Assign the permissions that are required to access monitoring data from the Management NSX Manager and Compute Manager in Region A in vRealize Operations Manager to the operations local service account svc-vrops-nsx.

Ensure that SSH has been enabled on the Management NSX Manager and Compute NSX Manager in Region A.

On a Windows host that has access to you data center, install a REST client, such as the RESTClient add-on for Firefox.

1

Log in to the NSX Manager by using a Secure Shell (SSH) client.

a

Open an SSH connection to the NSX Manager virtual machine.

NSX Manager

Host name

NSX Manager for the management cluster

mgmt01nsxm01.sfo01.rainpole.local

NSX Manager for the shared compute and edge cluster

comp01nsxm01.sfo01.rainpole.local

b

Log in using the following credentials.

Setting

Value

User name

admin

Password

mngnsx_admin_password

compnsx_admin_password

2

Create the local service account svc-vrops-nsx on the NSX Manager instances.

a

Run the following command to switch to Privileged mode of the NSX Manager.

enable
b

Enter the admin password when prompted and press Enter.

c

Switch to Configuration mode.

configure terminal
d

Create the service account svc-vrops-nsx.

user svc-vrops-nsx password plaintext svc-vrops-nsx_password
e

Assign the svc-vrops-nsx user access to NSX Manager from the vSphere Web Client.

user svc-vrops-nsx privilege web-interface

f

Leave the Configuration mode

exit
g

Commit these updates to the NSX Managers:

copy running-config startup-config
3

Assign the security_admin role to the svc-vrops-nsx service account.

a

Log in to the Windows host that has access to your data center.

b

In a Firefox browser, go to chrome://restclient/content/restclient.html

c

From the Authentication drop-down menu, select Basic Authentication

d

In the Basic Authorization dialog box, enter the following credentials, select Remember me and click Okay.

Setting

Value

User name

admin

Password

mngnsx_admin_password

compnsx_admin_password

The Authorization: Basic XXX header appears in the Headers pane.

e

In the Request pane, enter the following header details and click Okay.

Request Header Attribute

Value

Name

Content-Type

Value

Application/xml

The Content-Type:application/xml header appears in the Headers pane.

f

In the Request pane, from the Method drop-down menu, select POST, and in the URL text box, enter the following URL.

NSX Manager

POST URL

NSX Manager for the management cluster

https://mgmt01nsxm01.sfo01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

NSX Manager for the shared edge and compute cluster

https://comp01nsxm01.sfo01.rainpole.local/api/2.0/services/usermgmt/role/svc-vrops-nsx?isCli=true

g

In the Request pane, paste the following request body in the Body text box and click Send.

<accessControlEntry>
  <role>security_admin</role>
  <resource>
    <resourceId>globalroot-0</resourceId>
  </resource>
</accessControlEntry>


The Status changes to 204 No Content.

h

Repeat the step for the other NSX Manager.