Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This section describes how to manage your tenant's cloud resources in the multi-cloud platform.

The Cloud tenant admin guide describes the main administrative tasks of the enterprise administrator.

  • Manage your users

  • Manage templates

  • Manage virtual datacenter resources

  • Manage VM backups

  • Manage VM snapshots

  • Administer VMs

  • Manage VApp specs

  • Manage VM workflows

For details of how to work with virtual appliances and VMs, see the Cloud tenant user guide.

For details of how to work with networks, firewalls, and load balancers, see the Cloud tenant network guide.

Manage users

Display users for tenant admin

To display users in card view, select the card view tab from the view selectors in the top right-hand corner.

Users view with user cards and pages

Create a user

Suspend or enable a user account

If you need to stop a user from working with or logging in to the platform on a temporary basis, you can suspend the user account.

To suspend a user account:

  1. Go to Users

  2. Select a user

  3. Click the pencil edit button. The user dialog will open

  4. Go to Advanced, and unselect the Activated checkbox

The platform will suspend the account. When a user account is suspended, the platform will log the user out immediately. Be careful not to disable your own account! Fortunately, the main cloud administrator account cannot be disabled.

To enable the user account again, select the Activated checkbox.

If the user makes too many failed login attempts, the platform will automatically suspend their account for the account lock duration or until it is enabled by an administrator.

Manually reset a user password

If a user cannot automatically reset their password or if the user account is locked for too many password attempts, you can manually reset the password and unlock the account. 

To manually reset a user password:

  1. Open the Users view and select the user

  2. Click the Edit button at the top-right of the Users page. The user form will open.

  3. Enter the new password

  4. Recommended: go to Advanced and select the checkbox to Reset password on next login

  5. If the user account is locked and you wish to unlock it, go to Advanced, and select the Activated option

  6. Click Save. If the user is currently logged in, they will be automatically logged out when you save a new password,

The user password will be reset. Notify the user of their new password.

Manage users with the API

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource UsersResource.

See also: How to create a tenant via API

Search for users and filter users

To search for users and filter users to display only those with specific text in the user details:

  1. Go to Users view → Users

  2. In the filter box on the right-hand side, enter a text string to search for which can include wildcards.
    For more details about how the platform's search works, see Search for VMs and filter the search

Display users by status

In list view, the user status a colored icon in the Activated column:

  • Green dot for active accounts

  • Red dot for suspended accounts

  • Red padlock symbol for accounts suspended automatically after too many failed login attempts

To filter groups of users, click on the pages to display the following:

  • All users on the All page

  • Active users on the Activated page

  • Suspended users on the Suspended page

Delete a user

To delete a user:

  1. Select the user account and click the trash bin delete button

  2. Confirm the delete

Abiquo will delete the user account but the user's VMs and other resources will remain in the cloud platform and users in the same enterprise with the appropriate permissions can work with them.

Add credentials for public cloud

This page describes how to add credentials for public cloud for your own tenant, with a standard account or as a customer of a reseller.

To add credentials to a different enterprise, go to Users →  edit an enterprise →  Credentials.
See Add public cloud credentials for a tenant

Your enterprise (cloud tenant) should have its own public cloud account or subscription for each cloud provider, and it cannot share these with any other tenants.

Before you begin, check your provider's documentation and pricing. You will need credentials to access the cloud provider's API. We provide basic guides (see Obtain public cloud credentials) but you should always check with your provider. 

