Versions Compared

Version Old Version 13 New Version Current
Changes made by

MS

MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel3
minLevel1

Info

This page is a guide for cloud administrators to provision tenants (enterprises) in private cloud

...

.

Flow chart

This flow chart describes the basic process for provisioning infrastructure and enterprise tenants. 

  

Mermaid
fileNamemermaid_1655114480704
themeneutral
version710
{"diagramDefinition":"graph TD\r\n\r\nZ(( ))\r\n\r\nstyle Z fill:#g1g,stroke:#100,stroke-width:20px\r\n\r\nZ-->A(Create datacenters and<br/>public cloud regionsProvision infrastructure)\r\nnA-->BB(Create roles)\r\nAnBB --> |Private cloud|B(Create datastore<br/>service levelsModify privileges of roles)\r\n\r\nB-->C(ConfigureCreate networksscopes)\r\n\r\nC-->D(Add compute with<br/>racks and serversCreate enterprises)\r\n\r\nD-->E(OptionallyCreate create<br/>allocationtenant rulesadmins)\r\n\r\nE-->F(Optionally create<br/>hardware profiles)\r\n\r\nF-->G(Provision tenants)\r\n\r\nA-->|Public cloud|G\r\n\r\nG-->|Private cloud|H(Provision networks)\r\n\r\n\r\nG-->|Public cloud|I(Obtain public<br/>cloud credentials)\r\n\r\n\r\>H(Provision networks)\r\nH-->J(Create virtual datacenters)\r\n\r\nJ-->K(Capture VMs)\r\n\r\nK-->L(Configure backups)\r\n\r\nL-->Q((<fontcolour=f3efe6> * ))\r\n\tstyle Q fill:#f3efe6,stroke:#030300,stroke-width:7px,color:#f3efe6\r\n\r\nI-->M(Add credentials<br/>for a tenant)nsubgraph Provision tenants\r\n    BB\r\n    B\r\nM-->N(Onboard from<br/>public cloud)n    C\r\n    D\r\n    E\r\nN-->Qnend"}

Provision tenants

...

Before you begin

Before you create tenants, you should do these steps:

Introduction to user roles

...

Create a user role

...

Introduction to user scopes

...

Create a scope

...

Manage scopes with the API

Tip

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource ScopesResource.

Create a basic enterprise

...

Create a pricing model

See Create a new pricing model  

Assign a pricing model to the enterprise

...

Create a tenant administrator user

...

Provision networks

To create private cloud infrastructure networks, see Network provisioning guide.

Create virtual datacenters

The platform administrator will generally create virtual datacenters for tenants when accounting is by virtual datacenter. 

...

You can automate the process of creating virtual datacenters using the Abiquo API. See How to create virtual datacenters and VMs via API

Import and capture VMs

You can import and capture VMs from private cloud manually and you can also automate the process of capturing VMs using the Abiquo API. See How to capture a remote virtual machine from a managed hypervisor

Introduction to import and capture VMs

...

Prepare to capture VMs

...

Retrieve VMs from a physical machine

...

Capture a VM

...

Configure backups

Abiquo offers optional backup plugins that support popular backup systems such as Veeam and Networker. For information about configuring these plugins, see Abiquo backup plugins. After the plugins are configured, you can manage Abiquo backups in Infrastructure view on the Backup policies tab as described here.

Create a backup manager

General info

Backup description

...

Field

...

Description

...

Name

...

Name of the backup policy that users can select

...

Code

...

The Code that identifies the policy and that must be unique in the datacenter. Abiquo may use the Code attribute to match policies that the administrator already created in the backup system

...

Description

...

Description of the backup policy to help users identify it

After you enter the General info, select the backup type:

  • The Abiquo backup integrations only support Complete backups

Complete backup

Example backup configuration of Complete backup

...

Field

...

Description

...

Defined hour

...

Backup at a defined date and time. Date format is yyy/MM/dd HH:mm:ss +0000.

