4.1 Configuring User Authorization and Authentication

PlateSpin Migrate’s user authorization and authentication mechanism is based on user roles, and controls application access and operations that users can perform. The mechanism is based on Integrated Windows Authentication (IWA) and its interaction with Internet Information Services (IIS).

NOTE:If you have installed a PlateSpin Migrate Server localized for one language and a PlateSpin Migrate Client localized for a different language, do not use authorization credentials that include any language-specific characters. Using such characters in the login credentials causes miscommunication between the client and the server: the credentials are rejected as invalid.

PlateSpin Migrate’s user auditing functionality is provided through the capability to log user actions. See Managing Migrate Client User Activity Log.

4.1.1 PlateSpin Migrate Roles

A PlateSpin Migrate role is a collection of PlateSpin Migrate privileges that entitle a particular user to perform specific actions. During installation, the PlateSpin Migrate installation program creates the following three local Windows groups on the PlateSpin Server host that map directly to the three PlateSpin Migrate roles that control user authorization and authentication

Group for PlateSpin Migrate Client Users

Group for PlateSpin Migrate Web Interface Users

Description

PlateSpin Administrators

Workload Conversion Administrators

Have unlimited access to all features and functions of the application. A local administrator is implicitly part of this group.

PlateSpin Power Users

Workload Conversion Power Users

Have access to most features and functions of the application with some limitations, such as restrictions in the capability to modify system settings related to licensing and security.

PlateSpin Operators

Workload Conversion Operators

Have access to a limited subset of system features and functions, sufficient to maintain day-to-day operation.

When a user attempts to connect to a PlateSpin Server, the credentials provided through the PlateSpin Migrate Client or Web Interface are validated by IIS. If the user is not a member of one of the PlateSpin Migrate roles, connection is refused. If the user is a local administrator on the PlateSpin Server host, that account is implicitly regarded as a PlateSpin Migrate Administrator.

The Permission details for the PlateSpin Migrate roles depends on whether you use the PlateSpin Migrate Client or the PlateSpin Migrate Web Interface for migrating the workloads:

  • For information on PlateSpin Migrate Roles and permission details when you use PlateSpin Migrate Client to perform the workload migration, see Table 4-1.

  • For information on PlateSpin Migrate Roles and permission details when you use PlateSpin Migrate Web Interface to perform the workload migration, see Table 4-2.

Table 4-1 PlateSpin Migrate Roles and Permission Details For PlateSpin Migrate Client Users

Role Details

Administrators

Power Users

Operators

Licensing: Add, delete licenses; transfer workload licenses

Yes

No

No

Machines: Discover, undiscover

Yes

Yes

No

Machines: Delete virtual machines

Yes

Yes

No

Machines: View, refresh, export

Yes

Yes

Yes

Machines: Import

Yes

Yes

No

Machines: Export

Yes

Yes

Yes

PlateSpin Migrate Networks: Add, delete

Yes

No

No

Jobs: Create new job

Yes

Yes

No

Jobs: View, abort, change start time

Yes

Yes

Yes

Imaging: View, start synchronization in existing contracts

Yes

Yes

Yes

Imaging: Consolidate increments, apply increments to base, delete increments, install/delete image servers

Yes

Yes

No

Block-Based Transfer Components: Install, upgrade, remove

Yes

Yes

No

Device Drivers: View

Yes

Yes

Yes

Device Drivers: Upload, delete

Yes

Yes

No

PlateSpin Server access: View Web services, download client software

Yes

Yes

Yes

PlateSpin Server settings: Edit settings that control user activity logging and SMTP notifications

Yes

No

No

PlateSpin Server settings: Edit all server settings except those that control user activity logging and SMTP notifications

Yes

Yes

No

Run Diagnostics: Generate detailed diagnostic reports on jobs.

Yes

Yes

Yes

Post-conversion Actions: Add, update, delete

Yes

Yes

No

Table 4-2 PlateSpin Migrate Roles and Permission Details For PlateSpin Migrate Web Interface Users

Role Details

Administrators

Power Users

Operators

Add Workload

Yes

Yes

No

Remove Workload

Yes

Yes

No

Configure Migration

Yes

Yes

No

Prepare Migration

Yes

Yes

No

Run Full Replication

Yes

Yes

Yes

Run Incremental Replication

Yes

Yes

Yes

Pause/Resume Schedule

Yes

Yes

Yes

Test Cutover

Yes

Yes

Yes

Cutover

Yes

Yes

Yes

Abort

Yes

Yes

Yes

Settings (All)

Yes

No

No

Run Reports/Diagnostics

Yes

Yes

Yes

4.1.2 Assigning PlateSpin Migrate Roles to Windows Users

To allow specific Windows domain or local users to carry out specific PlateSpin Migrate operations according to designated role, add the required Windows domain or user account to the applicable Windows local group (PlateSpin Administrators, PlateSpin Power Users, or PlateSpin Operators) on the PlateSpin Server host. For more information, see your Windows documentation.