When you are using VMWare ESX as Hypervisor you need to configure some setting on the Desktop Delivery Controller and on the VCenter server before you can add the VMWare vCenter host to the XenDesktop environment. First you need to create a user or a role where you can add multiple users in the vCenter environment. In the following steps I explain how to create a Role with all the necessary right.
Create Security Role vCenter
Based on the following Article: Using VMware with XenDesktop provided by Citrix, I create a new role which I will name XenDesktop. Then I added the appropriate settings as described in the following table:
Datastore > Allocate space
Datastore > Browse datastore
Datastore > Low level file operations
Network > Assign network
Resource > Assign virtual machine to resource pool
Tasks > Create task
Virtual machine > Configuration > Add or remove device
Virtual machine > Configuration > Add existing disk
Virtual machine > Configuration > Add new disk
Virtual machine > Configuration > Change CPU Count
Virtual machine > Configuration > Memory
Virtual machine > Configuration > Remove disk
Virtual machine > Configuration > Change resource
Virtual machine > Interaction > Power Off
Virtual machine > Interaction > Power On
Virtual machine > Interaction > Reset
Virtual machine > Interaction > Suspend
Virtual machine > Inventory > Create new
Virtual machine > Inventory > Create from existing
Virtual machine > Inventory > Remove
Virtual machine > Inventory > Register
Virtual machine > Provisioning > Clone virtual machine
Virtual machine > Provisioning > Allow disk access
Virtual machine > Provisioning > Allow virtual machine download
Virtual machine > Provisioning > Allow virtual machine files upload
Virtual machine > Provisioning > Deploy template
Virtual machine > Provisioning > Mark as virtual machine
Virtual machine > State > Create snapshot
Virtual machine > State > Remove snapshot
Virtual machine > State > Revert to snapshot
All the above settings are applied in the “Add New Role” screen as you can see below. I didn’t add all screenshot because that’s too much.
If you want XenDesktop to tag VMs you create, the user account must also have the following permissions:
Global > Manage custom attributes
Global > Set custom attribute
After I applied the settings I need to add a User to vCenter and give the user the XenDesktop Role. When logged in to vCenter go to the Datacenter and the go to permissions and add the user, then select the XenDesktop role and click OK.
Now the configured user has the rights to perform the necessary processes with in vCenter. But before we now can add the vCenter host to the Desktop Delivery Controller we need to install the certificate of the vCenter environment on the Desktop Delivery Controller server. To accomplish that we logon to the Desktop Delivery Server and open a browser and goto the following address:
[update] first add the address to the trusted sites within IE. When you don’t you can’t install the certificate.
You will receive a certificate error but select continue and then select the certificate and install it into the following Certificate store: Trusted People\Local Computer.
Now you can add the vCenter host to the Desktop Delivery Controller without receiving errors.