ESXi и гранулярность прав доступа - SSH Forced Command , и немного про backup и CIM

В ESXi и vCenter используется достаточно развестая система ограничения прав - и всего три преднастроенные роли.
Нормальные вендоры (читай - Commvault) пишут про необходимые права доступа статьи и снимают видео -
What security permissions do I need for VMware custom accounts or roles?
https://community.commvault.com/commvault-q-a-2/what-security-permissions-do-i-need-for-vmware-custom-accounts-or-roles-95
Permissions for vSphere Custom User Accounts
https://documentation.commvault.com/commvault/v11_sp20/article?p=32134.htm
Using a PowerShell Script to Create a Role in vSphere
https://documentation.commvault.com/commvault/v11_sp20/article?p=115101.htm
How to configure vCenter permissions for the virtual server agent
https://www.youtube.com/watch?v=mb1tP707x34

Сами права и их уровень гранулярности описан в документации VMware - например Defined Privileges
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ED56F3C4-77D0-49E3-88B6-B99B8B437B62.html

Host CIM Privileges
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-410D51C2-B106-4DFA-A88F-B6F48B6F988D.html

The Common Information Model (CIM) описан в статье Control Access for CIM-Based Hardware Monitoring Tools https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-645EBD81-CF86-44D7-BE77-224EF963D145.html

а ограничения для одного пользователя на строго ограниченный список команд описаны в статье Restrict a User to SSH Forced Command https://ctrlnotes.com/restrict-a-user-to-ssh-forced-command/#

Nitro platform which will power VMware Cloud on AWS Outposts

The components of the Nitro System
https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-components-of-the-nitro-system.html

Learning more about the Nitro platform which will power VMware Cloud on AWS Outposts
https://williamlam.com/2018/12/learning-more-about-the-nitro-platform-which-will-power-vmware-cloud-on-aws-outposts.html

Появилось 1.5 года назад - Announcing availability of VMware Cloud on AWS Outposts:
For customers looking to extend their AWS-centric model to their on-premises data center, VMware Cloud on AWS Outposts is a perfect solution. It is a jointly engineered on-premises as-a-service solution, which is powered by VMware Cloud Foundation, that runs VMware’s enterprise-class Software-Defined Data Center (SDDC) software on next-generation, dedicated Amazon Nitro-based EC2 bare-metal instances provisioned in AWS Outposts.
https://blogs.vmware.com/cloud/2021/10/05/announcing-availability-of-vmware-cloud-on-aws-outposts/