About Self-Service Policies
A self-service policy grants a user or group permissions to create, operate, manage, store, create checkpoints for, and connect to their own virtual machines through the Virtual Machine Manager Self-Service Portal.
The self-service policy is added to a host group. When a self-service user creates or deploys a virtual machine, the virtual machine is automatically placed on the most suitable host that is available in the host group based on host ratings. This process is known as automatic placement. For more information, see About Virtual Machine Placement.
Virtual Machine Permissions
Virtual machine permissions set in the self-service policy determine the actions that a user or group can take on their own virtual machines. The administrator can grant any of the following permissions:
- Create—Allows the user to create new virtual machines by using virtual machine templates that the administrator provides. The administrator can limit the virtual machines that the user can have deployed at one time by setting a virtual machine quota.
- Full Control—Grants all of the following management permissions for virtual machines that the user owns:
- Start Virtual Machine
- Stop Virtual Machine
- Remove Virtual Machine—Allows the user to remove virtual machines, deleting the configuration files.
- Pause and Resume Virtual Machine
- Shutdown Virtual Machine—Allows the user to shut down the operating system on a virtual machine that has Virtual Machine Additions installed.
- Local Administrator on Virtual Machine—Allows the user to set the local administrator password when creating a virtual machine so that the user has administrator rights and permissions on the virtual machine.
- VMRC Access to Virtual Machine—Allows the user to open a session on the virtual machine through the VMM Self-Service Portal.
- Create and Merge Checkpoints on Virtual Machine—Allows the user to create and merge checkpoints and to restore a virtual machine to a previous checkpoint. For more information, see About Virtual Machine Checkpoints.
- Start Virtual Machine
- Store in Library—Allows the user to store virtual machines in the library when they are not in use. Stored virtual machines do not count against the user's virtual machine quota. The user's virtual machines are stored on the library share that is specified in the self-service policy. The user has no knowledge of the physical location of a stored virtual machine.
Applying Quotas to Virtual Machines
For self-service users who are allowed to create their own virtual machines, you can limit the number of virtual machines that the users can deploy at one time by setting a virtual machine quota in the self-service policy.
Virtual machines can vary greatly in the amount of disk space and resources they require. To account for these variations, you can assign a different number of quota points to different virtual machines. This is configured through the templates that self-service users use to create their virtual machines.
The quota points apply only to virtual machines that are deployed on a host. If the users are allowed to store their virtual machines when they are not in use, the virtual machines that are stored do not count against their quota.
If the self-service policy applies to a user account, the quota applies to all deployed virtual machines that the user owns. However, if the self-service policy applies to a group, the quota can be implemented under shared ownership or per user ownership. For more information, see About Virtual Machine Quotas.
Inheritance of Self-Service Policies
By creating child host groups of the host group that you use for virtual machine self-service, you can flexibly adjust a user's capabilities in different contexts.
Self-service policies that are added to a parent host group are in effect in all its child host groups. However, you can add a self-service policy for the same user or group to both a parent host group and its child host group. By adding policies to both parent and child, you can assign the same users different templates, set different virtual machine permissions, and assign a different virtual machine quota on all hosts in the parent host group and on the hosts in the child host group. When the user creates a virtual machine, the user is prompted to select a template from all templates that are assigned to him through all of his self-service policies on all host groups. The user's template selection determines which policy is in effect for the virtual machine.