Nutanix lock a VM | Nutanix Community
Skip to main content
Solved

Nutanix lock a VM

  • January 25, 2021
  • 3 replies
  • 172 views

Good afternoon, all!

I’m setting up a new PKI infrastructure in a Nutanix cluster and I want to shut down the root CA for safekeeping. Is there a way to add some safeguards so that the VM can’t be started inadvertently?

Best answer by Alona

RBAC on PC with Role Assignment would allow you to that. You’d need an authentication server LDAP or AD configured. If designed properly, RBAC should not need much change.

You’d have a role that allows for that VM to be powered on AND other roles do not have power on permissions extending to that VM. Remember that cluster admin can do everything.

Security Guide: Controlling User Access (RBAC)

View original
Did this topic help you find an answer to your question?
This topic has been closed for comments

3 replies

Alona
Nutanix Employee
Forum|alt.badge.img+5
  • Nutanix Employee
  • 432 replies
  • January 27, 2021

Hi @Gregg_ITX 

Something like restricted permissions to start the VM limited to a few users only?


  • Author
  • Voyager
  • 1 reply
  • January 27, 2021

Hi @Alona 

Precisely!  That way only the Initiated can start the VM.

 


Alona
Nutanix Employee
Forum|alt.badge.img+5
  • Nutanix Employee
  • 432 replies
  • Answer
  • January 28, 2021

RBAC on PC with Role Assignment would allow you to that. You’d need an authentication server LDAP or AD configured. If designed properly, RBAC should not need much change.

You’d have a role that allows for that VM to be powered on AND other roles do not have power on permissions extending to that VM. Remember that cluster admin can do everything.

Security Guide: Controlling User Access (RBAC)