From dd3e20ad3af0991b930bbd50756526b15f557503 Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Wed, 22 Jan 2025 18:44:14 +0100 Subject: [PATCH 1/6] Add vTPM privileges and option --- .../proc_adding-vmware-details-to-a-compute-profile.adoc | 1 + guides/common/modules/proc_creating-a-vmware-user.adoc | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc index 91cd2fd065d..fe98793229e 100644 --- a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc +++ b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc @@ -28,6 +28,7 @@ By default, this is set to _automatic_. . From the *SCSI controller* list, select the disk access method for the host. . If you want to use eager zero thick provisioning, select the *Eager zero* checkbox. By default, the disk uses lazy zero thick provisioning. +. Select *Virtual TPM* if you want to add a Virtual Trusted Platform Module for enhanced security. . From the *Network Interfaces* list, select the network parameters for the host's network interface. At least one interface must point to a {SmartProxy}-managed network. . Optional: Click *Add Interface* to create another network interfaces. diff --git a/guides/common/modules/proc_creating-a-vmware-user.adoc b/guides/common/modules/proc_creating-a-vmware-user.adoc index cf28e8b8e69..ce4ec37c8f7 100644 --- a/guides/common/modules/proc_creating-a-vmware-user.adoc +++ b/guides/common/modules/proc_creating-a-vmware-user.adoc @@ -3,9 +3,7 @@ The VMware vSphere server requires an administration-like user for {ProjectServer} communication. For security reasons, do not use the `administrator` user for such communication. -Instead, create a user with the following permissions: - -For VMware vCenter Server version 8.0 or 7.0, set the following permissions: +Instead, create a user with the following privileges: * All Privileges -> Datastore -> Allocate Space, Browse datastore, Update Virtual Machine files, Low level file operations * All Privileges -> Network -> Assign Network @@ -15,3 +13,8 @@ For VMware vCenter Server version 8.0 or 7.0, set the following permissions: * All Privileges -> Virtual Machine -> Edit Inventory (All) * All Privileges -> Virtual Machine -> Provisioning (All) * All Privileges -> Virtual Machine -> Guest Operations (All) + +Additionally, if you want to create virtual machines with a Virtual Trusted Platform Module (TPM) for enhanced security, set the following privileges: + +* All Privileges -> Cryptographic operations -> Clone, Encrypt, Encrypt new, Migrate, Register VM +* All Privileges -> Cryptographic operations -> Direct Access {endash} required to open a console session From e13e04c0ea07beaa10343adee62e4afcd71345dc Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Wed, 22 Jan 2025 18:44:38 +0100 Subject: [PATCH 2/6] Update firmware option --- .../proc_adding-vmware-details-to-a-compute-profile.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc index fe98793229e..866760f9f23 100644 --- a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc +++ b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc @@ -12,8 +12,7 @@ To use the CLI instead of the {ProjectWebUI}, see the xref:cli-Adding_VMware_Det . In the *CPUs* field, enter the number of CPUs to allocate to the host. . In the *Cores per socket* field, enter the number of cores to allocate to each CPU. . In the *Memory* field, enter the amount of memory in MiB to allocate to the host. -. In the *Firmware* checkbox, select either _BIOS_ or _UEFI_ as firmware for the host. -By default, this is set to _automatic_. +. In the *Firmware* field, select the firmware type for the host. . In the *Cluster* list, select the name of the target host cluster on the VMware environment. . From the *Resource pool* list, select an available resource allocations for the host. . In the *Folder* list, select the folder to organize the host. From e493afd0875b991b0ee985b116bca2b7aeb08f2b Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Wed, 22 Jan 2025 18:44:57 +0100 Subject: [PATCH 3/6] Update example compute attributes --- .../proc_adding-vmware-details-to-a-compute-profile.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc index 866760f9f23..b8984ae17bc 100644 --- a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc +++ b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc @@ -46,7 +46,7 @@ $ hammer compute-profile create --name "_My_Compute_Profile_" [options="nowrap" subs="+quotes"] ---- $ hammer compute-profile values create \ ---compute-attributes "cpus=1,corespersocket=2,memory_mb=1024,cluster=MyCluster,path=MyVMs,start=true" \ +--compute-attributes "cpus=1,corespersocket=2,memory_mb=1024,firmware=uefi_secure_boot,cluster=MyCluster,path=MyVMs,virtual_tpm=true,start=true" \ --compute-profile "_My_Compute_Profile_" \ --compute-resource "_My_VMware_" \ --interface "compute_type=VirtualE1000,compute_network=mynetwork \ From 99135b58bd2c0a477ed55ad40098793e107cd821 Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Tue, 28 Jan 2025 12:53:24 +0100 Subject: [PATCH 4/6] Incorporate suggestions from review --- .../proc_adding-vmware-details-to-a-compute-profile.adoc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc index b8984ae17bc..b0cacc8a646 100644 --- a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc +++ b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc @@ -13,6 +13,7 @@ To use the CLI instead of the {ProjectWebUI}, see the xref:cli-Adding_VMware_Det . In the *Cores per socket* field, enter the number of cores to allocate to each CPU. . In the *Memory* field, enter the amount of memory in MiB to allocate to the host. . In the *Firmware* field, select the firmware type for the host. +By default, this is set to *automatic*. . In the *Cluster* list, select the name of the target host cluster on the VMware environment. . From the *Resource pool* list, select an available resource allocations for the host. . In the *Folder* list, select the folder to organize the host. @@ -27,7 +28,8 @@ To use the CLI instead of the {ProjectWebUI}, see the xref:cli-Adding_VMware_Det . From the *SCSI controller* list, select the disk access method for the host. . If you want to use eager zero thick provisioning, select the *Eager zero* checkbox. By default, the disk uses lazy zero thick provisioning. -. Select *Virtual TPM* if you want to add a Virtual Trusted Platform Module for enhanced security. +. Optional: Select *Virtual TPM* if you want to add a Virtual Trusted Platform Module for enhanced security. +This is compatible with UEFI firmware only. . From the *Network Interfaces* list, select the network parameters for the host's network interface. At least one interface must point to a {SmartProxy}-managed network. . Optional: Click *Add Interface* to create another network interfaces. @@ -46,7 +48,7 @@ $ hammer compute-profile create --name "_My_Compute_Profile_" [options="nowrap" subs="+quotes"] ---- $ hammer compute-profile values create \ ---compute-attributes "cpus=1,corespersocket=2,memory_mb=1024,firmware=uefi_secure_boot,cluster=MyCluster,path=MyVMs,virtual_tpm=true,start=true" \ +--compute-attributes "cpus=1,corespersocket=2,memory_mb=1024,cluster=MyCluster,path=MyVMs,virtual_tpm=true,start=true" \ --compute-profile "_My_Compute_Profile_" \ --compute-resource "_My_VMware_" \ --interface "compute_type=VirtualE1000,compute_network=mynetwork \ From 61ae6551abcf36e4f3e40dfcedcfce937ec70ad6 Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Wed, 29 Jan 2025 14:56:34 +0100 Subject: [PATCH 5/6] Keep vCenter versions --- guides/common/modules/proc_creating-a-vmware-user.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/guides/common/modules/proc_creating-a-vmware-user.adoc b/guides/common/modules/proc_creating-a-vmware-user.adoc index ce4ec37c8f7..82e72f69596 100644 --- a/guides/common/modules/proc_creating-a-vmware-user.adoc +++ b/guides/common/modules/proc_creating-a-vmware-user.adoc @@ -3,7 +3,9 @@ The VMware vSphere server requires an administration-like user for {ProjectServer} communication. For security reasons, do not use the `administrator` user for such communication. -Instead, create a user with the following privileges: +Instead, create a user with the required privileges. + +In VMware vCenter Server version 8.0 or 7.0, set the following privileges: * All Privileges -> Datastore -> Allocate Space, Browse datastore, Update Virtual Machine files, Low level file operations * All Privileges -> Network -> Assign Network From 94f42d19f28693ac89a94d3fc117dd5dabfec788 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lena=20Ansorgov=C3=A1?= Date: Tue, 4 Feb 2025 14:47:04 +0100 Subject: [PATCH 6/6] Fix capitalization Co-authored-by: Maximilian Kolb --- .../proc_adding-vmware-details-to-a-compute-profile.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc index b0cacc8a646..89825fca55f 100644 --- a/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc +++ b/guides/common/modules/proc_adding-vmware-details-to-a-compute-profile.adoc @@ -13,7 +13,7 @@ To use the CLI instead of the {ProjectWebUI}, see the xref:cli-Adding_VMware_Det . In the *Cores per socket* field, enter the number of cores to allocate to each CPU. . In the *Memory* field, enter the amount of memory in MiB to allocate to the host. . In the *Firmware* field, select the firmware type for the host. -By default, this is set to *automatic*. +By default, this is set to *Automatic*. . In the *Cluster* list, select the name of the target host cluster on the VMware environment. . From the *Resource pool* list, select an available resource allocations for the host. . In the *Folder* list, select the folder to organize the host.