Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

Cloud tenant hierarchy example

Unable to render {include} The included page could not be found.


Manage enterprises in scope

When an enterprise is in your user scope, you can manage the enterprise and its users and resources such as VM templates, depending on your user role and privileges.

An administrator with the Customer1 scope would manage the enterprises:

  1. "Customer1"
  2. "Unit1" 
  3. "Unit2".



Share resources to enterprises in a scope beneath your scope

When an enterprise is in a scope beneath your scope, you can share resources with the users of the enterprise. For example, you can share VM templates and configuration blueprints.

  • An administrator with the Multinational scope could share templates and blueprints with users in all of the enterprises.
  • An administrator with the Resellerl1 scope could share to the enterprises in the scopes beneath their scope, which means the Customer1 scope and the optional Dept1 scope.



How to create a scope hierarchy

To create a scope hierarchy:

  1. Create the top level scope, and set the Global scope as its parent
  2. Add the enterprise in the top level scope
  3. Create the second level scope and set the parent scope to be the top level scope
  4. Add the enterprise to the second level scope
  5. Continue to the next scope level, assign the parents
  6. Add the enterprise

Continue to create scopes and add enterprises for the rest of the hierarchy

For the above example

  1. Create the "Multinational" scope and set the Global scope as its parent
  2. Add the enterprise ("Multinational"). 
  3. Create the "Reseller1" scope. Set the parent scope of the "Reseller1" scope to"Multinational". 
  4. Add the enterprise ("Reseller1").  
  5. Next create the next scope "Customer1" and set its parent scope as "Reseller1". 
  6. Then add the enterprises ("Customer1" and "Unit1 and Unit2"...)
  7. You can also create the Dept1 scope or allow your customers to create their own sub scopes


An administrator does not need to have their own enterprise in scope. In this case they will still be able to access the Apps library but they won't be able to edit the public cloud credentials or manage users.



Configure a reseller

The reseller enterprise can provide public cloud credentials to customers. And the reseller will receive aggregate billing reports for customers. In the above example, "Customer1" would be a reseller in its scope and scope hierarchy.

To mark a reseller:

  1. Edit the tenant that represents reseller, at the top of the scope hierarchy
  2. Set the Reseller1 scope as the default scope for the enterprise. This will be the scope where the enterprise is the reseller
    1. The platform will also apply the default scope to new users in this enterprise
  3. Select the reseller option

This tenant will be marked with a (R) in the tenant list, indicating that the enterprise is a reseller.

Configure a key node for multi-tenant data aggregation

Unable to render {include} The included page could not be found.


Add public cloud credentials for resellers

To work with public cloud regions or obtain billing data, an enterprise can have one public cloud account or subscription per cloud provider. All the users in the tenant will work with this same account. No other enterprises can share the same account or subscription.

This section describes how to add public cloud credentials to a standard enterprise. These instructions are for users with permissions to manage enterprises.
For instructions for tenant administrators to add credentials to their own enterprises,
see Add credentials for public cloud

Privileges: Manage provider credentials, Manage enterprises, Allow user to switch enterprises, Access Users view

Before you begin:

  1. Obtain credentials to access the cloud provider's API. For Abiquo's basic guides, see Obtain public cloud credentials.  Always check your provider documentation too.

To add public cloud credentials:

  1. Go to Users view and edit an enterprise

  2. Go to Credentials → Public

  3. Select the Provider. There may be a separate provider for regions requiring different credentials

To add credentials for compute with optional billing and pricing:

  1. Enter the Access key ID:

    1. For AWS, enter the Access key ID

    2. For Azure standard accounts and CSP customers, the format is subscription-id#app-id#tenant-id

    3. For GCP the format is project_id#client_id#client_email#private_key_id

    4. For OCI the format is tenancy#user#fingerprint

  2. For the Secret access key:

    1. For AWS, enter the Secret access key

    2. For Azure, enter the password for the application.

    3. For GCP, enter the private key in the correct format

    4. For OCI enter the private key in PEM format.

  3. Optionally, for Amazon, GCP, or OCI billing, select Also use for pricing
    For Azure, to add billing credentials, go to Pricing.
    See Add public cloud pricing credentials for a tenant

To add credentials for billing only:

  • For a standard AWS customer account, do the steps at Add a customer AWS account for billing only

  • For a customer of an Azure CSP or an Amazon organization do these steps.

