Flow chart

This flow chart describes the basic process for provisioning infrastructure and tenants. 

Provision tenants

This section describes how to set up enterprises, which are basic cloud tenants.

Before you create tenants, you should do these steps:

• Add infrastructure to the platform as described in the Infrastructure provisioning guide 

  • Configure the platform in Configuration View including:  Configure two factor authentication

• Prepare enterprise themes for white-labelling following the Abiquo Branding Guide

• Create roles and scopes

• Create pricing models

Introduction to user roles

Create a user role

Abiquo provides a set of default roles and you can clone and modify them to create new roles. See Default roles. For a list of the privileges for each role, see Privileges.

A user can only have one role, but a role can be associated with multiple OpenID, AD, or LDAP groups. 

When you clone a role, by default the new role will have Copy: as a prefix to its name, for example, Copy: CLOUD_ADMIN.

To create or modify a role:

1. Go to Users → Roles

   • To clone a role, click the duplicate clone button. Select the cloned role and click the pencil edit button

   • To create a new role, click the + add button

2. Complete the dialog.

   1. Enter the Name of the role. The names of global roles must be unique

      • To create a local role, select the Enterprise that the role will belong to

      • To create a global role, select the Make this role global checkbox

   2. Optionally, to create a list of network addresses from which users with this role can access the platform, enter Allowed CIDRs.
      The CIDRs from a user’s role and scope will apply to the user but the allowed CIDRs of the user will have the highest priority.

   3. Enter the corresponding External roles, such as the LDAP group, for the user. This is required in external authentication modes (openid, ldap).
      A user's external roles must map to a single role (local or global).
      See LDAP and Active Directory integration and Abiquo OpenID Connect integration .
      You can also set external scopes.

      • Examples of external roles for LDAP:

        • ldap_group_01

        • ldap_group_02

      • Example for OpenID:

        • id=admins,ou=group,o=qa,ou=services,dc=openam,dc=forgerock,dc=org

After you create or clone a role, select the role name in the list and edit the privileges as required, then click Save.

Modify the privileges of a role

To modify the privileges of a user role:

1. Go to Users → Roles

2. For a local role, select the enterprise that the role belongs to

3. From the Roles list select the role

4. In the Privileges pane, select or deselect the privileges 

   • To add or remove groups of privileges, click the All privileges checkbox beside the group name

   • You cannot undo, but you can discard the changes

5. Save the changes by clicking Save

   •  The platform will discard your changes if you do an action outside of the Privileges pane, for example, clicking on a another role name

Manage roles with the API

Introduction to user scopes

Create a scope

Manage scopes with the API

Create a basic enterprise

This section describes how to create a basic tenant enterprise for a cloud tenant. For more detailed information, see Manage enterprises.

To create a basic customer enterprise do these steps:

1. Go to Users

2. At the bottom of the Enterprises list, click the + add button to add an enterprise

   

3. On the General tab

   1. Enter the customer Name

   2. As the Default scope, set the tenant scope that will define the tenant hierarchy

      • The platform will automatically add this enterprise to the scope. Note that if you change the default scope of an enteprise, the platform will not remove the enterprise from its previous scope.

   3. If the enterprise represents the tenant headquarters or similar, select Key node

      

4. Go to Allocation limits and set resource usage limits for the enterprise

   Unable to render {include} The included page could not be found.
   

5. On the Datacenters tab, drag and drop providers, datacenters, or regions to Allowed datacenters, to allow the tenant's users to work in them. 

   

   1. To configure the tenant in each allowed location, see Configure an enterprise in a cloud location

6. On the Properties tab, for each tenant metadata property, enter a Key and Value, and click Add.
   See Enterprise properties general table and Display cloud provider billing data
   To inject the tenant details into VM metadata, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/327581812/Manage+enterprise+credentials+and+properties#Inject-enterprise-properties-as-VM-variables

7. Optionally, add credentials for public cloud. See Add credentials for public cloud

8. Click Save

The platform will create the enterprise and filter to display only this enterprise. 

Create a pricing model

See Create a new pricing model  

Assign a pricing model to the tenant

Create a tenant administrator user

Provision networks

To create private cloud infrastructure networks, see Network provisioning guide.

Create virtual datacenters

The platform administrator will generally create virtual datacenters for tenants when accounting is by virtual datacenter. 

See Manage virtual datacenters

You can automate the process of creating virtual datacenters using the Abiquo API. See How to create virtual datacenters and VMs via API

Import and capture VMs

See Import and capture virtual machines

Configure backup as a service

Abiquo offers optional backup plugins that support popular backup systems such as Veeam and Networker. These plugins require separate licenses. For information about configuring these plugins, see Abiquo backup plugins. After the plugins are configured, you can manage Abiquo backups in Infrastructure view on the Backup policies tab. See Backup.

Your cloud users can then configure backups for their VMs. See VM backups.

Provision tenants with the API

See Create tenants via API.