The Veeam backup integration does not support this option

...

Daily

...

Backup every day at a defined time. Time format is HH:mm:ss +0000

...

Monthly

...

A backup every month at the defined time. When the user enters a time it is in the format HH:mm:ss, and the user must select the UTC offset. This option is designed to enable the system administrator to define the monthly backup day in the backup integration.

...

Hourly

...

A backup at an interval of hours. Enter an integer less than 24.

...

Weekly planned

...

A backup every week on defined days at a defined time. When the user enters a value, the format is HH:mm:ss, and the user must select the UTC offset.

For each field in the backup type, the Cloud Admin can choose how to set the values: 

...

Value

...

Description

...

Fixed

...

The value is set by the Cloud Admin as part of the backup policy

...

Don't apply

...

The value is set by the backup system

...

Define in VM

...

The user must set the value and will require the appropriate privileges

Configure backup properties

...

Create a backup policy

...

Optional additional tenant configuration

To allow specific tenants to access backup policies and hardware profiles:

  1. Go to Users → edit the enterprise

  2. Go to Datacenters → select the Allowed datacenter or public cloud region

  3. Go to Hardware profiles and/or Backups as required

  4. Enable and/or select the desired options

For more details, see Configure an enterprise in a cloud location

General info

Backup description

...

Field

...

Description

...

Name

...

Name of the backup policy that users can select

...

Code

...

The Code that identifies the policy and that must be unique in the datacenter. Abiquo may use the Code attribute to match policies that the administrator already created in the backup system

...

Description

...

Description of the backup policy to help users identify it

After you enter the General info, select the backup type:

  • The Abiquo backup integrations only support Complete backups

Complete backup

Example backup configuration of Complete backup

...

Field

...

Description

...

Defined hour

...

Backup at a defined date and time. Date format is yyy/MM/dd HH:mm:ss +0000.

The Veeam backup integration does not support this option

...

Daily

...

Backup every day at a defined time. Time format is HH:mm:ss +0000

...

Monthly

...

A backup every month at the defined time. When the user enters a time it is in the format HH:mm:ss, and the user must select the UTC offset. This option is designed to enable the system administrator to define the monthly backup day in the backup integration.

...

Hourly

...

A backup at an interval of hours. Enter an integer less than 24.

...

Weekly planned

...

A backup every week on defined days at a defined time. When the user enters a value, the format is HH:mm:ss, and the user must select the UTC offset.

For each field in the backup type, the Cloud Admin can choose how to set the values: 

...

Value

...

Description

...

Fixed

...

The value is set by the Cloud Admin as part of the backup policy

...

Don't apply

...

The value is set by the backup system

...

Define in VM

...

provision tenants:

...

Provision tenants

These are the basic steps to provision tenants in Abiquo.

Create user roles

Create user roles from the default roles. You may need a standard user, a tenant administrator, and optionally, a reseller administrator. Reference: Manage roles

  1. Go to UsersRoles

  2. Click the duplicate clone button and click the pencil edit button, OR click the +add button

  3. Enter the Name of the role

  4. To create a global role for all enterprises, select Make this role global

  5. Optionally, to create a list of network addresses from which users with this role can access the platform, enter Allowed CIDRs.

  6. Enter the corresponding External roles, e.g. LDAP group, for the user. This is required in external authentication modes (openid, ldap).
    A user's external roles must map to a single role (local or global).
    You can also set external scopes.

    • Examples of external roles for LDAP:

      • ldap_group_01

      • ldap_group_02

    • Example for OpenID:

      • id=admins,ou=group,o=qa,ou=services,dc=openam,dc=forgerock,dc=org

...

...

Modify the privileges of user roles

  1. Select the role

  2. In the Privileges pane, select or deselect the privileges 

    • To add or remove groups of privileges, click the All privileges checkbox beside the group name

    • You cannot “undo” a set of changes, but you can discard your changes

  3. To save the changes, click Save

...

