Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »


This page describes how to add public cloud credentials and configure enterprise properties for cloud tenants.
For details of how to create and modify tenants, see Manage enterprises.
For details of how to set limits and resource access in Allowed datacenters and public cloud regions, see Configure an enterprise in a cloud location.

Add public cloud credentials for a tenant

To work with public cloud regions or obtain billing data, an enterprise can have one public cloud account or subscription per cloud provider. All the users in the tenant will work with this same account. No other enterprises can share the same account or subscription.

This section describes how to add public cloud credentials to a standard enterprise. These instructions are for users with permissions to manage enterprises.
For instructions for tenant administrators to add credentials to their own enterprises,
see Add credentials for public cloud

Privileges: Manage provider credentials, Manage enterprises, Allow user to switch enterprises, Access Users view

Before you begin:

  1. Obtain credentials to access the cloud provider's API. For Abiquo's basic guides, see Obtain public cloud credentials.  Always check your provider documentation too.

To add public cloud credentials:

  1. Go to Users view and edit an enterprise

  2. Go to Credentials → Public

  3. Select the Provider. There may be a separate provider for regions requiring different credentials

To add credentials for compute with optional billing and pricing:

  1. Enter the Access key ID:

    1. For AWS, enter the Access key ID

    2. For Azure standard accounts and CSP customers, the format is subscription-id#app-id#tenant-id

    3. For GCP the format is project_id#client_id#client_email#private_key_id

    4. For OCI the format is tenancy#user#fingerprint

  2. For the Secret access key:

    1. For AWS, enter the Secret access key

    2. For Azure, enter the password for the application.

    3. For GCP, enter the private key in the correct format

    4. For OCI enter the private key in PEM format.

  3. Optionally, for Amazon, GCP, or OCI billing, select Also use for pricing
    For Azure, to add billing credentials, go to Pricing.
    See Add public cloud pricing credentials for a tenant

To add credentials for billing only:

  • For a standard AWS customer account, do the steps at Add a customer AWS account for billing only

  • For a customer of an Azure CSP or an Amazon organization do these steps.

    1. Enter the Access key ID as follows:

      • For Azure, the format is subscription-id##tenant-id

      • For Amazon, the format is account-id

    2. For the Secret access key, enter a random string

    3. Click Add account. Abiquo will validate your credentials with the cloud provider and save them

    4. Finish editing the enterprise and click Save

The platform will add the cloud provider account for the enterprise, which will also require access to a public cloud region.

If you have a reseller account (Azure CSP, AWS organization), you can automatically create tenant accounts and add them to enterprises in the platform. See Create an account in public cloud for the customer of a reseller.

Create a user to access the cloud provider portal

Unable to render {include} The included page could not be found.

Add enterprise properties to store tenant details and metadata

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.


Inject enterprise properties as VM variables

Unable to render {include} The included page could not be found.


Configure Azure VPNs

To create a VPN in Abiquo between a private cloud virtual datacenter and Azure, you will need the following Azure ARM configuration for the enterprise:

  • A Gateway Subnet in the Virtual Network that represents the VPC

  • A Virtual Network Gateway (VNG) using this Gateway Subnet - if this does not exist, Abiquo will try to create it in the virtual network with the supplied netmask

  • A Local Network Gateway (LNG) that will represent the remote VPN site, which is not managed by Azure ARM

  • A Virtual Network Gateway Connection that relates the VNG to the LNG

    • All address spaces from the Virtual Network will be exposed through the Virtual Network Gateway.

To create the Azure VPN configuration, edit each enterprise that will use Azure VPNs and set the following Properties.

Name

Description

azurecompute-arm.vpn.virtualnetworkgateway.type

Type of routing to use by the Virtual Network Gateway.
See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways.
To create a VPN from Azure to Azure, set to PolicyBased
Valid values: RouteBased, PolicyBased
Default: RouteBased

azurecompute-arm.vpn.gatewaysubnet.mask

The Virtual Network Gateway requires a 'gateway subnet'.
If this does not exist, the plugin will try to create it in some available range of the virtual network,
using the mask given by this property
Default: 29

azurecompute-arm.vpn.virtualnetworkgateway.sku.name

Name of the Virtual Network Gateway SKU.
Valid values: Basic, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw2,
VpnGw3, VpnGw4, VpnGw5, VpnGw1AZ, VpnGw1AZ, VpnGw1AZ, VpnGw1AZ, VpnGw1AZ
Only the Basic SKU is supported in case of using PolicyBased VPN.
See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
Default: Basic

You can also set default values for the whole platform using the corresponding Abiquo Configuration Properties with an "abiquo." prefix, for example, abiquo.azurecompute-arm.vpn.gatewaysubnet.mask


  • No labels

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved