PlateSpin Migrate’s user authorization and authentication mechanism is based on user roles, and controls application access and operations that users can perform. The mechanism is based on Integrated Windows Authentication (IWA) and its interaction with Internet Information Services (IIS).
PlateSpin Migrate’s user auditing functionality is provided through the capability to log user actions (see Setting Up User Activity Logging).
A PlateSpin Migrate role is a collection of PlateSpin Migrate privileges that entitle a particular user to perform specific actions. During installation, the PlateSpin Migrate installation program creates three local Windows groups on the PlateSpin Server host: PlateSpin Migrate Administrators, PlateSpin Migrate Power Users, and PlateSpin Migrate Operators. These groups map directly to the three PlateSpin Migrate roles that control user authorization and authentication:
PlateSpin Administrators: Have unlimited access to all features and functions of the application. A local administrator is implicitly part of this group.
PlateSpin Power Users: Have access to most features and functions of the application with some limitations, such as restrictions in the capability to modify system settings related to licensing and security.
PlateSpin Operators: Have access to a limited subset of system features and functions, sufficient to maintain day-to-day operation.
When a user attempts to connect to a PlateSpin Server, the credentials provided through the PlateSpin Migrate Client are validated by IIS. If the user is not a member of one of the PlateSpin Migrate roles, connection is refused. If the user is a local administrator on the PlateSpin Server host, that account is implicitly regarded as a PlateSpin Migrate Administrator.
The following table lists permissions for each role.
Table 2-3 PlateSpin Migrate Roles and Permission Details
|
Role Details |
Administrators |
Power Users |
Operators |
|---|---|---|---|
|
Licensing: Add, delete licenses; transfer workload licenses |
yes |
no |
no |
|
Machines: Discover, undiscover |
yes |
yes |
no |
|
Machines: Delete virtual machines |
yes |
yes |
no |
|
Machines: View, refresh, export |
yes |
yes |
yes |
|
Machines: Import |
yes |
yes |
no |
|
Machines: Export |
yes |
yes |
yes |
|
PlateSpin Migrate Networks: Add, delete |
yes |
no |
no |
|
Jobs: Create new job |
yes |
yes |
no |
|
Jobs: View, abort, change start time |
yes |
yes |
yes |
|
Imaging: View, start synchronization in existing contracts |
yes |
yes |
yes |
|
Imaging: Consolidate increments, apply increments to base, delete increments, install/delete image servers |
yes |
yes |
no |
|
Block-Based Transfer Components: Install, upgrade, remove |
yes |
yes |
no |
|
Device Drivers: View |
yes |
yes |
yes |
|
Device Drivers: Upload, delete |
yes |
yes |
no |
|
PlateSpin Server access: View Web services, download client software |
yes |
yes |
yes |
|
PlateSpin Server settings: Edit settings that control user activity logging and SMTP notifications |
yes |
no |
no |
|
PlateSpin Server settings: Edit all server settings except those that control user activity logging and SMTP notifications |
yes |
yes |
no |
|
Run Diagnostics: Generate detailed diagnostic reports on jobs. |
yes |
yes |
yes |
|
Post-conversion Actions: Add, update, delete |
yes |
yes |
no |
To allow specific Windows domain or local users to carry out specific PlateSpin Migrate operations according to designated role, add the required Windows domain or user account to the applicable Windows local group (PlateSpin Administrators, PlateSpin Power Users, or PlateSpin Operators) on the PlateSpin Server host. For more information, see your Windows documentation.
By default, PlateSpin Migrate records all user activities in a log file, PlateSpin.UserActivityLogging.log, located on your PlateSpin Server host, in the following directory:
..\PlateSpin Migrate Server\logs.
The format of an individual log entry is:
date|Category|description|user|details1|details2
The Category element describes the functional area applicable to a particular action, such as Security, Inventory (discovery operations), LicenseManagement, or Migration (workload portability operations).
Elements details1 and details2 depend on the Category and provide additional information if applicable.
Below is an example of a log entry recording the login action of a user with the domain account MyDomain\John.Smith.
2008-09-02 14:14:47|Security|User logged in|MyDomain\John.Smith
When the size of a log file reaches a specified value, it is rolled over to a new file with a sequential number appended to the name:
PlateSpin.UserActivityLogging.log.1 PlateSpin.UserActivityLogging.log.2 PlateSpin.UserActivityLogging.log.3
When the number of log files reaches a specified value, the system starts overwriting the oldest file each time a rollover is performed.
To enable or disable user activity logging, and to specify log file size and rollover options:
In the PlateSpin Migrate Client, click
Click the tab.
Specify the required options, then click .