    1. Enter the Access key ID as follows:

      • For Azure, the format is subscription-id##tenant-id

      • For Amazon, the format is account-id

    2. For the Secret access key, enter a random string

    3. Click Add account. Abiquo will validate your credentials with the cloud provider and save them

    4. Finish editing the enterprise and click Save

The platform will add the cloud provider account for the enterprise, which will also require access to a public cloud region.

If you have a reseller account (Azure CSP, AWS organization), you can automatically create tenant accounts and add them to enterprises in the platform. See Create an account in public cloud for the customer of a reseller.


Add public cloud pricing credentials for resellers

The platform can import hardware profile prices from public cloud for use in pricing.

  • The prices are for Linux instances with no pre-installed software

  • For AWS, the only currency available is US dollars.

Before you begin:

  1. Check that there is a public cloud region for the provider. See Create a public cloud region.

  2. Check that the tenant has a pricing model assigned. See Create a new pricing model

    1. For Amazon regions, use US Dollars as the currency

    2. If you are onboarding price lists for a customer of the CSP and/or reseller, go to Pricing → Price factors and create price factors to add markups or discounts to the cloud provider prices.
      See Manage price factors

  3. Obtain credentials to retrieve pricing information from the provider.

    1. For AWS pricing, an IAMS user must have the AWSPriceListServiceFullAccess permission. You can add the permission to the regular public cloud user account or create a separate user. See Obtain AWS credentials

    2. For Azure, see Obtain Azure ARM credentials.

  4. Check you have the pricing credentials in the right format. See Public cloud pricing credentials table below


To retrieve the hardware profile prices:

  1. Add pricing credentials for the tenant 

    1. From the username menu go to Edit credentials or go to Users → edit enterprise

    2. Go to Credentials → Public (for compute or combined credentials in Amazon) or
      Credentials → Pricing (for Azure or separate Amazon credentials)

    3. Enter the credentials

  2. If the tenant is a CSP and/or reseller, go to Edit enterprise → Properties and enter the following properties with appropriate values:

    azurecompute-arm_discount=0.2
amazon_discount=0

    Note that CSP accounts return the prices with the discount factor applied, so the platform will not apply it again.
    To configure a custom suffix of the discount properties, set abiquo.enterprise.property.discount.suffix in abiquo.properties. See Abiquo Configuration Properties#enterprise.

  3. When you save the tenant, if the pricing credentials are present, the platform will retrieve the prices. 

Edit enterprise and add pricing credentials for public cloud

To display and edit the prices of public cloud hardware profiles:

  1. Go to Pricing → edit pricing model.

  2. Go to Resource Prices → select the public cloud region

  3. For each hardware profile, enter a New price as required

  4. Click Save

Edit a pricing model and set new prices for hardware profiles

The platform will update the hardware profile prices from the public cloud provider every 24 hours.

  • To set a custom interval, set abiquo.pricing.import.check.delayInHrs in abiquo.properties. See Abiquo configuration properties#pricing

  • To prevent the platform from updating the prices from the public cloud provider, remove the pricing credentials


Public cloud pricing credentials table

Tenant type

Format of access key ID for pricing
and
Secret access key

Notes

CSP account owner

csp#tenantId#accessToken#refreshToken
and
Application secret key

You MUST add the text string csp# as a prefix to the credentials

Customer of CSP

-

Do not enter credentials because the platform will use the CSP credentials

Standard account

normal#subscription-id#app-id#tenant-id#offer-durable-id
OR
subscription-id#app-id#tenant-id#offer-durable-id

and
Application secret key

Add the text string normal# as a prefix to the pricing credentials. To facilitate upgrades, existing credentials will remain valid


Create an account in public cloud account for the customer of a reseller

Unable to render {include} The included page could not be found.


