Jan
15

Prism Central with Self Service Portal – Cheat Notes

The Prism Self Service feature represents a special view within Prism Central. While Prism Central enables infrastructure management across clusters, Prism Self Service allows end-users to consume that infrastructure in a self-service manner. Prism Self Service uses the resources provided by a single AHV cluster. (ESXi and Hyper-V are not supported platforms for Prism Self Service.)

    Nutanix recommends using the Chrome or Firefox browsers to deploy or install Prism Central (PC). Nutanix support has a KB if IE is the only allowed browser.
    In Prism Central 5.5, users that are part of nested groups cannot log on to the Prism Central web console.
    Always upgrade PC before Prism Element(your clusters)
    Want longer retention, go with a bigger PC instance due to the larger disk size.
    Prism Central and its managed clusters are not supported in environments deploying Network Address Translation (NAT).
    Best Practice to keep NNC on all managed cluster the same
    As of Prism Central 5.5, only User Principal Name (UPN) credentials are accepted for logon. the admin user must log on and specify a service account for the directory service in the Authentication Configuration dialog box before authentication for other users can start working.
    Name servers are computers that host a network service for providing responses to queries against a directory service, such as a DNS server. Changes in name server configuration may take up to 5 minutes to take effect. Functions that rely on DNS may not work properly during this time. If Prism Central is running on Hyper-V, you must specific the IP address of the Active Directory Domain Controller server, not the hostname. Do not use DNS hostnames or external NTP servers.
    Three primary roles when configuring Prism Self Service

      Prism Central administrator
      Self-service administrator
      Project user

    Prism Central administrator. The Prism Central administrator enables Prism Self Service and creates one or more self-service administrators. Prism Central administrators also create VMs, images, and network configurations that may be consumed by self-service users.

    Self-service administrator. The self-service administrator performs the following tasks:
    Creates a project for each team that needs self-service and adds Active Directory users and groups to the projects.
    Configures roles for project members.
    Publishes VM templates and images to the catalog.
    Monitors resource usage by various projects and its VMs and members, and then adjusts resource quotas as necessary.
    A Prism Central administrator can also perform any of theses tasks, but they are normally delegated to a self-service administrator.
    Self-service administrators have full access to all VMs running on the Nutanix cluster, including infrastructure VMs not tied to a project. Self-service administrators can assign infrastructure VMs to project members, add them to the catalog, and delete them even if they do not have administrative access to Prism Central.


Setting Up AD with SSP

    Users with the “User must change password at next logon” attribute enabled will not be able to authenticate to Prism Central. Ensure users with this attribute first login to a domain workstation and change their password prior to accessing Prism Central. Also, if SSL is enabled on the Active Directory server, make sure that Nutanix has access to that port (open in firewall).
    Port 389 (LDAP). Use this port number (in the following URL form) when the configuration is single domain, single forest, and not using SSL.
    ldap://ad_server.mycompany.com:389
    Port 636 (LDAPS). Use this port number (in the following URL form) when the configuration is single domain, single forest, and using SSL. This requires all Active Directory Domain Controllers have properly installed SSL certificates.
    ldaps://ad_server.mycompany.com:636
    Port 3268 (LDAP – GC). Use this port number when the configuration is multiple domain, single forest, and not using SSL.
    Port 3269 (LDAPS – GC). Use this port number when the configuration is multiple domain, single forest, and using SSL.
    With in a project:Allow collaboration: Check the box to allow any group member to see the VMs, applications, and other objects created by other members of the group. If this box is not checked, group members can see only the objects they create. The role assigned a group member determines the permissions that user has on objects created by other group members.
    Role Mapping – Prism matches AD group name using case sensitive checks, so if the group name defined under the role mapping in Prism has difference in the upper/lower characters than how it is defined in the AD, Prism will fail to perform the name mapping for the group.

    Ensure also that the customer is adding the “@domain_name” to the username when he is logging to PRISM central.

Comments

  1. the username attirbute with Self-Service Portal is case sensative, so it is important to note that.

Trackbacks

  1. […] via Prism Central with Self Service Portal – Cheat Notes — IT BLOOD PRESSURE […]

Speak Your Mind

*