Create scopes

Create a scope for each tenant, so that each user can only access their own tenant and its resources.
Reference: Manage scopes#Introduction to user scopes

Tip

You can delegate the administration of users in the tenant to a tenant administrator user with this scope

Info

Optionally, you can use scopes to create a tenant hierarchy with a reseller at the top level. Reference: Abiquo Reseller Guide

  1. Go to UsersScopes

  2. At the bottom of the Scopes list, click +add

  3. On the General info tab, select a parent scope, for example, the Global scope or a reseller scope

    Create scope - general informationImage Added

  4. In the Datacenters list, select the appropriate locations (datacenters and public cloud regions) where the users will work

    Create scope - entitiesImage Added

...

Create tenant enterprises

Create the tenant enterprise for the scope

  1. Go to Users and at the bottom of the Enterprises list, click the + add button

  2. On the General tab, for the Default scope select the tenant's scope.
    Abiquo will automatically add the enterprise to its Default scope

  3. Optionally, if the enterprise represents the tenant headquarters or similar, select Key node

    Edit enterprise basic enterpriseImage Added

  4. Go to Allocation limits and set resource usage limits for the enterprise. Reference: https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370845/Manage+enterprises#Set-allocation-limits-for-a-tenant

    Set allocation limits for the enterpriseImage Added

  5. On the Datacenters tab, to allow the tenant's users to work in locations, drag providers, datacenters, or regions into Allowed datacenters

    Allow the enterprise to access datacentersImage Added

  6. To configure the tenant in each allowed datacenter or public cloud region, see Configure an enterprise in a cloud location

  7. Optionally, add Credentials for public cloud. See Add credentials for public cloud

  8. On the Properties tab, for each tenant metadata property, enter a Key and Value, and click Add.
    See Enterprise properties general table and Display cloud provider billing data
    To inject the tenant details into VM metadata, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/327581812/Manage+enterprise+credentials+and+properties#Inject-enterprise-properties-as-VM-variables

  9. Optionally, on the Pricing tab, select a pricing model

  10. Click Save.
    The platform will create the enterprise and filter to display this enterprise ONLY. 
    (warning) To display other enterprises, click the x beside the enterprise Name in the filter box at the top of the Enterprises list.

...

Create tenant administrators

Create a tenant administrator user

  1. Go to UsersUsers

  2. If the tenant enterprise is not selected, select it

  3. At the bottom of the Users tab, click + add

  4. For the Full name, enter the user’s first name and family name

  5. For the Role: select ENTERPRISE_ADMIN or similar

  6. For the Scope, select the user’s enterprise scope

  7. For the Username,enter the name that the user will log in with, which will display in the system

  8. For the E-mail, enter the address of the user for platform messages, including password reset. The platform will display the Gravatar icon associated with this address as the user icon

    Create an enterprise administrator with general informationImage Added

  9. For Phone number, enter the mobile cell phone number of the user to receive SMS messages if you use this option for two factor authentication

  10. Go to Advanced and enter the user’s Public key, which is required for SSH access

  11. Optionally, enter Allowed CIDRs from which the user can access the platform

  12. We recommend that you select Reset password on next login

  13. Optionally, deselect Activated to prevent the user from logging in until this option is selected

    Create user - advancedImage Added

    Replace screenshot as enterprise administrator has No VDC restriction, so Limit access to VDCs will not display for this user

...

Next steps

  1. Provision cloud infrastructure networks. See Network provisioning guide

  2. Create virtual datacenters. See Manage virtual datacenters

  3. Import and capture VMs. See Import and capture virtual machines

  4. Configure additional VDC services, such as Backup as a Service - see Abiquo backup plugins and Backup

  5. Create cloud users. This is similar to creating a tenant administrator user, but

    1. For the Role, select a standard cloud USER role

    2. Optionally, go to Limit access to VDCs, select the VDCs that the user can access

...

API how-tos