AppVolumes Assignments and Nested Group Support
search cancel

AppVolumes Assignments and Nested Group Support

book

Article ID: 341862

calendar_today

Updated On:

Products

VMware

Issue/Introduction

 
 
To highlight expected behaviour.


Symptoms:
  • When creating and assignment of Writable volumes to an AD group containing other sub-groups and marking delay creation, Writables continue to be created even if the membership changes.
  • The same behaviour is seen with Appstack assignments and sub-groups.
 
For example:
  • Group A contains Group B and C.
  • If you remove group B from the membership of Group A in Active Directory, Writables/AppStacks still get created and assigned when a user logs in.
 


Environment

VMware App Volumes 2.9.x
VMware App Volumes 2.12.x
VMware App Volumes 2.10.x
VMware App Volumes 2.11.x

Cause

This issue occurs due to design.
  • Appvolumes manager creates ownership per sub-group in the AD group selected.
  • Creating a Writables volumes or AppStacks assignment for group A will create 3 ownership entities - Group A, B, C.
  • Appvolumes creates a Writables/AppStacks assignment per sub-object (OU/Group) when selecting an object that has sub-groups to save time and resources when logging in.

Resolution

This is an expected behavior.
 
VMware recommends to manage specific subgroups individually to avoid confusion.


Additional Information

In a large App Volumes environment, it is not usually a good practice to allow user behavior to dictate storage operations and capacity allocation. For this reason, VMware recommends to create Writables/AppStacks volumes at the time of entitlement, rather than deferring creation.
 

 

 


Impact/Risks:
Note: Any changes in the membership after the first initial creation will not follow over time.
 
For example:
If Group B is removed from Group A, Writables/AppStacks entity of Group B will remain even if we initially created it only from Group A in the manager console.