Versions Compared

Version Old Version 108 New Version 109
Changes made by

MS (Unlicensed)

MS (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

  1. Go to UsersScopes

  2. Click the + add button

  3. For General info:

    1. For the Name, we recommend that you identify the tenant, resource, or user group that the scope will apply to

    2. To add the scope to a hierarchy, select a Parent scope. We recommend that under a hierarchy with limited scopes you should not select unlimited scopes (Use all enterprises and/or Use all datacenters)

    3. To specify attributes of an external system to define the user groups that this scope should apply to, enter External scopes. An example of an external scope could be an LDAP group for the user. This is for external authentication modes, such as OpenID and LDAP. A user's external scopes must map to a single Abiquo scope (local or global). See LDAP and Active Directory Integration and Abiquo OpenID Connect Integration.

    4. To create a default list of network addresses from which users with this scope can access the platform, enter Allowed CIDRs. You can also set allowed CIDRs for a user role. A user will inherit the role and scope CIDRs. Any allowed CIDRs set directly for the user will have priority over these inherited allowed CIDRs.

      Create scope - general informationImage RemovedCreate scope - general informationImage Added

  4. For Entities:

    1. Select Enterprises to use in the scope. To automatically include all existing and future enterprises, select the option to Use all enterprises.

      1. If you assign this scope to a user, then the user can manage resources in the list of enterprises selected

      2. If you assign this scope to a resource, then users can access the resources if they belong to the enterprises that are in the scope list

      3. Enterprise default scopes do not use the enterprises list, but enterprise default scopes are the default scope for users you create in the enterprise

    2. Select Datacenters (and public cloud regions) to include in the scope. To automatically include all existing and future datacenters, select the options to Use all datacenters.

      1. If you assign this scope to a user, then the user can manage resources in the list of datacenters selected.

      2. Resource scopes do not use the datacenters list

      3. Enterprise default scopes do not use the datacenters list, but enterprise default scopes are the default scope for users you create in the enterprise

        Create scope - entitiesImage RemovedCreate scope - entitiesImage Added

After you create a scope, you can assign it to a user, an enterprise, or a resource.

...

  1. Create a scope for the tenant

    1. On the General info tab, select a parent scope, for example, Global scope or a reseller scope

      Create scope - general informationImage RemovedCreate scope - general informationImage Added

    2. In the Datacenters list, select the appropriate locations (datacenters and public cloud regions) where the users will work.

      Create scope - entitiesImage RemovedCreate scope - entitiesImage Added

  2. Create the tenant enterprise and on the General tab for the Default scope select the tenant's scope.
    Abiquo will automatically add the enterprise to its Default scope

    Edit enterprise basic enterprise

...

  1. Create a scope for the administrator

    1. On the General info tab, optionally select a parent scope, for example, the Global scope or a reseller scope

      Create scopeImage RemovedCreate scopeImage Added

    2. Go to the Entities tab. In the Enterprises list, select the enterprises to administer

    3. In the Datacenters list, select the appropriate locations (datacenters and public cloud regions) to administer

...

Create a scope to share resources

The resources in the Catalogue catalogue include images (VM templates) and blueprints (VApp specs).

...

  1. Create administrator roles with the appropriate privileges to manage the resources.

    • To share resources, an administrator must also be able to switch enterprises.

  2. Define and create scopes as required.

    • The resource scopes should contain the enterprises that will access the resource

      • The platform allows the user to work with a resource if the user is in a tenant enterprise in the resource's scopes. The platform does not check the user's scope

    • To share resources with ALL current and future tenants, use the default Global scope or create an unlimited enterprise scope

    • To allow an administrator to share resources and manage the tenants, add the tenants to the administrator's scope

    • To allow an administrator to share resources without access to the tenants, add the tenants to one or more scopes, and make the administrator's scope the parent scope.

  3. Log in to the enterprise that owns the resources.

    • To modify VM templates, the administrator must be in the enterprise that created the template

    • To create a new version of a VApp spec, the user must work with a VApp created from the spec in the enterprise that created the spec.

  4. Edit a resource and go to Scopes

  5. Select the scopes that contain tenants who will use the resources.

Notes:

  • You can share resources with your own scope and child scopes of your scope

  • Each tenant can belong to more than one scope

  • Each scope can have one parent scope only

  • The platform will only consider the enterprises in the resource scopes, not the locations.

...

Assign scopes to create a reseller hierarchy

You can use a reseller hierarchy for billing, pricing, and to manage and aggregate your cloud costs and usage. To create a reseller hierarchy, assign scopes to reseller, key node, and reseller customer tenants. 

  • Reseller: A reseller enterprise in the hierarchy can use partner or reseller credentials for public cloud (and create accounts and users for customers) and manage billing and pricing for their hierarchy. 

  • Key node: A key node is the main enterprise for an organization, for example, the head office. A key node enterprise can obtain aggregate billing and usage data for their hierarchy.

To define the hierarchy levels, use the Default scopes of the reseller, key node, and reseller customer enterprises.   

...

Administrators can share VM templates and VApp specs with users in scopes beneath their own Default scope in a hierarchy. Note that it is not mandatory to use resellers and key nodes in a cloud tenant hierarchy.

  • Basic scope hierarchy: The administrator for Spain could also have a scope hierarchy beneath the Spain scope that includes the scopes for Eastern Spain and Central and Southern Spain and then their customers at a lower level. The administrator for Spain can only manage the users of the Spanish national organization but they can share templates and Vapp specs with tenants in the scopes at all levels of the hierarchy.

...

  • You cannot remove an enterprise from a scope that is using shared templates with that scope

  • You cannot modify the default Global scope

  • You cannot modify your own scope

  • In a scope hierarchy, there can only be one reseller and one key node in the scope, which is the enterprise's default scope.

...

Pricing scopes

When a user creates a pricing model, the platform assigns the user's scope that applies to enterprises. Only users with the same enterprise scope can manage the pricing model. All users with pricing privileges can view the pricing model of their own enterprise. You cannot change the pricing scope or display it in the UI.

...