Privileges: Manage provider credentials

To add public cloud credentials for your tenant:

  1. In the bottom left corner of the screen, select the User icon, to open the User icon menu

  2. Select Edit credentials

    User icon menu

  3. Select Public

  4. Select the Provider. There may be a separate provider for regions requiring different credentials

To add credentials for compute with optional billing and pricing:

  1. Enter the Access key ID:

    1. For AWS, enter the Access key ID

    2. For Azure standard accounts and CSP customers, the format is subscription-id#app-id#tenant-id

    3. For GCP the format is project_id#client_id#client_email#private_key_id

    4. For OCI the format is tenancy#user#fingerprint

    5. Secret access key: this may be an API key, App secret key, API credential, App password, etc.

  2. Optionally, for Amazon, GCP, or OCI billing, select Also use for pricing
    For Azure, to add billing credentials, go to Pricing.
    See Add public cloud pricing credentials for a tenant

To add credentials for billing only with no compute access:

  • For a standard AWS customer account, do the steps at Add a customer AWS account for billing only

  • For a customer of an Azure CSP or an Amazon organization do these steps.

    1. Enter the Access key ID as follows:

      • For Azure, the format is subscription-id##tenant-id

      • For AWS, the format is account-id

    2. For the Secret access key, you can enter a random string

    3. Click Add account. Abiquo will validate your credentials with the cloud provider before saving them.

Add public cloud credentials for billing only

The platform will display the cloud provider credentials in the Current credentials area.

  • If a provider does not display in the list, check with your system administrator.
    For vCloud Director the administrator must allow your tenant to access a region for it to display in the Provider list

Display prices for your tenant

A tenant administrator with pricing access can display the pricing model for their enterprise. 

To display the prices for your enterprise:

  1. Go to Pricing view

  2. Select and edit the pricing model

  3. Go to Resource prices and select the cloud locations

  4. Click Cancel to close the pricing model

Display the pricing model for the tenant enterpris

Manage templates

Upload templates from the local filesystem

Add public cloud templates to the catalogue

Create and deploy a VM from a template shortcut

Modify a virtual machine template

Manage virtual datacenter resources

Synchronize VDCs and resources

To update a virtual datacenter and onboard any changes made in the provider, synchronize the virtual datacenter:

  1. Go to Virtual datacentersV. Datacenters list

  2. Beside the virtual datacenter Name, click the round arrow Synchronize button

Onboarding public cloud resources in progress

To synchronize specific resources such as networks, public IPs, and so on:

  1. Go to Virtual datacenters → select the resource tab

  2. Click the round arrow Synchronize button for the resource. 

For more information, see the resource documentation.

Screenshot: Synchronize networks

Manage public cloud resources in the multicloud platform

Manage resources that were deleted directly in the cloud provider

When administrators delete resources in the provider, the platform will display the resource name in light gray to indicate that the user cannot work with the resource. The resource types include:

  • External networks

  • Firewalls 

  • Classic firewalls 

  • Load balancers 

  • NAT network

  • NAT IPs

To delete these resources (if they are not in use), select the resource and click the delete button.

Delete or release virtual resources in public cloud

The virtual resources that you onboarded or created in public cloud will be grouped with their associated virtual datacenters.

Before you begin:

  1. If you recently created virtual resources, such as load balancers, synchronize the virtual datacenter to ensure that the platform can find all the dependencies of the virtual datacenter.

To delete onboarded resources in public cloud:

  1. Delete each virtual datacenter

    • You can choose to delete each virtual datacenter in the platform only, or in the platform and the provider. 

    • If you delete in the platform only, the platform will automatically remove VMs, virtual appliances, load balancers, public IPs, and firewalls from the virtual datacenter. It will not delete the firewalls

    • When you delete a virtual datacenter, public IPs that are not attached to VMs will remain in the provider and the synchronization process will delete them

    • Remember to check which is the default VDC in your provider, such as the AWS default VPC, because it may be inconvenient to delete this VPC

If the enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will continue to exist in the public cloud provider

Manage VM backups

Configure a VM backup

Restore a VM backup

View backup events

Manage VM snapshots

Introduction to VM snapshots

Take a snapshot of a VM

Revert to a snapshot

Delete a snapshot

Replace the current snapshot

Display snapshots on the dashboard

Administer VMs

Protect a VM

Display VM initial password

You can select the option to generate an initial guest password when you create a VM. Then when you deploy the VM, the platform will generate a random password and send it to you by email or SMS. After you deploy, you should log in as the root or administrator user and change the initial password.

