Compute in Public Cloud Regions

The multi-cloud platform enables you to add public cloud regions and vCloud Director clouds as public cloud regions. You can offer cloud tenants a federation of private cloud and public clouds in a single pane of glass. And you can control the use of public cloud resources in the same way as you can in the platform's private cloud datacenter (quotas, limits, etc).  

The platform manages public cloud regions using remote services. For a public cloud region, the remote services can be shared with other datacenters or public cloud regions, and you do not need an NFS repository.  Each cloud tenant using the public cloud region will require its own cloud provider account and needs to add a set of credentials to the Enterprise. 

When users create a virtual datacenter and deploy in the public cloud region, the platform creates the entities in the public cloud provider. For example, in AWS, Abiquo creates a VPC and in AWS, VMs deployed in the VPC virtual datacenter are AWS EC2 Instances. 

When you first create a datacenter or public cloud region, by default only the users of the enterprise that created it will be allowed to use it. To enable other users to deploy and work with VMs, administrators must allow enterprises to access datacenters or public cloud regions. For brevity, these may be collectively called "Allowed datacenters" or "Allowed locations". For each allowed location, the enterprise will have an Apps library with their templates, and their virtual datacenters for deploying VMs.  

Allowed locations are where users can work, for example, create a virtual datacenter and deploy VMs. To administer the infrastructure of a location, the administrator must also have the location in their administration Datacenters scope list. See  Manage Scopes

To set the datacenters and public cloud regions that an enterprise can access:

1. Go to Enterprise → Datacenters

2. Drag datacenters and public cloud regions (or providers) to the Allowed datacenters

3. To set default Allocation limits and VDC roles for regions in a provider, edit the provider
   

To display the enterprises with access to a public cloud region, go to Infrastructure → Public → select region → servers view → Virtual machines → Accounts

To work with a public cloud region, each enterprise should have its own public cloud account for each cloud provider. All the users in the tenant will work with this same account. 

Before you begin:

1. Obtain credentials to access the cloud provider's API. For Abiquo's basic guides, see Obtain public cloud credentials.  Always check your provider documentation too.

To add public cloud credentials:

1. Go to Users → select and edit enterprise → Credentials → Public
2. Enter the Credentials as described here
   1. Select the Provider: Some providers may require different credentials for groups of regions

   2. Enter Access key ID: Identity to access the cloud provider API

      1. For Azure enter subscription-id#app-id#tenant-id

      2. For Google enter project_id#client_id#client_email#private_key_id

      3. For OCI enter format is tenancy#user#fingerprint

   3. Enter Secret access key

      1. For OCI enter the private key in PEM format.

   
   See GUI Edit enterprise Credentials
3. Click Add account. The platform will validate your credentials with the cloud provider and save them

4. Finish editing the enterprise and click Save

This will add a cloud provider account for a tenant enterprise with access to a public cloud region.

In resellers with Amazon, Azure ARM, and other partner accounts, to create a customer account in the provider and add it to an enterprise in the platform, click the enterprise building Create account button. See Create an account in public cloud for the customer of a reseller

When your enterprise has credentials for a public cloud provider, you can create a user account in a cloud provider. From here you can also click a link to access the cloud provider portal.

Abiquo displays the public cloud account identifiers on the Credentials tab.

To create a user:

1. Go to Users → Edit enterprise → Credentials
   

2. For a provider with credentials, click Create user.
   The platform will send the following to the cloud provider:
   • Details from your user account, including the username and email
   • An automatically generated password
     • The administrator can configure the generation of the password with the "abiquo.guest.password.length" and "abiquo.guest.password.exclude" properties.
   The platform will create an event with the enterprise ID, user ID, user email, date/time, and cloud provider.
   The user in the provider will have the following permissions: 
   
   • Azure: built-in Owner role.
   • AWS: in the same groups as the current user.
   • vCloud: by default the same as the current user, so usually an Organization Administrator
     • The administrator can configure the role to assign with the "abiquo.vcd.org.userRoleName" property
3. The platform displays the user credentials only once and it does not store these credentials
   To access the cloud provider portal, click user portal link or portal link
   • If you click portal link, on the Edit enterprise dialog, then you will need to enter your account ID and password in the cloud provider

To onboard a virtual datacenter from public cloud:

1. Go to Virtual datacenters
2. At the bottom of the V. Datacenters list, click the + add button
3. Select Synchronize public cloud
4. On the General information tab, select the region and the resources to onboard 
   
   
   For more details see GUI Synchronize public cloud General information
   
   

• On the Roles tab, optionally restrict user permissions in the virtual datacenter
  
  
  For more details see GUI Synchronize public cloud Roles
  
  
  • The platform will mark the Public subnet (identified by a custom route table and NAT gateway) with a globe symbol and set the Internet gateway flag for this subnet. 

