Citrix Systems 5.6 specs

How does XenServer compute the roles for the session?

1.The subject is authenticated via the Active Directory server to verify which containing groups the subject may also belong to.

2.XenServer then verifies which roles have been assigned both to the subject, and to its containing groups.

3.As subjects can be members of multiple Active Directory groups, they will inherit all of the permissions of the associated roles.

In this illustration, since Subject 2 (Group 2) is the Pool Operator and User 1 is a member

of Group 2, when Subject 3 (User 1) tries to log in, he or she inherits both Subject 3 (VM Operator) and Group 2 (Pool Operator) roles. Since the Pool Operator role is higher, the resulting role for Subject 3 (User 1) is Pool Operator and not VM Operator.

18

Image 38

Citrix Systems 5.6 manual How does XenServer compute the roles for the session?

Contents

Citrix XenServer 5.6 Administrators Guide Trademarks Table of Contents Managing users Storage ISO NFS VHD Configuring VM memory Viii Workload Balancing Page Page Backup and recovery 123 Monitoring and managing XenServer 136 Xiv Page Xvi Xvii Xviii Xix Index 214 Document Overview How this Guide relates to other documentation Authenticating users using Active Directory AD Managing users Configuring Active Directory authentication Upgrading from XenServer Enabling external authentication on a pool Allowing a user access to XenServer using the CLI User authenticationDisabling external authentication Removing access for a user using the CLI Terminating all authenticated sessions using xe Removing access for a userListing subjects with access Terminating individual user sessions using xe Role Based Access Control Roles Rbac process Permissions available for each role Definitions of Rbac roles and permissionsUsers role can be changed in two ways Definitions of permissions WLB Definitions of permissions Permission Allows Assignee To Rationale/Comments Permission Allows Assignee To Rationale/Comments Permission Allows Assignee To Rationale/Comments Working with Rbac using the xe CLI To list all the available defined roles in XenServer To display a list of current subjects To assign an Rbac role to a created subject Run the command xe subject-add subject-name=AD user/groupTo add a subject to Rbac To change a subjects Rbac role Audit log xe CLI commandsAuditing To obtain all audit records from the pool How does XenServer compute the roles for the session? Hosts and resource pools overview Requirements for creating resource pools Creating a resource pool Naming a resource pool Creating heterogeneous resource pools Adding shared storage Removing a XenServer host from a resource pool Adding NFS shared storage to a resource pool using the CLITo remove a host from a resource pool using the CLI Overcommitting High AvailabilityHA Overview Overcommitment Warning Configuration Requirements Restart priorities Enabling HA using the CLI Enabling HA on a XenServer pool Shutting down a host when HA is enabled Removing HA protection from a VM using the CLIRecovering an unreachable host Shutting down a VM when it is protected by HA Using the CLI to Manage Host Power On Host Power OnPowering on hosts remotely Key/Value Pairs To enable Host Power On using the CLITo turn on hosts remotely using the CLI Sample Script Possible values Virtual Disk Images VDIs Storage OverviewStorage Repositories SRs Physical Block Devices PBDs Virtual Disk Data Formats Virtual Block Devices VBDsSummary of Storage objects VHD-based VDIs VHD Chain Coalescing LUN-based VDIs Storage configurationCreating Storage Repositories LVM performance considerations Creating a raw virtual disk using the xe CLIUpgrading LVM storage from XenServer 5.0 or earlier VDI types Converting between VDI formats Probing an SR Following parameters can be probed for each SR type Page To enable storage multipathing using the xe CLI Storage Multipathing Storage Repository Types Creating a local LVM SR lvm Local LVMLocal EXT3 VHD Creating a local EXT3 SR ext Creating a shared EqualLogic SR UdevEqualLogic Parameter Name Description Optional? Creating a VDI using the CLI NetApp FlexVols Aggregates FAS Deduplication Access ControlThick or thin provisioning Licenses Creating a shared NetApp SR over iSCSI Taking VDI snapshots with a NetApp SR Software iSCSI SupportManaging VDIs in a NetApp SR Managing Hardware Host Bus Adapters HBAs XenServer Host iSCSI configurationSample QLogic iSCSI HBA setup LVM over iSCSI Removing HBA-based SAS, FC or iSCSI device entries Parameter Name Description Optional? Hitachi NFS VHD LVM over hardware HBA Creating a shared NFS SR nfs Citrix StorageLink Gateway Cslg SRs Creating a shared StorageLink SR Parameter name Description Optional? To create a Cslg SR Page Managing Storage Repositories