I have a client that is a hosting provider. They would like to give multiple clients access to the UCS KVM without allowing them to see configuration of the UCS or access to other clients KVMs
Here is what we have done so far
- We have upgraded to the 2.2 code to enable Direct-KVM
- We have created Sub-Orgs
- We have created users with access only to Sub-Orgs
Here are the challenges that we are facing
- If one of the created users logs into UCSM they are able to see the system configuration and other clients configurations.
- If we provide the clients with Direct-KVM access we have to allow the clients access to the UCS management IP space
We have discussed creating NATs and ACLs for limiting access to the IP space.
I wanted to see if anyone else has encountered this and what they did as a solution.