Manage Enterprises

To create a cloud tenant enterprise, do these steps:

1. Go to Users → Enterprises

2. Click the + add button below the Enterprises list
   

3. Enter tenant details and options as described in the UI dialog descriptions
   
   • To enable the tenant's users to deploy, allow the tenant to access at least one datacenter or public cloud region
4. Define the resources the enterprise can use
5. Click Accept to save

Abiquo will create the enterprise and filter to display only this enterprise. To display other enterprises, click the X beside the enterprise name in the filter box at the top of the Enterprises list. 

For more details see GUI Create enterprise General

To set enterprise allocation limits:

1. Go to Users → edit Enterprise → Allocation limits
2. Complete the dialog. 

For more details see GUI Edit enterprise Allocation limits

To set the datacenters and public cloud regions that an enterprise can access:

1. Go to Enterprise → Datacenters

2. Drag datacenters and public cloud regions (or providers) to the Allowed datacenters

3. To set default Allocation limits and VDC roles for regions in a provider, edit the provider
   

To display the enterprises with access to a public cloud region, go to Infrastructure → Public → select region → servers view → Virtual machines → Accounts

To give users different levels of access to virtual datacenters (VDCs) in specific providers or datacenters, administrators can assign a default role (with fewer privileges than user roles) for all VDCs in a location. So this is a default value for the VDC role that you can set when you create or edit a VDC, that the administrator can later edit.

To control access for users of a tenant in a provider or cloud location with a default role:

1. Go to Users → create or edit an enterprise → Datacenters → edit a provider or an allowed location → Defaults
2. Select a default Role
3. Continue configuring the provider or location or click Accept

At the provider level, the platform will copy the default role to all provider regions. The default role for a region will apply to all new virtual datacenters in the region.  

Users with the Manage roles and No VDC restriction privileges can then edit the role for the virtual datacenter and define exceptions. See Set a VDC role to limit user access.

For a datacenter, you can reserve physical machines for a single enterprise and restrict deployments.

Before you begin:

1. Check that the physical machine is not already reserved or running VMs deployed by a different enterprise. 

To reserve physical machines for an enterprise:

1. Go to Users → edit enterprise → Reservations 
2. The platform will display a list of Available servers (Physical Machines) that are in the enterprise's Allowed datacenters. (See Allow a tenant to access datacenters and cloud providers). 
3. Select the physical machine(s) in their Datacenter/Rack and drag them into the Reserved servers list 
   
   

To restrict the enterprise so that it may only deploy on the physical machines reserved for it (and not on any others)

1. Mark the checkbox to Only use 'Reserved Servers'

To work with a public cloud region, each enterprise should have its own public cloud account for each cloud provider. All the users in the tenant will work with this same account. 

Before you begin:

1. Obtain credentials to access the cloud provider's API. For Abiquo's basic guides, see Obtain public cloud credentials.  Always check your provider documentation too.

To add public cloud credentials:

1. Go to Users → select and edit enterprise → Credentials → Public
2. Enter the Credentials as described here
   1. Select the Provider: Some providers may require different credentials for groups of regions

   2. Enter Access key ID: Identity to access the cloud provider API

      1. For Azure enter subscription-id#app-id#tenant-id

      2. For Google enter project_id#client_id#client_email#private_key_id

      3. For OCI enter format is tenancy#user#fingerprint

   3. Enter Secret access key

      1. For OCI enter the private key in PEM format.

   
   See GUI Edit enterprise Credentials
3. Click Add account. The platform will validate your credentials with the cloud provider and save them

4. Finish editing the enterprise and click Save

This will add a cloud provider account for a tenant enterprise with access to a public cloud region.

In resellers with Amazon, Azure ARM, and other partner accounts, to create a customer account in the provider and add it to an enterprise in the platform, click the enterprise building Create account button. See Create an account in public cloud for the customer of a reseller

When your enterprise has credentials for a public cloud provider, you can create a user account in a cloud provider. From here you can also click a link to access the cloud provider portal.

Abiquo displays the public cloud account identifiers on the Credentials tab.

To create a user:

1. Go to Users → Edit enterprise → Credentials
   

2. For a provider with credentials, click Create user.
   The platform will send the following to the cloud provider:
   • Details from your user account, including the username and email
   • An automatically generated password
     • The administrator can configure the generation of the password with the "abiquo.guest.password.length" and "abiquo.guest.password.exclude" properties.
   The platform will create an event with the enterprise ID, user ID, user email, date/time, and cloud provider.
   The user in the provider will have the following permissions: 
   
   • Azure: built-in Owner role.
   • AWS: in the same groups as the current user.
   • vCloud: by default the same as the current user, so usually an Organization Administrator
     • The administrator can configure the role to assign with the "abiquo.vcd.org.userRoleName" property
3. The platform displays the user credentials only once and it does not store these credentials
   To access the cloud provider portal, click user portal link or portal link
   • If you click portal link, on the Edit enterprise dialog, then you will need to enter your account ID and password in the cloud provider

To store tenant details and metadata, use enterprise properties. The platform also uses enterprise properties to configure features and integrations.

Enterprise properties can have different types to enable you to use properties in hierarchical organisation models (such as reseller models). Administrators can use types to reserve some properties for internal use, and enable reseller or enterprise admins to view or manage other properties.

The platform controls access to enterprise properties with the following privileges and types.

To retrieve or update enterprise properties in the user interface, you will require the Allow user to switch enterprise privilege.

As well as the regular administrator privileges to Manage enterprises and Manage users of all enterprises.

There are three types of enterprise properties:

• Read/write
• Read only
• Hidden

To update Read only or Hidden properties you will also require the Manage enterprise properties privilege.

To store tenant details and metadata, by setting enterprise properties: 

• Go to Users → edit enterprise → Properties.
• To add properties, enter a Key and Value for each property and click the Add button
  • These fields have a maximum length of 255 characters each   

To edit a property's Value, click the pencil edit button. And to delete a property, click the trash bin delete button.

To set default enterprises properties and values for your users, see Predefine enterprise properties for the UI

For details of how to manage enterprise properties via the API, see Update enterprise properties via API

You can pass enterprise properties to VMs using cloud-init. An example use case for this feature is to call an external Windows License or AD server and automatically assign your VMs to the appropriate AD group when they deploy.

• VM variables and template variables have priority over enterprise properties with the same name

To add enterprise properties as VM variables when you create your VMs:

1. Create an enterprise property with a Key called "vm_variables_csv"
2. For the Value, enter a list of regular expressions in CSV format

   1. The platform will try to match the expression with each property key string.
      For example, for the following vm_variables_cv

      aa, bb.*, .*cc.*, .*dd

      the platform will create VM variables with any property that is

      • named "aa"
      • starts with "bb"
      • contains "cc"
      • ends with "dd"

The platform will create VMs with the selected VM variables.

Remember that users can edit the VM variables before they deploy the VMs.

To create a VPN in Abiquo between a private cloud virtual datacenter and Azure, you will need the following Azure ARM configuration for the enterprise:

• A Gateway Subnet in the Virtual Network that represents the VPC
• A Virtual Network Gateway (VNG) using this Gateway Subnet - if this does not exist, Abiquo will try to create it in the virtual network with the supplied netmask
• A Local Network Gateway (LNG) that will represent the remote VPN site, which is not managed by Azure ARM
• A Virtual Network Gateway Connection that relates the VNG to the LNG
  • All address spaces from the Virtual Network will be exposed through the Virtual Network Gateway.

To create the Azure VPN configuration, edit each enterprise that will use Azure VPNs and set the following Properties.

To display charge-forward messages to your customers assign a pricing model to the enterprise. The platform can display a message with pricing information when the users deploy VMs and on-demand through the UI and API.

Before you begin:

1. Go to Pricing view and configure pricing and create a pricing model.  

To set a pricing model for an enterprise:

1. Go to Users → edit enterprise → Pricing
2. Select a Pricing model from the list. The details of the pricing model will be displayed. 
3. Continue editing or to finish editing, click Save 

To search for an enterprise by name and filter the list of enterprises to display only the matching enterprises

1. Go to Users
2. In the search box at the top of the Enterprises list, enter text and wildcards 

After you create an enterprise, Abiquo will filter the enterprise display by the name of the new enterprise and select this enterprise.

To remove the new enterprise filter:

1. Click the x beside the search box 

Abiquo will display the enterprise list in alphabetical order. If the new enterprise is on the first page, it will remain selected. Otherwise Abiquo will select All and display the first page.

All Abiquo users belong to a tenant, which in Abiquo is called an enterprise. You can work with virtual resources in one tenant at a time only.
To change to administer a different tenant, you do not need to log out and log in again.

To switch to another tenant:

1. Go to Home view or Users view
2. In the Enterprises list select the tenant
3. Click the building Switch enterprises button beside the tenant name
   

• The platform will display the name of the enterprise that you are currently in the top right-hand corner of the screen. It will also display a green tick on the Switch enterprises button beside this tenant
• All your actions with virtual datacenters, virtual appliances, VMs and VM templates will apply to the current enterprise until you switch to another enterprise
• By default, when you log out and log in again, the platform will not reset the enterprise to your user's default enterprise. In an SSO environment, the platform will reset the enterprise at login
• In Home view, the platform will automatically switch enterprises if you select another enterprise and double-click on a VDC, VApp, or VM to jump directly to it

Before you edit an enterprise, check if the users have created virtual datacenters and deployed VMs and the general resource usage of tenant.

To edit an enterprise:

1. Go to Home view
2. Select the enterprise in the Enterprises list 
3. Click the pencil edit button
4. Move through the tabs and edit as required
   

   • Editing an enterprise is very similar creating an enterprise, as described in the section Manage Enterprises#Create an Enterprise on creating an enterprise

   • Remember you may not be able to change some settings, especially for Allowed datacenters, after users have created virtual datacenters and deployed VMs
   • Some changes will not be retroactive, for example, if you change the default VLAN, this change will apply to all new virtual datacenters the enterprise creates

When you create an enterprise, Abiquo automatically assigns your user scope as the default for users created in this tenant.

When you edit a tenant, you can change the default scope for future users created in the tenant. 

To create an enterprise in the Abiquo API, create the enterprise using the EnterprisesResource.

Then to allow the users of the enterprise to work with VMs, assign an allowed datacenter or public cloud region. To do this, create an Enterprise-Datacenter Limit. See EnterpriseLimitsByDatacentersResource.

The platform will then create a cloud location, which defines this relationship, so you can then manage cloud elements for the location. See AllowedLocationsResource

For more details, see How to create a tenant via API

Before you remove an enterprise from the platform:

• Delete the enterprise's virtual resources
  • For each virtual datacenter, you may be able to choose to delete in the platform only, or in the platform and the provider
    • If you delete in the platform only, the platform will automatically remove VMs, virtual appliances, load balancers, public IPs, and firewalls. The firewalls will remain in the enterprise

To delete an enterprise:

1. Select the enterprise and click the Delete button. The platform will automatically delete all of the enterprise's users