Managing Thousands of VMs in Prism Central (AHV-No vCenter)

  • 30 October 2020
  • 2 replies

Greetings all--  I’m curious what larger Nutanix (over 20k VMs) are doing when it comes to VM management.  Let’s say vCenter/VMM are out of the picture and it’s all a native AHV/PrismCentral environment; however, it’s got clusters scattered all over the country with various VM admins needing access to their own cluster’s VMs (not hosts) while the clusters are all still being managed centrally.  Is there a folder/OU type of construct that you can permission out?  How about multiple application owners within the same cluster-- can you give app-owner-x access to just their VMs while app-owner-y only sees/accesses their own VMs?

Really just learning at this point if that kind of scaled out VM management is capable with large AHV/Prism environments?  Thanks for any insights!

2 replies

Badge +1

I connect PC to active directory with LDAPS and use it with Administration -> Project and Roles.

I assign roles to projects and projects to active directory groups and assign the project to VM’s with “manage ownership” on the VM.
You can also go to the Administration → Roles page, select a role and go “Manage Assignment”.

Userlevel 6
Badge +5

Hey osburnm,

First things first, welcome to Nutanix world.

Running native Nutanix hypervisor – AHV implies that you do not have or need vCenter or any other third party management console. vCenter and SCVMM are only necessary when deploying ESXi or Hyper-V respectively.

Security guide AOS 5.18: Controlling User Access (RBAC) - is a place to begin with regards to permissions.

From the guide:
You can specify various user/entity relationships when configuring the role assignment. To illustrate, in the following example the first line assigns the my_custom_role to a single user (ssp_admin) for two VMs (normal_vm and test_andrey). The second line assigns the role to two users (locus1 and locus2) for a single category (4gcC1Z). The third line again assigns the role to the user locus1 but this time for all subnets.

In terms of organizing the environment, PC operates with categories which gives you flexibility to group entities however you like be it geographically, by apps, both by associating with more than one category. This labeling can be done to VMs, images, blueprints, clusters, etc.

More on categories Prism Central Guide: Category Management.

I hope this is helpful.

Let me know if you have further questions, please.