Credentials and Privileges for VMDK Access

Local operations are supported by local VMDK. Access to ESXi hosts is authenticated by login credentials, so with proper credentials VixDiskLib can reach any VMDK on an ESXi host. VMware vSphere has its own set of privileges, so with the proper privileges (see below) and login credentials, VixDiskLib can reach any VMDK on an ESXi host managed by vCenter Server. VixDiskLib supports the following:

  • Both read-only and read/write modes
  • Read-only access to disk associated with any snapshot of online virtual machines
  • Access to VMDK files of offline virtual machines (vCenter restricted to registered virtual machines)
  • Reading of Microsoft Virtual Hard Disk (VHD) format

With vCenter Server, the Role of the backup appliance when saving data must have these privileges for all the virtual machines being backed up:

  • VirtualMachine > Configuration > Disk change tracking
  • VirtualMachine > Provisioning > Allow read-only disk access and Allow VM download
  • VirtualMachine > State > Create snapshot and Remove snapshot

On the backup appliance, the user must have the following privileges:

  • Datastore > Allocate space
  • VirtualMachine > Configuration > Add new disk and Remove disk
  • VirtualMachine > Configuration > Change resource and Settings

The user must have this privilege for vCenter Server and all ESXi hosts involved in backup:

  • Global > DisableMethods and EnableMethods

If privileges are not applied at the vCenter Server level, the returned error message is somewhat misleading: “The host is not licensed for this feature.”