Versions Compared

Old Version 31

changes.mady.by.user MS

Saved on

compared with

New Version Current

changes.mady.by.user MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
Info

This document describes how you can design and implement a hierarchy of tenants in a tree structure in your Abiquo multi-cloud platform

Cloud tenant hierarchy example

Your multicloud platform may have a hierarchy of tenants in a tree structure. These tenants can have their own scope hierarchy with multiple levels.

An example of a hierarchy of tenants could be a chain of retail stores with a head office and regional offices, as well as the stores themselves. The head office may manage the regional offices, and the regional offices may manage the stores. The IT department in the head office and the IT department in the regional office may both share VM templates with the stores. 

You can use tenant scopes to:

  1. Create restricted sets of resources for administrators

  2. Share resources with a group of tenants and an optional tenant hierarchy

The following diagram shows an example of a tenant scopes that are in a hierarchy. The hierarchy contains the following scopes:

  1. Multinational scope

  2. Reseller1 scope

  3. Customer1 scope

  4. Dept1 scope

Edit each enterprise and assign the scope from the hierarchy as the Default scope of the enterprise. 

...

Manage enterprises in scope

When an enterprise is in your user scope, you can manage the enterprise and its users and resources such as VM templates, depending on your user role and privileges.

An administrator with the Customer1Scope would manage the enterprises:

  1. Customer1

  2. Unit1 

  3. Unit2

Share resources to enterprises in a scope beneath your scope

When an enterprise is in a scope beneath your scope, you can share resources with the users of the enterprise. For example, you can share VM templates and configuration blueprints.

  • An administrator with the MultinationalScope could share templates and blueprints with users in all of the enterprises.

  • An administrator with the Resellerl1Scope could share to the enterprises in the scopes beneath their scope, which means the Customer1Scope and the optional Dept1Scope.

How to create a scope hierarchy

To create a scope hierarchy:

  1. Create the top level scope, and set the Global scope as its parent

  2. Add the enterprise in the top level scope

  3. Create the second level scope and set the parent scope to be the top level scope

  4. Add the enterprise to the second level scope

  5. Continue to the next scope level, assign the parents

  6. Add the enterprise

Continue to create scopes and add enterprises for the rest of the hierarchy

For the above example

  1. Create the scope called MultinationalScope and set the Global scope as its parent

  2. Add the Multinational enterprise. 

  3. Create the scope called Reseller1Scope. Set the parent scope of Reseller1Scope to MultinationalScope

  4. Add the Reseller1 enterprise.  

  5. Create Customer1Scope and set its parent scope as Reseller1Scope

  6. Add the Customer1 and Unit1 and Unit2 enterprises

  7. You can also create the Dept1Scope or even allow your customers to create their own sub scopes

Tip

An administrator does not need to have their own enterprise in scope. In this case they will still be able to access the Catalogue but they won't be able to edit the public cloud credentials or manage users.

Configure a reseller

The reseller enterprise can provide public cloud credentials to customers. And the reseller will receive aggregate billing reports for customers. In the above example, "Customer1" would be a reseller in its scope and scope hierarchy.

To mark a reseller:

  1. Edit the tenant that represents reseller, at the top of the scope hierarchy

  2. Set the Reseller1 scope as the default scope for the enterprise. This will be the scope where the enterprise is the reseller

    1. The platform will also apply the default scope to new users in this enterprise

  3. Select the reseller option

This tenant will be marked with (R) in the tenant list, to indicate that the enterprise is a reseller.

...

Configure a key node for multi-tenant data aggregation

The enterprise at the top of a customer hierarchy can be set as the key node for data aggregation. For example, you can bill services to this main enterprise, and usage to the sub-tenant enterprises below it. As each enterprise can only have one public cloud account or subscription, if your tenant has multiple accounts, such as Azure plans, then you should create one sub-tenant enterprise for each subscription.

In the above example, Customer1 would be a key node in its scope and scope hierarchy.

To mark a key node:

  1. Edit the tenant that represents the head office or equivalent, at the top of its scope hierarchy (Unit1, Unit2 are in the same scope, and Dept1 is in a lower scope) 

  2. Set the top level scope as the default scope for the enterprise. This will be the scope where the enterprise is the key node

    1. The platform will also apply the default scope to new users in this enterprise, but you can edit this scope, for example, to set a scope with only the user's enterprise

  3. Select the Key node option

...

A key node tenant will be marked with a (K) in the tenant list.

...

For more information about scopes see: 

...

Manage scopes

...

See Abiquo cloud reseller hierarchy