In MS Virtual Server 2005, to grant users access to virtual machines, you have to modify settings in two different places. First, you use the Web interface to change Security settings of Virtual Server and grant specific permissions to users ( Full Control, Read …). Second, you control access to the folders where virtual machines files are located with Access Control List (ACLs) set on files and folders.
Hyper-V uses a different authorization model which is based on Windows Authorization Manager (AzMan). AzMan is a role-based access control framework that provides runtime access validation methods for Windows applications. In contrast with the file-based access control model, AzMan offers the following advantages:
- Granularity in permissions. File permissions are limited to basic actions such as read, write, full control on a resource. With AzMan, you can define more granular permissions and are not limited by the ACL model/
- Permissions .vs Tasks. Using AzMan, application developers define permission/right as task to be assigned on resources. AzMan provides a broad authorization management model and much richer functionality
- Storage.AzMan offers the ability to store defined policy in Active directory, ADAM, SQL database or even XML file.
Delegation Model in Hyper-V – Part 1 | Delegation Model in Hyper-V – Part 2 | Delegation Model in Hyper-V – Part 3
TrackBack URI Leave a comment »