Configuring the Hyper-V self-service role

System Center Virtual Machine Manager allows Hyper-V servers to be deployed with a pre-defined set of roles and allows users to deploy their own roles through a self-service portal. Learn how to use the self-service role.

In order to deliver self-service virtual machines, as well as administrative rights, it takes a fair amount of governance and internal policies to be a workable solution. Further, there are a number of licensing and virtualization capacity considerations that go along with self-service provisioning of virtual machines.

In Microsoft's System Center Virtual Machine Manager (SCVMM), the self-service role will allow one or more users to be able to perform a simple list of virtualization functions. The self-service role within SCVMM is part of the Microsoft System Center VMM Self-Service Portal 2.0, which is a component of the Microsoft Private Cloud collection of solutions. The self-service portal, which is used by the self-service role, is a separate install from the SCVMM DVD media (Figure A). Figure A

Click the image to enlarge.
User roles within SCVMM are located in the administrator section, then clicking on User Roles. The default role is the Administrator role with a standard installation. A self-service role can be created here. Figure B shows a self-service role being created for a user named RWVDEV\randall.flagg. Figure B

Click the image to enlarge.
In this configuration, each approved action is being assigned to the user except the ability to remove a virtual machine. The self-service role can also specify which virtual machine templates can be deployed, as well as provide a quota of how many virtual machines can be created. Once the self-service portal is installed and the role is configured, the RWVDEV\randall.flagg user can log on (Figure C). Figure C

Click the image to enlarge.

The portal then allows specified templates to be defined, including in-guest options such as local password, disk size, memory amount, and other factors. The quota is displayed at the bottom to give a visual indication of how many virtual machines are remaining for the self-service role quota.

The self-service portal is a boon for permissions management. In the configuration above, the RWVDEV\randall.flagg user is only a member of the RWVDEV\Domain Users group, so no SCVMM or Hyper-V specific permissions are required. Even better is that the self-service portal can provide users of the self-service role local administrator rights on the Hyper-V virtual machines they create.

If you have used the self-service portal for SCVMM, share your experiences of using the tool.