DataManagement

Will the VMware vExpert Award grow to rival the Microsoft MVP?

A few days ago, I posted a blog about a VMware award that was announced in January 2009. This award is known as the vExpert Award, and those who receive it become known as vExperts for the following year.

In a previous blog post with an admittedly lighthearted tone, I congratulated the recipients and asked for more information about the award and the process for receiving one. Reading the few available online resources on vExpert left some of my questions unanswered. (While I did reply in the comment section on the original post, we decided to remove the blog and post this entry instead, because the comment wasn’t visible enough.)

On SearchVMware.com and SearchServerVirtualization.com, we have run several rounds of product awards, and process is always important, so I was naturally curious to see whether there was further criterion available for what comprises a vExpert.

Several community members became upset, however, as the blog post was interpreted by some as a denigration of the vExpert Award or an indication that I didn’t think certain recipients deserved the award. I apologize for writing it in a way that left room for misinterpretation.

The vExpert Award selection process clarified

John Troyer, VMware Communities outreach and vExpert program manager, graciously answered my questions. Because of his answer, in addition to knowing how many awards were given and what the new vExperts receive, I also now know that the vExpert selection process wasn’t based solely on self-nominations. There were internal nominations provided by VMware, and many people nominated others whom they believed should be recognized.

Troyer also said that most of the nominations were indeed highly qualified but that VMware only had 300 spots. The actual recipients demonstrated that they gave their time and effort back to help others, either via blog, user group, or publication. He further commented that the vExpert is not a measure of raw technical expertise, as someone could be well versed in VMware technologies but not qualify as a vExpert, and that it may appear that many bloggers were recognized as vExperts, but that’s because the best virtualization bloggers have self-assembled.

Troyer also mentioned that vExperts would see additional benefits over those already announced (for more details, see the VMware vExpert page).

VMware is to Microsoft as vExpert is to MVP?

Is VMware developing an award that will one day act as the VMware equivalent to the Microsoft Most Valued Professional (MVP) Award?

Currently, the MVP Award program is conducted by eight people, and there are 3,500 MVPs around the world out of 100 million active community members. With 300 vExperts, the vExpert Award program has some room for growth if VMware wants it to become the equivalent of the MVP — but as the vExpert Award is in its first year, there’s plenty of time for development.

For comparison purposes, the MVP website outlines the selection process as such:

MVP nominees undergo a rigorous review process. Technical community members, current MVPs, and Microsoft personnel may nominate candidates. A panel that includes MVP team members and product group teams evaluate each nominee’s technical expertise and voluntary community contributions over the prior year. The panel considers the quality, quantity, and level of impact of the MVP nominee’s contributions. Active MVPs receive the same level of scrutiny as do other candidates each year.

MVPs receive a certificate and a thank-you gift, as do vExperts.

MVPs also receive complimentary subscriptions to the Microsoft Developer Network and TechNet, access to private MVP newsgroups, and an invitation to the MVP Global Summit at the Washington State Convention and Trade Center in Seattle and at Microsoft’s headquarters.

Will the vExpert Award program evolve to become the equivalent of the MVP Award program? Will there be a vExpert Global Summit near VMware’s headquarters in Palo Alto, Calif.? SearchVMware.com will be watching.

And once again, congratulations to the first round of vExperts.

VirtualCenter custom roles for delegated access

The built-in roles for access to VirtualCenter and the managed objects are okay for many common scenarios, but some situations require additional configuration. In some cases, creating custom roles has been a viable solution. Here is how I created a role that would allow a user only to view a virtual machine’s console.

Create the role and deployment model first

Before permissions are assigned, some thought should be given to user rights and how they would be administered. In most VirtualCenter environments, the permissions would be retrieved from a Windows Active Directory domain. To make that process easier, all permissions should be assigned to VirtualCenter through Windows groups.

To create a role or modify an existing role, select the Administration button within the VMware Infrastructure Client (VI Client). From here, you can create or modify a role for your desired access. If you wanted to allow a user to view a virtual machine’s console, for example, you would create a custom role such as the specified permission below:

Applying the custom roles

The ability to view the console of specified systems can come in handy for certain situations, particularly when traditional network connectivity to the guest operating system is not possible for normal methods such as remote desktop or VNC. Creating a console view-only role would be done in the VIC on a per-object basis. A per-object basis is one in which you can assign the permission to view just the console to an ESX host, a resource pool, a data center or even a virtual machine individually. Roles to objects in VirtualCenter are always applied via the Permissions tab for the object.

To make configuration consistent, create a Windows security group with the same name in the Active Directory domain. For my custom role, the Windows group (MSS\VMSpecified-Roles-ConsoleOnly) and the VirtualCenter role (VMSpecified-Roles-ConsoleOnly) are assigned to the object below:

From this point, the clients can log into a locally install the VIC and connect per the specified permissions. Be careful, however, as a username that may have multiple roles would have the permissions of the combined roles. You can work with some propogation, but singular assignment would be a better practice. VMware provides a document fully outlining the roles architecture available for download from their website.

Audit trail of connections into the VirtualCenter

With this functionality, an auditing requirement is fully justified. Within the VirtualCenter database, you can monitor the authentication log-on and log-off events. A January SearchVMware.com ITKE post has this outlined well.