  • Users with bespoke network configurations should check the results of the synchronization. 

  • The platform will synchronize private and public IP addresses even if they are not in use by VMs, and mark the IP addresses in use by provider entities with provider identifiers.

  • The platform will import VM templates. If the platform cannot find the VM template, the VM will have no template in the platform. To save a copy of your VM disk to create a template, so you can recreate the VM, make an Abiquo instance of the VM. 

  If you delete a synchronized VDC, the platform will delete it in the provider. If your enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will still exist in the public cloud provider

During VDC synchronization, the platform will ensure that the resources in the platform and the provider are the same.

• Synchronization will delete entities in the platform that were deleted already in the provider
• However, it will maintain resources attached to undeployed VMs in the platform

• For example, if a user has an undeployed VM with IPs and a load balancer, then after the synchronization, these resources are attached to the VM in the platform only

Note to System Administrators: for information about tuning public cloud synchronization, see Abiquo Configuration Properties in the pcr (public cloud region) section.

You can also synchronize specific resources such as networks, public IPs, firewalls, volumes, and load balancers.

To update a virtual datacenter and onboard any changes made in the provider, synchronize the virtual datacenter:

1. Go to Virtual datacenters → V. Datacenters list
2. Beside the virtual datacenter Name, click the round arrow Synchronize button

To synchronize specific resources such as networks, public IPs, and so on:

1. Go to Virtual datacenters → select the resource tab
2. Click the round arrow Synchronize button for the resource. 

For more information, see the resource documentation.

At the location level, you can limit resources and set defaults. This means you can set an allocation limit for an enterprise in each datacenter or public cloud region.

To limit resources in a datacenter or public cloud region, set allocation limits:

1. Go to Users → edit Enterprise → Allowed Datacenters
2. Select an Allowed Datacenter (datacenter or public cloud region) 
3. Click the pencil Edit button. An edit dialog will open at the Allocation limits tab
4. Set valid allocation limits

This is process is very similar to that of setting enterprise limits.

For more details see GUI Edit enterprise datacenter resources Allocation limits

The platform displays infrastructure statistics and resource usage for private and public cloud. The statistics vary depending on whether the data is for all datacenters or all public cloud regions, or filtered for a specific datacenter or region.

To view the resource usage of a cloud location:

1. Go to Infrastructure → Private or Public
2. Select All, or select a datacenter or public cloud region
3. If necessary, to display the Statistics view, click on the chart statistics button

Obtain infrastructure statistics with the API 

In public cloud providers with hardware profiles, when you create a public cloud region and add credentials for an enterprise, Abiquo will automatically retrieve the hardware profiles for the public cloud region.

• Provider hardware profiles are locked and you cannot edit them
• In public cloud regions with provider hardware profiles that also support CPU and RAM, you can deactivate hardware profiles mode
• The platform also registers if a hardware profile is Active and if it belongs to the Current generation

To synchronize hardware profiles: 

1. Go to Infrastructure → Public → select Public cloud region → Servers view → Hardware profiles
2. At the top right of the Hardware profiles pane, select an enterprise with a public cloud account
3. Click the round arrows refresh button

By default, for each enterprise with credentials, the hardware profiles mode is enabled. By default, all hardware profiles are available to all enterprises. 

To display the VMs created in a provider region, go to Infrastructure → Public → select Region → Virtual machines → select Enterprise account.

To go to the VM, or the virtual appliance or virtual datacenter that contains the VM, click on the active Name link in the list.

To display the details of a VM and the available controls, select the VM in the list. 

To send an email to the owner and perform the standard VM actions, as appropriate and/or supported by the provider, use the buttons on the control panel.

To send email notifications about a physical machine in private cloud or about VMs in private or public cloud:

1. Go to Infrastructure → Private → Servers OR
   Infrastructure → Public → Public cloud region → Virtual machines
   
   
2. Select a managed server or VM and click the email icon 
3. Optional: To add the email from your user account as the Sender address, select the checkbox. 

• For a VM, the platform can send a notification to the owner of the VM
  
• For a physical machine, select checkboxes to send notifications to:
  • All administrators of enterprises using this physical machine. 
    • Administrators have the "Define Enterprise Manager" privilege.
  • All users who have VMs deployed on that machine.

It is possible to release a public cloud account without deleting the resources in public cloud. This means that the enterprise cannot work with the public cloud regions in the platform but the enterprise's resources in public cloud will remain intact. 

To delete virtual resources in the provider, delete them in the platform before you delete the account.

To delete resources in the platform only, you can select this option when deleting or you can delete the enterprise's credentials and then delete the resources. There are virtual resources that you may not wish to delete in the provider, for example, the default VPC.

If you wish to use the account again, you can add the credentials again. After that you can synchronize to onboard resources from public cloud to update the resources in the platform