Skip to main content

Service Account Configuration

HPE Morpheus VM Essentials

The RiverMeadow platform utilizes the HPE Morpheus VM Essentials REST API to orchestrate the migration of workloads to the HVM hypervisor. The security best practice is to create a dedicated service account that will be used by the RiverMeadow Meadow migration appliance to interact with the REST API. This service account should be granted only the privileges that are required to ensure that it aligns with the security principle of least privilege.

User Role

Privileges or permissions within HPE Morpheus VM Essentials are associated with a user role for assignment. This is why a dedicated user role should be created to assign the required privileges to the user account. The required role privileges that need to be granted to the user role can be found below.

Role Privileges

The following privileges are required by the HPE Morpheus VM Essentials user role to migrate workloads using the RiverMeadow platform:

HPE Morpheus VM Essentials Role Privileges
PrivilegeAccess Level
Backup SettingsFull
Environment SettingsFull
Provisioning SettingsFull
RolesFull
Service PlansRead
ClustersFull
ComputeFull
GroupsFull
NetworksRead
StorageRead
Virtual ImagesFull
Power ControlFull
ReconfigureFull
Reconfigure: Change PlanFull
Reconfigure: Disk AddFull
Reconfigure: Disk Change TypeFull
Reconfigure: Disk ModifyFull
Reconfigure: Disk RemoveFull
Reconfigure: Network AddFull
Reconfigure: Network ModifyFull
Reconfigure: Network RemoveFull
Retry/CancelFull
ActivityRead
DashboardRead
Import ImageFull
Instances: AddFull
Instances: CloneFull
Instances: DeleteFull
Instances: EditFull
Instances: ListFull
Instances: SettingsFull
Remote ConsoleUser
SnapshotsFull
Snapshots: Linked CloneFull
tip

The most current version of the required privileges is available in the RiverMeadow documentation: https://docs.rivermeadow.com/hpe-vme-required-privileges.

User Account

Once the user role has been created, a dedicated user account (local or external identity provider) should be created in the HPE Morpheus VM Essentials platform with a secure password for use by the RiverMeadow migration appliance. The dedicated user role should be assigned to the service account.

VMware vSphere (VM Based - Optional)

The RiverMeadow platform supports VM based migrations from VMware vSphere to HPE Morpheus VM Essentials using a hypervisor-level integration. A user account with elevated privileges to the source VMware vSphere environment is required for VM based migrations. This service account is used to automate the deployment of the source worker appliance and execute migration related activities such as creating snapshots.

VMware vSphere Role Privileges
GroupPrivilege
DatastoreAllocate space
DatastoreBrowse datastore
DatastoreLow level file operations
DatastoreUpdate virtual machine files
NetworkAssign network
ResourceApply recommendations
ResourceAssign vApp to resource pool
ResourceCreate resource pool
ResourceQuery vMotion
Storage ViewsView
vAppAdd virtual machine
vAppAssign resource pool
vAppAssign vApp
vAppCreate
vAppImport
vAppPower On
vAppRename
vAppvApp application configuration
vAppvApp instance configuration
vAppvApp managedBy configuration
vAppvApp resource configuration
vAppView OVF environment
Virtual MachineChange Configuration > Acquire disk lease
Virtual MachineChange Configuration > Acquire disk lease
Virtual MachineChange Configuration > Add existing disk
Virtual MachineChange Configuration > Add new disk
Virtual MachineChange Configuration > Add or remove device
Virtual MachineChange Configuration > Advanced configuration
Virtual MachineChange Configuration > Change resource
Virtual MachineChange Configuration > Configure Raw device
Virtual MachineChange Configuration > Configure managedBy
Virtual MachineChange Configuration > Display connection setting
Virtual MachineChange Configuration > Modify device settings
Virtual MachineChange Configuration > Reload from path
Virtual MachineChange Configuration > Remove disk
Virtual MachineChange Configuration > Rename
Virtual MachineChange Configuration > Disk change tracking
Virtual MachineChange Configuration > Reset guest information
Virtual MachineChange Configuration > Toggle disk change tracking
Virtual MachineChange Configuration > Unlock virtual machine
Virtual MachineGuest Operations > Guest operation modifications
Virtual MachineGuest Operations > Guest operation program execution
Virtual MachineGuest Operations > Guest operation queries
Virtual MachineInteraction > Power on
Virtual MachineProvisioning > Allow disk access
Virtual MachineProvisioning > Allow read-only disk access
Virtual MachineProvisioning > Allow virtual machine files upload
Virtual MachineProvisioning > Modify customization specifications
Virtual MachineProvisioning > Customize guest
Virtual MachineProvisioning > Deploy template
Virtual MachineProvisioning > Modify customization specifications
Virtual MachineProvisioning > Promote disks
Virtual MachineProvisioning > Read customization specifications
Virtual MachineSnapshot Management > Create Snapshot
Virtual MachineSnapshot Management > Remove Snapshot
Virtual MachineSnapshot Management > Rename Snapshot
Virtual MachineSnapshot Management > Revert to Snapshot