The owner of the VM and administrators with the privilege to Display initial virtual machine password can also retrieve the guest password from the deployed VM.

To display the initial VM password:

  1. Select the VM

  2. On the control panel, click the key display initial guest password button

Reset VM password

Save configurations as blueprint specs

Introduction to virtual appliance specifications

The virtual appliance specifications (VApp specs) feature lets administrators save complex configurations and present them to users for simple, self-service deployment in their virtual datacenters.

Specs are similar to blueprints because the platform uses them to define the configurations to recreate. Administrators select the locations where users can work with each spec, including datacenters and public cloud regions, such as AWS and Azure ARM.

With specs, you can save the configuration of virtual appliances including VMs, storage, networks, monitoring, Chef, firewalls, and load balancers.

When users create a new virtual appliance based on a spec (also referred to as to "materialize" a spec), the platform will automatically use existing virtual resources or create new ones for this virtual appliance.

The limitations of specs are as follows:

  • Specs do not store data from VM disks; they use template disks only

  • Specs do not support external networks and NICs or unmanaged networks and NICs

    • In vCloud, specs have basic support for external networks

  • Specs do not support scaling groups

Users should also be aware of differences in features between private and public cloud environments.

Save a VApp configuration as a blueprint spec

What do virtual appliance specs save and create

Element

Save in Spec

Create in VApp from saved configuration

VMs

General information: hardware profiles, CPU, RAM, remote access and description

Same. If a matching hardware profile is not found, the platform will activate or create one, or the user can select another available hardware profile

Anti-affinity layers

VMs in layers

Same

Scaling groups

(error) Scaling groups are not supported

VM templates

Template name is saved

The system matches the spec template name against the catalogue template name. The user selects from a list of templates with names that contain the spec template name. The match is done with an SQL %LIKE% command from the spec to the template, so spec template "m0n0" will match with "m0n0" and "m0n0wall" in the Catalogue. But spec template "m0n0wall" will not match with "m0n0" in the catalogue

Template auxiliary hard disks

Template system disks and other datastore hard disks and their tiers are saved

The platform will create template disks in order as in the template with no gaps in the sequence. Then empty additional hard drives and volumes will be added in the same order as in the base virtual appliance. The platform will search for datastore tiers by name, as for templates

Persistent VMs

(error) Persistent VMs are not supported. (Use a VM from an instance of the persistent VM)

Private network, Private IPs

Save private network characteristics: network address and mask only. Save private IPs

The materialize process will present the addresses of the spec private networks. Abiquo will display matching networks in the virtual datacenter in green text, and ones that are not present in red text. Abiquo will display the number of private IPs to use in each network.

The user can choose to change any private network, even if it matches the spec network. The user can choose to create a new network (specifying the IP address, mask and gateway), or replace the network with an existing VDC network.

Network gateways

Abiquo will determine if a NIC has a gateway IP address and save this information in the spec

  • If a NIC has a gateway IP address, when using an existing network, the materialize process will attempt to assign the network's gateway address to the NIC

  • Abiquo will not assign the gateway IP address to a NIC that did not have this address in the original configuration

  • If the materialize process is creating a new network, it will attempt to assign the same gateway address from the spec to the gateway NIC in the new network

Public network

Number of public IPs is saved

The materialize process will try to use public IPs that were already purchased by the enterprise. These public IPs will be momentarily quarantined during the materialization process. If not, the materialize process will purchase new public IPs. The public networks will be used in the order returned by the API. In public cloud, the platform will use floating IPs

External IPs

(warning) Not supported, except for basic support in VCD

If you create a spec containing an external IP, the materialize process will fail because the external IP is unsupported.

In vCloud, specs have basic support for external networks. The validation process will list the network, and you can select it and then continue with the process.
The platform will create the VApp correctly. Remember to ensure that there are enough external IP addresses available for the new virtual appliance

Unmanaged IPs

(error) Not supported

If you create a spec containing an unmanaged IP, the materialize process will fail because the unmanaged IP is unsupported.

Volume (data)

(error) Data on external storage volumes is not included. To use data on a volume, create an instance to save it to a template disk

  • Empty volumes with the same specifications as the attached volumes are created. Empty volumes are named vappName-UUID

Volume (specifications)

(warning) The specifications, disk controller types, and tiers of the volumes are saved in private cloud

  • Empty volumes with the same specifications as the attached volumes are created. Empty volumes are named vappName-UUID

  • Volumes are attached to the same disk controller type as in the original VM. If this controller type is not compatible with the target hypervisor, then the platform will use the hypervisor default

  • Matches tier names as for VM templates. If no storage tier is found, then the validate will fail. If the storage tier does not contain pools, then the volume create will fail.

Hard disk (data)

(error) Data on hard disks attached to the VM is not included. To use data on a hard disk, create an instance to save it to the template

Empty hard disks with the same specifications as the attached hard disks are created. Empty disks are named Empty disk-UUID

Hard disk (specifications)

(warning) The specifications, disk controller types and tiers of the hard disks are saved in private cloud

  • Empty hard disks with the same specifications as the attached hard disks are created. Empty disks are named Empty disk-UUID

  • Hard disks are attached to the same disk controller type as in the original VM. If this controller type is not compatible with the target hypervisor, then the platform will use the hypervisor default

  • Matches tier names as for VM templates. If no datastore tier is found, then the validate will fail. If the datastore tier does not contain datastores, then the deploy will fail.

Backup configuration

(minus) Configured backups are stored in private cloud

Backups are configured

Firewalls

Firewalls attached to VMs or load balancers are saved

  • Access to a firewall integration is required to create firewalls in the new virtual appliance

  • Users can edit firewall rules during virtual appliance creation

  • Users should be aware of compatibility issues between providers

  • If a VM has no firewall in the spec, and the virtual datacenter has a default firewall, then the platform will assign the default firewall to the VM

Load balancers

Load balancers attached to VMs are saved, including health checks and so on

  • Access to a load balancer integration is required to create load balancers in the new virtual appliance

  • Users should be aware of compatibility issues between providers

Monitoring (status)

  • Monitoring status of fetch metrics is saved

  • The selected metrics are saved

  • Access to a monitoring server is required to retrieve metrics

  • The materialize process creates built-in metrics of the exact same name ONLY and creates all custom metrics

Alarms and Alerts

Alarms and alerts are saved 

The materialize process creates all existing alarms and alerts, regardless of the existence of their corresponding metrics

VM variables

VM variables are saved

  • The materialize process creates VMs with VM variables

  • During the materialize process, users can edit the VM variables

Chef

Chef status, runlist and attributes are stored

  • The materialize process sets the status and recipes

    • During the materialize process, users can edit the runlist and the attributes

VM bootstrap script

The VM startup script is saved

  • The startup script is added to the new VM at the end of the materialize process

  • After the materialize process, the user can edit the VM to modify the startup script

Manage VApp specs in the user interface

Users work with spec blueprints in different parts of the UI.

  • To create VApp specs, go to Virtual datacenters →  Virtual appliances, open a VApp and save it as a spec

  • To create a version of a spec, log in to the owner enterprise (that created the spec). Then go to Virtual datacenters and open a virtual appliance created from the spec and save changes as a new version

  • To create a virtual appliance based on a spec, go to Virtual datacenters → V. Appliances list → select Create virtual appliance based on spec.

  • To edit or delete specs, and manage spec versions, go to the owner enterprise →  Catalogue→ Virtual appliance specs

Manage workflow tasks

  • No labels

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved