This document describes how you can design and implement a hierarchy of tenants in a tree structure in your Abiquo multi-cloud platform
Cloud tenant hierarchy example
Your multicloud platform may have a hierarchy of tenants in a tree structure. These tenants can have their own scope hierarchy with multiple levels.
An example of a hierarchy of tenants could be a chain of retail stores with a head office and regional offices, as well as the stores themselves. The head office may manage the regional offices, and the regional offices may manage the stores. The IT department in the head office and the IT department in the regional office may both share VM templates with the stores.
You can use tenant scopes to:
Create restricted sets of resources for administrators
Share resources with a group of tenants and an optional tenant hierarchy
The following diagram shows an example of a tenant scopes that are in a hierarchy. The hierarchy contains the following scopes:
Multinational scope
Reseller1 scope
Customer1 scope
Dept1 scope
Edit each enterprise and assign the scope from the hierarchy as the Default scope of the enterprise.
Manage enterprises in scope
When an enterprise is in your user scope, you can manage the enterprise and its users and resources such as VM templates, depending on your user role and privileges.
An administrator with the Customer1Scope
would manage the enterprises:
Customer1
Unit1
Unit2
Share resources to enterprises in a scope beneath your scope
When an enterprise is in a scope beneath your scope, you can share resources with the users of the enterprise. For example, you can share VM templates and configuration blueprints.
An administrator with the
MultinationalScope
could share templates and blueprints with users in all of the enterprises.An administrator with the
Resellerl1Scope
could share to the enterprises in the scopes beneath their scope, which means theCustomer1Scope
and the optionalDept1Scope
.
How to create a scope hierarchy
To create a scope hierarchy:
Create the top level scope, and set the
Global scope
as its parentAdd the enterprise in the top level scope
Create the second level scope and set the parent scope to be the top level scope
Add the enterprise to the second level scope
Continue to the next scope level, assign the parents
Add the enterprise
Continue to create scopes and add enterprises for the rest of the hierarchy
For the above example
Create the scope called
MultinationalScope
and set theGlobal scope
as its parentAdd the
Multinational
enterprise.Create the scope called
Reseller1Scope
. Set the parent scope ofReseller1Scope
toMultinationalScope
.Add the
Reseller1
enterprise.Create
Customer1Scope
and set its parent scope asReseller1Scope
.Add the
Customer1
andUnit1
andUnit2
enterprisesYou can also create the
Dept1Scope
or even allow your customers to create their own sub scopes
An administrator does not need to have their own enterprise in scope. In this case they will still be able to access the Catalogue but they won't be able to edit the public cloud credentials or manage users.
Configure a reseller
The reseller enterprise can provide public cloud credentials to customers. And the reseller will receive aggregate billing reports for customers. In the above example, "Customer1" would be a reseller in its scope and scope hierarchy.
To mark a reseller:
Edit the tenant that represents reseller, at the top of the scope hierarchy
Set the Reseller1 scope as the default scope for the enterprise. This will be the scope where the enterprise is the reseller
The platform will also apply the default scope to new users in this enterprise
Select the reseller option
This tenant will be marked with (R)
in the tenant list, to indicate that the enterprise is a reseller.
Configure a key node for multi-tenant data aggregation
The enterprise at the top of a customer hierarchy can be set as the key node for data aggregation. For example, you can bill services to this main enterprise, and usage to the sub-tenant enterprises below it. As each enterprise can only have one public cloud account or subscription, if your tenant has multiple accounts, such as Azure plans, then you should create one sub-tenant enterprise for each subscription.
In the above example, Customer1
would be a key node in its scope and scope hierarchy.
To mark a key node:
Edit the tenant that represents the head office or equivalent, at the top of its scope hierarchy (
Unit1
,Unit2
are in the same scope, andDept1
is in a lower scope)Set the top level scope as the default scope for the enterprise. This will be the scope where the enterprise is the key node
The platform will also apply the default scope to new users in this enterprise, but you can edit this scope, for example, to set a scope with only the user's enterprise
Select the Key node option
A key node tenant will be marked with a (K) in the tenant list.
For more information about scopes see: