PlateSpin Migrate’s user authorization and authentication mechanism is based on user roles, and controls application access and operations that users can perform. The mechanism is based on Integrated Windows Authentication (IWA) and its interaction with Internet Information Services (IIS).
NOTE:If you have installed a PlateSpin Migrate Server localized for one language and a PlateSpin Migrate Client localized for a different language, do not use authorization credentials that include any language-specific characters. Using such characters in the login credentials causes miscommunication between the client and the server: the credentials are rejected as invalid.
PlateSpin Migrate’s user auditing functionality is provided through the capability to log user actions. See Section 6.6, Managing Migrate Client User Activity Log.
A PlateSpin Migrate role is a collection of PlateSpin Migrate privileges that entitle a particular user to perform specific actions. During installation, the PlateSpin Migrate installation program creates the following three local Windows groups on the PlateSpin Server host that map directly to the three PlateSpin Migrate roles that control user authorization and authentication
|
Group for PlateSpin Migrate Client Users |
Group for PlateSpin Migrate Web Interface Users |
Description |
|---|---|---|
|
PlateSpin Administrators |
Workload Conversion Administrators |
Have unlimited access to all features and functions of the application. A local administrator is implicitly part of this group. |
|
PlateSpin Power Users |
Workload Conversion Power Users |
Have access to most features and functions of the application with some limitations, such as restrictions in the capability to modify system settings related to licensing and security. |
|
PlateSpin Operators |
Workload Conversion Operators |
Have access to a limited subset of system features and functions, sufficient to maintain day-to-day operation. |
When a user attempts to connect to a PlateSpin Server, the credentials provided through the PlateSpin Migrate Client or Web Interface are validated by IIS. If the user is not a member of one of the PlateSpin Migrate roles, connection is refused. If the user is a local administrator on the PlateSpin Server host, that account is implicitly regarded as a PlateSpin Migrate Administrator.
The Permission details for the PlateSpin Migrate roles depends on whether you use the PlateSpin Migrate Client or the PlateSpin Migrate Web Interface for migrating the workloads:
For information on PlateSpin Migrate Roles and permission details when you use PlateSpin Migrate Client to perform the workload migration, see Table 4-1.
For information on PlateSpin Migrate Roles and permission details when you use PlateSpin Migrate Web Interface to perform the workload migration, see Table 4-2.
Table 4-1 PlateSpin Migrate Roles and Permission Details For PlateSpin Migrate Client Users
|
Role Details |
Administrators |
Power Users |
Operators |
|---|---|---|---|
|
Licensing: Add, delete licenses; transfer workload licenses |
Yes |
No |
No |
|
Machines: Discover, undiscover |
Yes |
Yes |
No |
|
Machines: Delete virtual machines |
Yes |
Yes |
No |
|
Machines: View, refresh, export |
Yes |
Yes |
Yes |
|
Machines: Import |
Yes |
Yes |
No |
|
Machines: Export |
Yes |
Yes |
Yes |
|
PlateSpin Migrate Networks: Add, delete |
Yes |
No |
No |
|
Jobs: Create new job |
Yes |
Yes |
No |
|
Jobs: View, abort, change start time |
Yes |
Yes |
Yes |
|
Block-Based Transfer Components: Install, upgrade, remove |
Yes |
Yes |
No |
|
Device Drivers: View |
Yes |
Yes |
Yes |
|
Device Drivers: Upload, delete |
Yes |
Yes |
No |
|
PlateSpin Server access: View Web services, download client software |
Yes |
Yes |
Yes |
|
PlateSpin Server settings: Edit settings that control user activity logging and SMTP notifications |
Yes |
No |
No |
|
PlateSpin Server settings: Edit all server settings except those that control user activity logging and SMTP notifications |
Yes |
Yes |
No |
|
Run Diagnostics: Generate detailed diagnostic reports on jobs. |
Yes |
Yes |
Yes |
|
Post-conversion Actions: Add, update, delete |
Yes |
Yes |
No |
Table 4-2 PlateSpin Migrate Roles and Permission Details For PlateSpin Migrate Web Interface Users
|
Role Details |
Administrators |
Power Users |
Operators |
|---|---|---|---|
|
Add Workload |
Yes |
Yes |
No |
|
Remove Workload |
Yes |
Yes |
No |
|
Configure Migration |
Yes |
Yes |
No |
|
Prepare Migration |
Yes |
Yes |
No |
|
Run Full Replication |
Yes |
Yes |
Yes |
|
Run Incremental Replication |
Yes |
Yes |
Yes |
|
Pause/Resume Schedule |
Yes |
Yes |
Yes |
|
Test Cutover |
Yes |
Yes |
Yes |
|
Cutover |
Yes |
Yes |
Yes |
|
Abort |
Yes |
Yes |
Yes |
|
Settings (All) |
Yes |
No |
No |
|
Run Reports/Diagnostics |
Yes |
Yes |
Yes |
To allow specific Windows domain or local users to carry out specific PlateSpin Migrate operations according to designated role, add the required Windows domain or user account to the applicable Windows local group (PlateSpin Administrators, PlateSpin Power Users, or PlateSpin Operators) on the PlateSpin Server host. For more information, see your Windows documentation.