Ops Mgr Agent Operation
The Ops Mgr agent action account must have the Administrator permissions on the server where the Veeam MP for VMware component (Collector, VE Service) runs. To be able to monitor Veeam Backup & Replication infrastructure, you must assign the Veeam Backup Administrator role to this account as well. For more information on how to assign roles in Veeam Backup & Replication, see the Veeam Backup & Replication User Guide for VMware vSphere, section Roles and Users.
Connection to VMware vCenter
The account used to connect to VMware systems must have at minimum Read-only privilege.
Gathering vSphere Datastore Data
To be able to run the Scan Datastore for Unknown Files task, you must assign the Browse datastore privilege to the account, and make sure that the Create and Update task permissions are enabled.
To assign the privilege to the user role, edit the following role settings:
- Go to All Privileges > Datastore and enable Browse datastore.
- Go to All Privileges > Tasks, and enable Create task and Update task.
To create the appropriate user role and assign specific permissions, use the vSphere Client, as described in VMware documentation.
Access should be provided to the complete vSphere hierarchy and not only to specific objects. Using No Access or otherwise restricted permissions to any part of the vCenter hierarchy to configure monitoring visibility is not supported. To define which vSphere clusters and hosts are monitored, use the Veeam UI and check/uncheck clusters and hosts as required.
If MP Tasks in the context of virtual machine are required, the VMware connection account must be assigned the required elevated privileges to run the task (Power On/Off VM and so on).
Veeam Virtualization Extensions Service Account
The account under which the VE Service runs must be a member of the Veeam Virtualization Extensions Users local group and have Administrator rights.
Veeam VMware Collector Service Account
The Veeam VMware Collector service account must be:
- An administrative account on the server where the Veeam VMware Collector service runs.
- A member of the Veeam Virtualization Extensions Users local group on the server running VE Service.
Connection to Veeam UI
To access the Veeam UI (for addition/removal of vCenter connections, configuring Veeam Collector settings and so on), users must be included in the local group named Veeam Virtualization Extensions Users. This local group is created during VE Service installation.
Collector Auto-Deployment Run As Account
The account in the Veeam VMware Collector Auto-Deployment Run As Profile must be:
- At minimum OpsManager Advanced Operator on Management Servers that will host Veeam Collectors.
- Local Administrator on Management Server where the VE Service runs.
The account must also be a member of the Veeam Virtualization Extensions Users local group on the server where the VE Service runs.