Display Amazon billing data

This document describes how to configure Amazon billing data for standard accounts and resellers with partner accounts

Changes to AWS billing

The following changes apply to AWS billing:

  • In Abiquo 6.1.0+, replace the price_factor enterprise property with the Abiquo price factors for Amazon. See Manage price factors

  • In Abiquo 6.1.2+, you can also add a managed costs using a price factor. See Manage price factors

Configure AWS to supply billing data

To configure AWS to supply billing data for standard or reseller accounts, do the following steps.

  1. Create an S3 bucket, for example, costandusagebillingreport

    1. Within the bucket, create a folder where AWS will store your reports. Give it the name of your report, for example costandusagebillingreport

    2. Note the billing bucket name, for example, costandusagebillingreport

  2. Create a new user, such as programmaticbilling to create the reports

    1. Assign the AmazonS3ReadOnlyAccess policy

    2. Activate the IAM user's access to billing information. See https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html

  3. Configure Cost & Usage Reports

    1. Go to Cost & Usage Reports

    2. Enter the Report  name, and note the value to enter in Abiquo later, then click Next

    3. Click Configure and select the S3 bucket. Click Next, then select I have confirmed that this policy is correct.

    4. By default, Amazon will put the reports in a folder with the name format /report-name/date-range/. Note this as the value for the amazon_bucket_prefix in Abiquo. Click Next

    5. Review your configuration and check that the following parameters are set: 

      1. bucket name

      2. path (folder/subfolder)

      3. time detail: Hourly

      4. GZ or ZIP format

  4. The AWS account with credentials to use in Abiquo should be an account with pricing and billing permissions.

    1. For partner accounts, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370749/Obtain+AWS+credentials#Reseller-pricing-and-billing-credentials

    2. For standard accounts, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370749/Obtain+AWS+credentials#Standard-account-pricing-and-billing-policy

Configure dashboard display in Abiquo

To configure billing dashboards in Abiquo, do these steps in Abiquo.

  1. Edit the enterprise and create the following enterprise properties:

    1. amazon_bucket: bucket_name

    2. amazon_bucket_region: code for the AWS region of the bucket, such as us-east-1

    3. amazon_report_name: amazon_bucket/amazon_bucket_prefix/amazon_report_name/file.csv

    4. amazon_bucket_prefix: amazon_bucket/ amazon_bucket_prefix /amazon_report_name/file.csv

    5. amazon_billing_compress_format: ZIP or GZ

    6. amazon_mpa: set to dedicated or no to use blended costs; if not present or shared, use unblended costs

Additional configuration for resellers

This section describes additional configuration for reseller accounts.

  1. Create an additional enterprise property for resellers:

    1. amazon_discount: as agreed with Amazon, usually with a value such as 0.03, 0.02

  2. In Pricing view, create price factors as required for the reseller, the customers, and for a percentage of managed costs. See Manage price factors

  3. For your customer enterprises, add credentials for compute and/or billing

  4. Assign the privilege to View bills to user roles

  5. Optionally, configure Abiquo properties

    1. By default, the platform will retrieve billing data for the last two months. To change this value, on the Abiquo Server, set the following property

      abiquo.enterprise.property.billing.monthoffset=2

    2. By default, the platform will process all items in the CSV file, so the partner discount (SppDiscount) value can be visible on customer dashboards. To discard items from the CSV file, on the Remote Services server, set the following property with a list of codes of any items to discard.

      abiquo.ec2billing.parser.lineItemType.ignore=SppDiscount


Display Azure billing data

To display Azure billing data for resellers and their customers:

  1. Abiquo can obtain Azure billing data with the credentials you enter when you configure Abiquo to:

    1. Create a reseller with CSP pricing credentials; OR

    2. Create an enterprise with compute or billing only credentials, with a Contributor role.
      See Onboard an Azure CSP or AWS organization account.