Destroying or forgetting a SR Introducing an SR Moving Virtual Disk Images VDIs between SRs Resizing an SRConverting local Fibre Channel SRs to shared SRs Copying all of a VMs VDIs to a different SR Virtual disk QoS settings Adjusting the disk IO scheduler Possible values of qosalgorithmparamsched are What is Dynamic Memory Control DMC? Concept of dynamic range How does DMC Work? Concept of static rangeDMC Behaviour Memory constraints Supported operating systems Display the dynamic memory properties of a VM Xe CLI commandsDisplay the static memory properties of a VM Updating memory properties Workload Balancing interaction Upgrade issuesUpdate individual memory properties Networking XenServer networking overview Network objects Using VLANs with host management interfacesUsing VLANs with virtual machines Networks Using VLANs with dedicated storage NICs NIC bonds Creating networks in a standalone server Managing networking configurationInitial networking configuration Creating networks in resource pools To add a new network using the CLITo connect a network to an external Vlan using the CLI Creating VLANs Bonding two NICs together Creating NIC bonds on a standalone hostCreating a NIC bond on a dual-NIC host Reverting NIC bonds Creating NIC bonds in resource poolsControlling the MAC address of the bond Adding NIC bonds to new resource pools Adding NIC bonds to an existing pool To add NIC bonds to the pool master and other hosts Changing networking configuration options Configuring a dedicated storage NICControlling Quality of Service QoS To assign NIC functions using the xe CLI Hostname Changing IP address configuration for a standalone hostChanging IP address configuration in resource pools DNS servers Management interface Disabling management accessTo change the IP address of a pool master host To change the NIC used for the management interface Verifying NIC ordering NIC/PIF ordering in resource poolsAdding a new physical NIC Re-ordering NICs Networking Troubleshooting Diagnosing network corruption Recovering from a bad network configuration New Features Whats New? Workload Balancing Overview Changes Workload Balancing Installation Overview Workload Balancing Basic Concepts Supported Operating Systems Workload Balancing System RequirementsSupported XenServer Versions Recommended Hardware SQL Server Database Authentication Requirements Workload Balancing Data Store Requirements Preinstallation Considerations Operating System Language Support Installing Workload Balancing WLB Access Control Permissions To install Workload Balancing server To verify your Workload Balancing installation Configuring Firewalls Upgrading Workload Balancing Upgrading SQL Server Initializing Workload BalancingUpgrading Workload Balancing on the Same Operating System Upgrading Workload Balancing and the Operating System To initialize Workload Balancing Authorization for Workload Balancing Configuring Workload Balancing Settings Configuring Antivirus Software Fixed To display the Workload Balancing Configuration dialog boxAdjusting the Optimization Mode Scheduled To edit or delete an automatic optimization interval Optimizing and Managing Power AutomaticallyTo set an optimization mode for all time periods Enabling Workload Balancing Power Management Accepting Optimization Recommendations Automatically 102 To apply optimization recommendations automatically To select servers for power managementChanging the Critical Thresholds To change the critical thresholds Tuning Metric WeightingsDefault Settings for Critical Thresholds To edit metric weighting factors Excluding Hosts from Recommendations Historical Data Storage Time VM Optimization Criteria Number of Times an Optimization Recommendation is Made To configure VM Recommendation intervals To start a virtual machine on the optimal server To resume a virtual machine on the optimal server To accept an optimization recommendation Administering Workload BalancingAccepting Optimization Recommendations Reconfiguring a Pool to Use Another WLB Server Disabling Workload Balancing Click Update Credentials Updating Workload Balancing Credentials Customizing Workload Balancing Entering Maintenance Mode with Workload Balancing EnabledUninstalling Workload Balancing Introduction To enter maintenance mode with Workload Balancing enabledWorking with Workload Balancing Reports Subscribing to Workload Balancing Reports To generate a Workload Balancing report Using Workload Balancing Reports for TasksGenerating and Managing Workload Balancing Reports To subscribe to a Workload Balancing report Report Toolbar Buttons To cancel a report subscriptionTo navigate in a Workload Balancing Report To print a Workload Balancing report Report Generation FeaturesDisplaying Workload Balancing Reports Toolbar Buttons Workload Balancing Report Glossary Host Health History Pool Optimization Performance History Pool Audit Log History Pool Health Audit Log Event Names Pool Health History Pool Optimization History Virtual Machine Motion History Virtual Machine Performance History To backup host configuration and software BackupsTo backup pool metadata To backup a VM Backup and restore using xsconsole Full metadata backup and disaster recovery DRDR and metadata backup overview Moving SRs between hosts and Pools Using Portable SRs for Manual Multi-Site Disaster Recovery VM Snapshots Snapshots with memory Regular SnapshotsQuiesced Snapshots Creating a VM Snapshot To list the snapshots on a particular VM Creating a snapshot with memoryTo list all of the snapshots on a XenServer pool Restoring a VM to its previous state Deleting a snapshot Snapshot Templates Creating a template from a snapshot Exporting a snapshot to a template Advanced Notes for Quiesced Snapshots 132 Master failures Coping with machine failuresMember failures Physical Machine failure Coping with Failure due to Configuration ErrorsPool failures To restore a pool with all hosts failed To restore a VM when VM storage is not available Monitoring and managing XenServer Alerts Customizing Alerts Valid VM Elements Configuring Email Alerts Valid Host Elements Determining throughput of physical bus adapters Custom Fields and TagsCustom Searches To determine PBD throughput To write logs to a remote server XenServer host logsSending host log messages to a central server XenCenter logs Userprofile%\AppData\Citrix\XenCenter\logs\XenCenter.log Xe command-name argument=value argument=value Basic xe syntax Special characters and syntax Command types Class-list Class-param-list uuid=uuid Low-level param commandsParameter types Low-level list commands Bond parameters Xe command referenceBonding commands Bond-create CD commands CD parameters Cd-list Console commandsConsole parameters Cd-listparams=param1,param2,... parameter=parametervalue Event-wait Event commandsEvent classes Host parameters Host XenServer host commandsHost selectors Parameter Name Description Type Syslogdestination Host-backup Host-backupfile-name=backupfilenamehost=hostname Host-bugreport-upload Host-disableHost-emergency-management-reconfigure Host-crashdump-destroy Host-forget Host-enableHost-evacuate Host-get-system-status Host-get-system-status-capabilities Attribute Description License-server-address Host-is-in-emergency-modeHost-apply-edition License-server-port Host-license-view Host-management-disableHost-management-reconfigure Host-logs-download Host-reboot Host-power-onHost-set-power-on Host-restore Log commands Message-create Message commandsMessage parameters Message-list Subnet/netmask/gateway Network commandsNetwork parameters 192.168.0.4 Network-create Patch update commandsPatch parameters Network-destroy PBD commands PBD parameters Pbd-destroy PIF commandsPbd-create Pbd-plug PIF parameters MAC Dhcp Pif-forget uuid=uuidofpif Pif-forgetPif-introduce Pool commands Pool parameters Parameter Name Description Type Pool-designate-new-master Pool-emergency-reset-masterPool-ha-enable Pool-dump-database Storage Manager commands SM parameters SR commands SR parameters Sr-forget Sr-createSr-destroy Sr-destroy uuid=sruuid Sr-introduce Task commandsTask parameters Sr-probe Task-cancel uuid=taskuuid Template commandsTask-cancel Template parameters For memory-dynamic-max Uuid=vmuuid \ Parameter Name Description Type As not in database for YyyymmddThhmmss z Not in database for a Form yyyymmddThhmmss Update-upload Update commandsUser commands User-password-change VBD commands VBD parameters Vbd-create VDI commands VDI parameters Vdi-create Vdi-cloneVdi-copy Tree /local/domain/0/backend Vdi-import Vdi-destroyVdi-forget Vdi-introduce Vdi-unlock VIF commandsVIF parameters Vdi-unlockuuid=uuidofvditounlock force=true Uuid=vifuuid \ Vif-plug Vif-createVif-destroy Vif-unplug VM selectors Vlan commandsVM commands VM parameters Parameter Name Description Type Uuid=templateuuid \ Parameter Name Description Type Value pair autopoweron true VCPUs-number to a value Domain/domid/vm Vm-cd-ejectvm-selector=vmselectorvalue Vm-cd-addVm-cd-eject Vm-cd-remove Vm-cd-insertVm-cd-list Vm-clone Vm-data-source-forget Vm-copyVm-crashdump-list Vm-data-source-list Vm-destroy Vm-data-source-queryVm-data-source-record Vm-disk-add Vm-export Vm-disk-listVm-disk-remove Vm-import Vm-migrate Vm-installVm-memory-shadow-multiplier-set Vm-resume Vm-rebootVm-reset-powerstate Vm-shutdown Vm-suspend Vm-uninstallVm-start Vm-vcpu-hotplug Workload Balancing commands Pool-certificate-sync Pool-certificate-installPool-certificate-list Pool-param-set Pool-deconfigure-wlbPool-retrieve-wlb-configuration Pool-retrieve-wlb-recommendations Pool-send-wlb-configuration Pool-send-wlb-configuration Index