be able to accomplish space reclamation.
Running space reclaim currently requires root access on the ESX host. However, we have been working with the VSI team to request leveraging of API for UNMAP, made available as part of ESX 6, rather than using SSH to launch ESX CLI via root directly, so this will likely come in a not too distant future release.
Are you serious? Root access for unmap? Is this documented anywhere? I haven't even seen that SSH needs to be enabled documented anywhere for VSI to work with unmap, but it obviously does.
If you don't like leaving SSH enabled, you can always just put the unmap command into cron on the ESXi server and have it run it for you. This will still need ssh enabled to configure it, but once it's setup you can disable it.
The catch is that you'll need to manually do this on each server - but at least once it's setup it basically set-and-forget.
If it's done through PowerCLI the user just needs the Host.Config.Storage permission. I'm just trying to find what the minimum permissions are for the VSI to work.
The advantage of using the VSI is you can just schedule it on a folder, then put new datastores in that folder, so it makes it a little easier for customers to do instead of having to go manually edit a cron job.