In my previous articles, we installed (VMware vRealize Network Insight (vRNI) – Part 1 – Installation) and configured (VMware vRealize Network Insight (vRNI) – Part 2 – Configuration) our VMware vRealize Network Insight infrastructure.
Now that we have the vRNI components in place and happily collecting data, we’re going to take a quick detour and configure LDAP, enabling our users to log in using their domain credentials instead of the single local@admin user.
Besides LDAP, we also have the option of creating additional local users, as well as integrating vRNI with VMware Identity Manager; however, this article will focus on connecting our vRNI Platform appliance with Microsoft Active Directory via LDAP.
Network Insight User Roles
Network Insight has three inbuilt security roles:
- Administrator – Complete access.
- Auditor – Read-only access, and restricted from all create, add, edit, or delete actions. Users can only view the state.
- Member – Limited access.
To view the supported features for each role, visit the Configure User Management for vRealize Network Insight guide.
Firstly, we’ll need to create several AD Security Groups which we’ll eventually map to our vRNI roles. In the below screenshot you can see I’ve created three Security Groups:
For demo purposes, I have also added a single dummy user to each Security Group:
- Jean-Luc Picard > VRNI_Administrator
- Wesley Crusher > VRNI_Auditor
- William T. Riker > VRNI_Member
Configure LDAP as an Identity Source
1. Browse to Settings > Identity & Access Management > LDAP and click Configure.
2. Configure the LDAP details accordingly, specifying your Domain, LDAP Host URLs, Base DN, etc. Add the Group DN of each of the newly created AD Security Groups, and select the relevant vRNI user role accordingly. Finally, provide your LDAP credentials and click Submit.
3. Once submitted, the LDAP configuration will be displayed. This can be edited at any time.
4. Finally, in the below screenshot, I log in with each of our new dummy users, and check the relevant access according to the assigned vRNI user role.
5. Once our users have logged in to vRNI; we will be able to see the relevant details via Settings > Identity & Access Management > User Management > LDAP Users.
In this article, we configured identity and access management by connecting vRNI to our Microsoft Active Directory infrastructure via LDAP. This enabled members of the AD Security Groups to log into vRNI and enjoy the benefits of their assigned vRNI user roles.
In the next article (Part 4) we will begin defining our applications (both manually and automatically) in readiness for Part 5, where we begin analysing the data flows.