- Notes, cautions, and warnings
- Revision history
- PowerProtect DDMC Overview
- Planning the DDMC environment
- Getting Started
- Prerequisites
- Downloading DDMC
- Installing DDMC in a VMware environment
- Hyper-V
- DDMC on kernel-based virtual machine
- Deploying DDMC in Amazon Web Services (AWS) using Cloud Formation Template
- DDMC in Azure Marketplace
- Deploying DDMC in Google Cloud Platform (GCP)
- Deploying DDVE systems
- Powering on DDMC
- Logging in and out of DDMC
- Adding (registering) systems to DDMC
- Continuing DDMC configuration
- Understanding RBAC in DDMC
- Viewing DDMC page elements
- Navigating a DDMC page
- Organizing the dashboard
- Organizing managed systems
- Data Centers
- Displaying property information
- Managing replication lag threshold policies
- Working with filters
- Smart Scale
- Monitoring Systems
- How DDMC helps monitor DD systems
- Data retention policy for DDMC
- Space projection algorithm for DDMC
- Performing daily monitoring
- Monitoring capacity
- Checking system capacity and disk space usage
- Measuring physical capacity
- Managing measurement schedules for physical capacity
- Adding or editing physical capacity measurement schedules
- Deleting physical capacity measurement schedules
- Assigning and unassigning measurement schedules for physical capacity
- Measure now for physical capacity
- Viewing physical capacity measurement jobs
- Checking projected system capacity
- Interacting with the Projection Chart
- Checking the System Details lightbox
- Monitoring replication
- Monitoring status with reports
- Managing DD Systems
- Administering Secure Multitenancy
- How DDMC helps with SMT monitoring
- Creating and managing Tenants
- Creating and managing Tenant Units
- Creating a Tenant Unit with the wizard
- Viewing Tenant Unit information and status
- Tenant Unit Details lightbox
- Editing Tenant Unit information
- Deleting Tenant Units and unassigning provisioned storage
- Adding an unmanaged Tenant Unit to a Tenant
- Creating, editing, and generating SMT reports
- Performing Additional Configuration
- Managing network settings
- Configuring network settings
- Configuring network interfaces
- Configuring hosts
- Configuring DNS settings
- Configuring routes
- Working with SNMP
- Managing access to DDMC
- Managing general configuration settings
- Updating DDMC software
- Managing DDMC update packages
- Prerequisite to performing a DDMC software update
- DDMC software update in ESXi
- Performing a DDMC software update in KVM
- Performing a DDMC software update in Hyper-V
- Performing a DDMC software update in AWS
- Performing a DDMC software update in Azure
- Performing a DDMC software update in GCP
- Managing network settings
- Graphics Reference for DDMC
- Command Line Interface for DDMC
Dell PowerProtect DD Management Center (DDMC) 7.9 Installation and Administration Guide
Understanding RBAC in SMT
In Secure Multitenancy (SMT), permission to perform a task depends on the role that is assigned to a user. DDMC uses role-based access control (RBAC) to control these permissions.
All DDMC users can:
- View all tenants
- Create, read, update, or delete tenant units belonging to any tenant if the user is an administrator on the protection system hosting the tenant unit
- Assign and unassign tenant units to and from a tenant if the user is an administrator on the system hosting the tenant unit
- View tenant units belonging to any tenant if the user has any assigned role on the system hosting the tenant unit
To perform more advanced tasks depends on the role of the user, as follows:
admin role
A user with an admin role can perform all administrative operations on a protection system. An admin can also perform all SMT administrative operations on the system, including setting up SMT, assigning SMT user roles, enabling tenant self-service mode, creating a tenant, and so on. In the context of SMT, the admin is typically referred to as the landlord. In DDOS, the role is known as the sysadmin.
To have permission to edit or delete a tenant, you must be both a DDMC admin and a DDOS sysadmin on all systems that are associated with the tenant units of that tenant. If the tenant does not have any tenant units, you need only to be a DDMC admin to edit or delete that tenant.
limited-admin role
A user with a limited-admin role can perform all administrative operations on a system as the admin. However, users with the limited-admin role cannot delete or destroy MTrees. In DDOS, there is an equivalent limited-admin role.
tenant-admin role
A user with a tenant-admin role can perform certain tasks only when tenant self-service mode is enabled for a specific tenant unit. Responsibilities include scheduling and running a backup application for the tenant and monitoring resources and statistics within the assigned tenant unit. The tenant-admin can view audit logs, but RBAC ensures that only audit logs from the tenant units belonging to the tenant-admin are accessible. In addition, tenant-admins ensure administrative separation when tenant self-service mode is enabled. In the context of SMT, the tenant-admin is referred to as the backup admin.
tenant-user role
A user with a tenant-user role can monitor the performance and usage of SMT components only on tenant unit(s) assigned to them and only when tenant self-service is enabled, but a user with this role cannot view audit logs for their assigned tenant units. Also, tenant-users may run the show and list commands.
none role
A user with a role of none is not allowed to perform any operations on a system other than changing their password and accessing data using DD Boost. However, after SMT is enabled, the admin can select a user with a none role from the system and assign them an SMT-specific role of tenant-admin or tenant-user. Then, that user can perform operations on SMT management objects.
management groups
BSPs (backup service providers) can use management groups defined in a single, external AD (active directory) or NIS (network information service) to simplify managing user roles on tenant units. Each BSP tenant may be a separate, external company and may use a name-service such as AD or NIS.
With SMT management groups, the AD and NIS servers are set up and configured by the admin in the same way as SMT local users. The admin can ask their AD or NIS administrator to create and populate the group. The admin then assigns an SMT role to the entire group. Any user within the group who logs in to the system is logged in with the role that is assigned to the group.
When users leave or join a tenant company, they can be removed or added to the group by the AD or NIS administrator. It is not necessary to modify the RBAC configuration on a system when users who are part of the group are added or removed.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\