Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »


This page describes how to add credentials, such as public cloud credentials, and configure enterprise properties for cloud tenants.
For details of how to create and modify tenants, see Manage enterprises.
For details of how to set limits and resource access in Allowed datacenters and public cloud regions, see Configure an enterprise in a cloud location.

Add public cloud credentials for a tenant

To work with a public cloud region, each enterprise should have its own public cloud account for each cloud provider. All the users in the tenant will work with this same account. 

Privileges: Manage provider credentials

Before you begin:

  1. Obtain credentials to access the cloud provider's API. For Abiquo's basic guides, see Obtain public cloud credentials.  Always check your provider documentation too.

To add public cloud credentials:

  1. Go to Users → select and edit enterprise → Credentials → Public

  2. Enter the Credentials as described here

    1. Select the Provider: Some providers may require different credentials for groups of regions

    2. Enter the credentials as described in the table below

    3. If the customer account is under a provider partner account and will not have compute access, select Only for billing. 
      (warning) For a standalone customer account, see Add a customer AWS account for billing only.

  3. Click Add account. The platform will validate your credentials with the cloud provider and save them

  4. Finish editing the enterprise and click Save

This will add a cloud provider account for a tenant enterprise with access to a public cloud region.

In resellers with Amazon, Azure ARM, and other partner accounts, to create a customer account in the provider and add it to an enterprise in the platform, click the enterprise building Create account button. See Create an account in public cloud for the customer of a reseller.

Public cloud credentials table

Attribute

Description

Compute Compute access

Access key ID

For compute access, identity to access the cloud provider API. For example, a username, API access key ID, subscription ID and certificate, or another account identifier.

For Azure, the format is subscription-id#app-id#tenant-id
For Google the format is project_id#client_id#client_email#private_key_id
For OCI, the format is tenancy#user#fingerprint

Secret access key

Key to access the cloud provider API. For example, an API key or other API credential. For Azure, enter the password for the app. For OCI enter the private key in PEM format.

Also use for pricing

Use this credential to access pricing data in the provider and for cost usage data for billing dashboards. For example, to get hardware profile prices from AWS or to obtain billing data from OCI. For Azure, add a separate pricing credential in a different format. The API user must have pricing and billing permissions in the provider

Billing only

Only for billing

If your customer is part of your reseller hierarchy AND their public cloud account is under your reseller or partner account AND they do not require compute access, then mark this checkbox AND enter the Access key ID as follows:

  • For Azure, the format is subscription-id##tenant-id

  • For AWS, the format is account-id

For these customers, for the Secret access key, you can enter a random string

To work with public cloud regions or obtain billing data, an enterprise can have one public cloud account or subscription per cloud provider. All the users in the tenant will work with this same account. No other enterprises can share the same account or subscription.

This section describes how to add public cloud credentials to a standard enterprise. These instructions are for users with permissions to manage enterprises.
For instructions for tenant administrators to add credentials to their own enterprises,
see Add credentials for public cloud

Privileges: Manage provider credentials, Manage enterprises, Allow user to switch enterprises, Access Users view

Before you begin:

  1. Obtain credentials to access the cloud provider's API. For Abiquo's basic guides, see Obtain public cloud credentials.  Always check your provider documentation too.

To add public cloud credentials:

  1. Go to Users view and edit an enterprise

  2. Go to Credentials → Public

  3. Select the Provider. There may be a separate provider for regions requiring different credentials

To add credentials for compute with optional billing and pricing:

  1. Enter the Access key ID:

    1. For AWS, enter the Access key ID

    2. For Azure standard accounts and CSP customers, the format is subscription-id#app-id#tenant-id

    3. For GCP the format is project_id#client_id#client_email#private_key_id

    4. For OCI the format is tenancy#user#fingerprint

  2. For the Secret access key:

    1. For AWS, enter the Secret access key

    2. For Azure, enter the password for the application.

    3. For GCP, enter the private key in the correct format

    4. For OCI enter the private key in PEM format.

  3. Optionally, for Amazon, GCP, or OCI billing, select Also use for pricing
    For Azure, to add billing credentials, go to Pricing.
    See Add public cloud pricing credentials for a tenant

To add credentials for billing only:

  • For a standard AWS customer account, do the steps at Add a customer AWS account for billing only

  • For a customer of an Azure CSP or an Amazon organization do these steps.

    1. Enter the Access key ID as follows:

      • For Azure, the format is subscription-id##tenant-id

      • For Amazon, the format is account-id

    2. For the Secret access key, enter a random string

    3. Click Add account. Abiquo will validate your credentials with the cloud provider and save them

    4. Finish editing the enterprise and click Save

The platform will add the cloud provider account for the enterprise, which will also require access to a public cloud region.

If you have a reseller account (Azure CSP, AWS organization), you can automatically create tenant accounts and add them to enterprises in the platform. See Create an account in public cloud for the customer of a reseller.

Create a user to access the cloud provider portal

Unable to render {include} The included page could not be found.

Add enterprise properties to store tenant details and metadata

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.


Inject enterprise properties as VM variables

Unable to render {include} The included page could not be found.


Configure Azure VPNs

To create a VPN in Abiquo between a private cloud virtual datacenter and Azure, you will need the following Azure ARM configuration for the enterprise:

  • A Gateway Subnet in the Virtual Network that represents the VPC

  • A Virtual Network Gateway (VNG) using this Gateway Subnet - if this does not exist, Abiquo will try to create it in the virtual network with the supplied netmask

  • A Local Network Gateway (LNG) that will represent the remote VPN site, which is not managed by Azure ARM

  • A Virtual Network Gateway Connection that relates the VNG to the LNG

    • All address spaces from the Virtual Network will be exposed through the Virtual Network Gateway.

To create the Azure VPN configuration, edit each enterprise that will use Azure VPNs and set the following Properties.

Name

Description

azurecompute-arm.vpn.virtualnetworkgateway.type

Type of routing to use by the Virtual Network Gateway.
See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways.
To create a VPN from Azure to Azure, set to PolicyBased
Valid values: RouteBased, PolicyBased
Default: RouteBased

azurecompute-arm.vpn.gatewaysubnet.mask

The Virtual Network Gateway requires a 'gateway subnet'.
If this does not exist, the plugin will try to create it in some available range of the virtual network,
using the mask given by this property
Default: 29

azurecompute-arm.vpn.virtualnetworkgateway.sku.name

Name of the Virtual Network Gateway SKU.
Valid values: Basic, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw2,
VpnGw3, VpnGw4, VpnGw5, VpnGw1AZ, VpnGw1AZ, VpnGw1AZ, VpnGw1AZ, VpnGw1AZ
Only the Basic SKU is supported in case of using PolicyBased VPN.
See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
Default: Basic

You can also set default values for the whole platform using the corresponding Abiquo Configuration Properties with an "abiquo." prefix, for example, abiquo.azurecompute-arm.vpn.gatewaysubnet.mask


Add an application for OAuth

For OAuth applications, users can add applications, display keys, inspect the privileges assigned to the application, and delete the application.

Privileges: Manage user applications

To add an OAuth application:

  1. Click on the User name or User icon in the bottom left-hand corner of the screen to open the User icon menu

  2. Select Manage applications

  3. Click the + button

  4. Enter the Name and Description of the application

  5. To set the privileges of the application, go to Privileges. By default, all of the user's privileges are selected for the application. We recommend that you go to Privileges and remove any unnecessary privileges

  6. Click Save

Abiquo will add the new application to the Applications list and display the API key and an API secret key. Copy the API key and API secret key to a secure storage area.

  • No labels

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved