Is there a way to use vSphere client to remotely access an ESX/ESXi box but only be allowed access to the controls (power on/off, mounting iso images) of a single VM, while not being allowed to edit other hardware settings?

We're looking at renting a VM from a local company (and by local, I mean on another island here in Hawaii), and in our negotiations, it's been stated that if Windows crashes to the point of re-install, we'll be charged for the re-install - which is totally understandable.

But I would like to avoid that charge if at all possible The only thing I've found in a quick google search was how to enable VNC in the vmx files themselves for 3.5.

Any thoughts?

hello,

You can remotely control another ESXi through vSphere, for that you need to redirect the necessary ports.

TCP 443 443 vSphere client
TCP 902 902 VM console
TCP 903 903 VM console

You can also define a security policy for each VM and set a specific user.

To activate VNC, just edit the file of each VM and add:

remotedisplay.vnc.enabled = "TRUE"
remotedisplay.vnc.port = "5901" * change according to each VM
remotedisplay.vnc.password = "password"

Explain in detail what their plans.

specifically, I want to connect my copy of the vSphere client to an offsite ESXi box (easily done). The hard part is this: only be allowed access to the CONTROLS (power on/off) of a single VM, as well as only have the ability to connect various ISO images to the VM.

I played with my in house vSphere server and added a limited user account. I could see all of the (sample) setups VMWare included to limit user interaction, but I saw no way to customize these to suit my needs, unless I missed that option somewhere in the client?

I connect the client to a dedicated vSphere management server btw, if that helps.

You have to create a new permission and associate the user who will be responsible for the VM.

You'll want to use roles and permissions http://www.vm-help.com/esx/esx3i/assign ... ssions.php.

yeah I played with it yesterday after some digging, and it seems I would have to do the account 2 fold. I made a user for just the VM only, doing only what I want it to do. And it worked - for that VM. For the rest of the box, it had full access.

Do I have to first deny everything to that account, then allow specifics on the VM in question?

If you create a role and grant a login that role on a VM, when they login, they'll see the host but will get a do not have permission message so they won't get any details about the host. They also won't see any VMs for which they don't have permissions. See the last image on the left of the above link.

somehow I overlooked your previous post with the link - that looks like exactly what I need to do, thanks Dave!