  2. Edit the CSP reseller enterprise and set the following enterprise properties:

    1. azurecompute-arm_discount: decimal value (with dot separator), used to calculate the user invoice for billing dashboard. CSP APIs return prices with a discount applied, which we remove to display for customers. We use the formula: total = TotalFromCSP/(1 -  azurecompute-arm_discount). This is a required property

    2. azurecompute-arm_currency_code: The default is USD. Three character currency code of the bill. Warning - this is different from currency_code used for conversion factor. This is a required property

    3. billing.azure.country_code: Two digit ISO code representing the country where you purchased the subscription. The default of US is set in abiquo.properties on Remote Services as abiquo.billing.azure.country_code.

  3. Optionally, configure price factors for markups. See Manage price factors

  4. Edit reseller customer enterprises and add this enterprise property:

    1. azurecompute-arm_discount: Decimal value (with dot separator), used to calculate the user invoice for billing dashboard.

  5. If the customer enterprise has Azure plans, they may have a keynode enterprise and several standard enterprises below it to use the plans credentials. Edit the standard enterprises and add this property.

    1. azurecompute-arm_only_bill_subscription: If this property is true, for an Azure plan, only bill for usage - do not include the customer's products and services in the billing data for this enterprise.

Abiquo properties for Azure billing data display

On the Abiquo Server, you can configure the following properties for Azure billing.

  • abiquo.enterprise.property.billing.monthoffset: By default, the platform will retrieve billing data for the last two months. To change this set the following property to the number of months to retrieve.
    Default value: 2

  • abiquo.azure.billing.parser.lineitem.publisher.ignore: By default, Abiquo will bill SaaS resources, such as a Twilio subscription, to the enterprise that the subscription is assigned to. This corresponds to the billing scope ID of a billing line item. To exclude products from specific publishers from Azure billing, add the following property, and enter a string of publishers to exclude from billing line items in CSV format. With the public-cloud-billing-check-tool for Azure, use the --excludedPublishers option. Default value: Microsoft Office

On the Remote Services, you can configure the following properties for Azure billing.

  • abiquo.billing.azure.country_code: For Azure price factors. Two digit ISO code representing the country where you will obtain the product list. Default value: US


Display Google Cloud Platform billing data

This page describes how to configure Google Cloud Platform billing data for display on the dashboard of the Abiquo multi-cloud platform.

  1. To configure Google to supply billing data, follow Google documentation to set up billing data export.
    See https://cloud.google.com/billing/docs/how-to/export-data-bigquery-setup
    This will require permissions to administer the account.
    To summarize, you can go to the Google console →  BigQuery →  select the Project and create a dataset, for example, billingDatasetId. Note the name of your billing dataset.

    Create a billing dataset for BigQuery

  2. Check that the service account for Abiquo has the Big Query Viewer role

  3. Log in to Abiquo and edit the Abiquo enterprise

  4. Go to Properties and enter the properties as described here.

    1. dataset_id: Name of your billing dataset, e.g. billingDatasetId

    2. googleCloudPlatform_price_factor: Optional markup property

    3. googleCloudPlatform_discount: Optional discount property

  5. If you already entered the compute credentials but did not mark Also use for pricing, go to Credentials→ Pricing and enter them in the following format:

    • Access key ID: project_id#client_id#client_email#private_key_id

      • Secret access key: private_key

    For details of how to obtain these credentials, see Obtain Google Cloud Platform credentials


Configure billing dashboard

Unable to render {include} The included page could not be found.



For more information about scopes see: 

  • No labels

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved