Hi,
We want to give some of our customers management access to their clouds.
After testing, we really don't like AppC or Self Service Portal, so i'm trying to setup a multi-tenant management portal withVMM2012 console.
I deployed the console with remote-app, and i'm using a self-service account to login.
Everything look well delimited, no way to see hosts or other customers clouds, i can modify VMs unlike with AppController, etc ... Great !
But here is my problem : i can use the powershell console integrated in VMM, rights are limited to self-service account but it can be used to ping the network, list folders in C:/users/ and such things.
I thought about locking outgoing connections on the remote-app server firewall so it can only comunicate with VMM Server, and using unexplicit usernames so listing users isn't a problem, but i think disabling that powershell would be a good thing.
Any ideas about my setup are also welcome.