Planning for Self-Service

  • Article

The Virtual Machine Manager (VMM) Self-Service Portal is an optional, Web-based component that a VMM administrator can configure to enable end users to create and manage their own virtual machines within a controlled environment.

Self-service can be particularly useful in test and development environments where there is a frequent need to provision and teardown virtual machines. These tasks are much easier with virtual machines than with physical computers. VMM enables administrators to delegate these tasks to end users.

The VMM administrator defines self-service policies that determine which templates self-service users can use to create virtual machines, how many virtual machines they can deploy, which hosts their virtual machines can run on, and which actions they can take on their virtual machines.

Some best practices for maintaining a high level of service for self-service users are:

  • Use a phased approach, adding only a few self-service users at a time. After implementing each phase of a self-service rollout, carefully monitor performance of your self-service environment to ensure that it is not diminished by having too many self-service users.
  • Create multiple copies of virtual machine templates and place them on different library servers, and then allow self-services users to create virtual machines from the different templates, which helps distribute the network load.
  • Deploy gigabit Ethernet hardware for the self-service users to get higher performance.
  • Designate one or more hosts, host groups, and library servers for self-service users. This way, if self-service users place a heavy workload on a host, it will not interfere with other virtual machines and their applications running on that host.
  • If you plan to have a large number of virtual machines—in the range of 1,000 to 4,000 virtual machines—dedicated for use by self-service users, you might consider deploying multiple self-service portals or even a separate VMM server for self-service.

Self-Service Policies

A self-service policy grants a user or group permissions to create, manage, and connect to virtual machines through the Virtual Machine Manager Self-Service Portal. Self-service policies are added as properties of a host group.

A self-service policy enables you to:

  • Specify which templates users can use to create virtual machines.
  • Limit the number of virtual machines that users can deploy at one time by setting a virtual machine quota.
  • Specify virtual machine permissions that control which actions users can take on virtual machines, including:
    • Starting, stopping, pausing and resuming.
    • Shutting down and removing.
    • Having local administrator rights.
    • Having VMRC access.
    • Creating and merging checkpoints.
  • Allow users to store virtual machines in the library and to specify the library path.

For more information about self-service policies, see the "About Self-Service Policies" topic in VMM Help (https://go.microsoft.com/fwlink/?LinkId=103628).

Self-Service Security

VMM uses Virtual Machine Remote Control (VMRC) to control virtual machines. By default, VMRC connections are not encrypted. It is a best practice to use Secure Sockets Layer (SSL) to encrypt communications over the VMRC connection by uploading a certificate from an appropriate internal or third-party certification authority. For more information about how to encrypt a VMRC connection, see the "How to Modify Virtual Machine Remote Control (VMRC) Settings on a Host" topic in VMM Help (https://go.microsoft.com/fwlink/?LinkId=102194).

Note

If you use SSL for VMRC connections and register your own CA-signed certificate, instruct users to accept the certificate when prompted to encrypt their VMRC sessions. If you do not use SSL for VMRC connections, self-service users receive a message that the channel is not secure each time they connect to a virtual machine.

Self-service users might be asked for credentials when connecting to virtual machines. This is because the self-service Web page uses Internet Explorer, which interprets a virtual machine host to be an external Internet resource. To avoid being asked for credentials, have the user add the host name to the Local intranet sites in the Security settings of Internet Options for Internet Explorer.

See Also

Concepts

Planning for Host Groups
Planning for VMM Components and Features
Planning for VMM Deployment
Introducing Virtual Machine Manager