Authentication Schemes

HV Manager supports two Authentication Schemes: Web Forms and Microsoft NTLM.

NTLM Authentication is the best type of authentication to use in intranet environments using Windows. An enterprise user can use their Windows Domain credentials to access the HV Manager web interface. Also, you can link Active Directory Groups with HVManager roles. If the computer running HV Manager is not connected to Active Directory, you can use local computer users and groups to configure HV Manager permissions.

Configuring Forms-based authentication

1. Run the HVManager shortcut on the Desktop to open hvm command-line tool.
2. The following command adds a new instance with the name hvm1, running with default user account .\HvmService and Forms-based authentication enabled:

   
                   hvm add-instance -name hvm1 -url http://+:8117/
               

3. Open a web browser and go to the address http://localhost:8117/
4. Enter the Administrator username and password.
5. Click on the Roles in the navigation menu on the right side. Then click Add Role to open the New Role form
6. On the Role tab select the permissions. Each resource permission item corresponds to the element of the user interface. If the permission is disabled the element will be hidden from the user.
7. To assign virtual machines to the Role select the Assigned VMs tab and click the plus button. Select virtual machines from the list (the Hyper-V server connection should be added before). To grant role users access to all VMs leave the Assigned VMs list empty.
8. Next step is creating a User and assigning the Role. Click on the Users in the navigation menu on the right side. Then click Add User to open the New User dialog.
9. Specify the User name, Role, and password. Then click Save to create the User.

Configuring NTLM Authentication

1. Run the HVManager shortcut on the Desktop to open hvm command-line tool.
2. The following command adds a new instance with the name hvm1, running with default user account .\HvmService and Windows (NTLM) authentication enabled. The administrator user account is Domain\Administrator.

   
                    add-instance -name hvm1 -url http://+:8117/ -auth NTLM -admin Domain\Administrator
               

3. To enable NTLM for existing instance use the update-instance command as following:

   
                   update-instance -name hvm1 -auth NTLM -admin Domain\Administrator
               

4. Open a web browser and go to the address http://localhost:8117/
5. Enter the Administrator Windows user name and password.
6. Click on the Roles in the navigation menu on the right side. Then click Add Role to open the New Role form.
7. On the Roles tab select the permissions. Each resource permission item corresponds to the element of the user interface. If the permission is disabled the element will be hidden from the user.
8. To assign virtual machines to the Role select the Assigned VMs tab and click the plus button. Select virtual machines from the list (the Hyper-V server connection should be added before). To grant role users access to all VMs leave the Assigned VMs list empty.
9. Next step is creating a User and assigning the Role. Click on the Users in the navigation menu on the right side. Then click Add User to open the New User dialog.
10. Specify the AD or Windows User name and assign the Role. Then click Save to create the User

There are two ways to organize Windows AD users access to HV Manager:

• Add an AD user to the HV Manager and assign the Role.
• Link AD Group with HV the Manager Role. It grants access to the HV Manager to all group members.

The following table shows the HV Manager Role and Windows/AD Group relations:

Role name	Grant HV Manager login rights to
Domain\GroupName	All Domain\GroupName members
BUILTIN\GroupName, Computer\GroupName	All local Windows GroupName members
RoleName (without ‘\’)	-

The following table shows the HV Manager User and Windows/AD User relations:

User name	Assigned Role	Enabled HV Manager permissions
Domain\UserName	RoleName (without ‘\’)	RoleName permissions and Domain Groups permissions (if user’s Group added to HV Manager).
BUILTIN\UserName, Computer\UserName	RoleName (without ‘\’)	RoleName permissions and user local Groups permissions (if user’s Group added to HV Manager).