Wednesday 25 July 2012

Exalogic Virtual Tea Break Snippets - Creating Cloud Users

Creating Cloud Users and Administrators will be one of the first tasks when setting up a new Exalogic 2.1 environment. We will step through the simple process of creating users and describe a few key user types. Initially we will need to login as either the root user or the exl-admin user, that is a user with the User Admin Role.

Before adding users to the Exalogic 2.1 environment they must exist as either local users on the physical machine running the Exalogic Control Virtual Server or existing within an appropriate repository, LDAP etc, used by the machine for authentication. This is required because Enterprise Manager Ops Centre 12c (EMOC) does not store any account authorisation information instead this is left tot he underlying OS. It is assumed within this blog that this has been done.


To create a user simply open the "Administration" Accordion (Drawer), expand the Enterprise Controller then select "Local Users. This will present you with the following

User Administration
You can see from the image that we have 3 options for Adding a user and selection of any of these will display the following Dialog.

Add User
As mentioned earlier the User Name must match that of an OS based account to provide the authentication but we will need to specify the  EMOC account Roles and these will defined what functionality the new user can access.

Cloud Administrator

Cloud AdminThis user type can be created by adding the "Cloud Admin" to the selected roles, when creating a user, and will provide access to the Management functionality below vDC Management thus allowing for the creation of new accounts and resources. It should be noted that a Cloud Administrator can administer all user accounts within the system.

Cloud User

Cloud UserThe Cloud User is allowed to simply access the vDC accounts that they have been given access to by a Cloud Administrator. For each of the accounts they will be able to:

  • Create Private vNets
  • Create vServers
  • Manage vServer Life Cycle
  • ManageVolumes
  • Create Distribution Groups
  • Upload Templates 
In general their will be many Users to limited Administrators.

Network Administrator

Network AdminThe Network Administrator will be used to create additional EoIB networks to be used by the Virtual Servers to access the external network. Although by default the installation of Exalogic 2.1 will provide a small EoIB management network this is not intended to be used for external access from within Virtual Servers. Instead 1 or more VLAN Tagged networks should be created prior to building the Virtual Server infrastructure.


Role Permissions

Roles


2 comments:

  1. Hello, in my Exalogic server when I tried to add a new account (we just have the root and admin account) I got the error "10229".
    Says to me "Specified user name TEST does not match a system account. (10229)"
    Any ideas?
    Regards

    ReplyDelete
  2. The account TEST needs to be created as a unix user on the EC vm before it can be added to EMOC.

    ReplyDelete