Abiquo cloud reseller guide

Owned by MS (Unlicensed)
Jan 17, 2023
11 min read

 

This page describes reseller features in the Abiquo platform for both public and private cloud.
It describes how to configure a reseller hierarchy in a newly installed platform.

 

Reseller features

Introduction to resellers

The platform supports resellers in private cloud and public cloud.

Abiquo resellers can work with all supported private and public cloud providers.

You can add your Amazon and Azure partner credentials for pricing to Abiquo.
Abiquo uses the pricing credentials of the main partner account to obtain the billing data of all the customer accounts.

Abiquo has specific features for Amazon and Azure partners, including:

To use these features, you will need to add the main account credentials to a reseller enterprise and create reseller customer enterprises.
You can automate this process for Azure using the Abiquo setup service.

The follow diagram shows how there will be 1 Azure account per Abiquo enterprise when customers use Abiquo.

Using an Azure CSP account in Abiquo

 

 

Reseller hierarchy

A reseller hierarchy will usually be under the platform owner level. The two main levels are resellers and customers, and you can create a base reseller hierachy with just these two levels.

Customers may have further levels, for example, departments. So an example of a full reseller hierarchy could be:

  • Platform owner → resellers → customers → departments.

Diagram:  an example of a reseller hierarchy.

To create this hierarchy, when you create the default scope for each enterprise, set the appropriate parent scope.

Cloud reseller white labelling

You can brand the Abiquo user interface for each reseller, and you can also give them their own login theme and URL, using Apache configuration.

The Abiquo UI is HTML5 and you can easily brand it with CSS themes. There are two main branding elements: the login pages and the tenant themes.

You can brand the login page to replace the logo and background image.

For each tenant, you can add a logo, main menu icons, a custom color scheme, and more. And for the browser tabs, you can brand the favicon.

For more details about creating themes, see Abiquo branding guide

For more details about creating custom logins for separate URLs, see Abiquo UI theme per subdomain

 

Managed services with VDC roles

To provide managed services, such as read only access to resources in a public cloud provider, you can use virtual datacenter roles. Virtual datacenters contain user resources, in AWS they are VPCs, in Azure, they are Virtual networks. Roles are the set of privileges assigned to a user.

So for example, you can give users full access to resources in private cloud and read-only access to resources in public cloud. By default users have full access to all of their virtual datacenters. A VDC role replaces the user’s role within one or more virtual datacenters.

The administrator can set a default virtual datacenter role for a tenant in a provider, or a region, and they can update specific virtual datacenters with custom roles. For example, AWS virtual datacenters could always be read only, if the administrator sets a VIEWER role to replace a USER role.

The role restriction applies to cloud users only, not administrators, and it is also possible to create exceptions for specific users.

See also:

Outsource cloud services with restricted VApps

This feature enables users to outsource the management of their VMs to you as the cloud provider. It also enables you to supply datacenter services within the tenant's virtual datacenter.

Abiquo supports provider services at the VM configuration level with restricted virtual appliances (VApps). Abiquo VApps contain groups of VMs that can be related. You can perform actions on all the VMs in a VApp, for example, you can deploy them together.  Any user with the privilege to Restrict a VM can move a VM to a restricted VApp, even if they cannot manage or view the restricted VApp. This feature works with the Move VM functionality.

 

A cloud user could simply mark a checkbox to outsource a VM. Whereas the administrator can select or create a new restricted VApp.

A restricted VApp is invisible to the cloud user but it is still part of the VDC with access to VDC resources, the administrator can manage it as usual, and it is accounted in the platform as part of the tenant's resources.

See Move a VM to a restricted virtual appliance.

 

Create reseller pricing models

Abiquo supports reseller pricing with pricing scope and default base prices per datacenter.

This feature is especially useful for private cloud pricing estimates and you can use it with private cloud usage data to display billing dashboards.

For public cloud reseller accounts, you can import price lists for hardware profiles into pricing models. Administrators can display the pricing model to view public cloud price lists.

To implement reseller pricing:

  1. The reseller scope cannot be the unlimited global scope

  2. Create pricing models with the base prices that resellers will pay for virtual resources

  3. Assign a pricing model to each reseller enterprise

For details of how to create pricing models and assign them to customers, see Pricing view

To use reseller pricing:

  1. Log in as the reseller administrator

  2. Go to Pricing view. The reseller pricing model will display. You can edit the pricing model to view the prices but you cannot save changes, unless you have the same scope as the user that created the pricing model

  3. Optionally create cost codes for reseller services. For more details, see Pricing view

  4. To create customer pricing models, click the copy button to clone the reseller pricing model

  5. Change the pricing model as required

    1. For Change all resource prices, enter a percentatge to increase or decrease the base prices, such as reseller markup. For resource prices, the platform applies the percentage change (adding the percentage of the base price the reseller entered to the base price)

    2. Go to Resource prices. Check the new prices or manually enter a new price for any resource. If you enter a price that is lower than the base price, Abiquo will highlight the price with red text.

    3. For Hardware profiles you can onboard and synchronize the price lists of public cloud providers. See Synchronize public cloud price lists

    4. Go to Cost code prices and optionally set prices for this tenant for reseller services

    5. Save the pricing model

    6. Assign the pricing model to customers. Each customer administrator should only be able to display the pricing model for their own tenant.

 

 

Dashboard billing widgets for resellers

The dashboard widgets display billing data from public cloud providers, such as AWS, Azure, Google, and OCI, as well as custom billing data via API.

They display the latest bills and the estimated bills.

The administrator can configure the dashboard to display data for reseller and partner accounts and their customers, as well as for customers who wish to use accounts that were obtained directly from the provider. The platform controls the display of the hybrid billing dashboard with privileges. This feature requires the reseller or tenant to configure programmatic billing in the provider. 

For public cloud accounts you can also select the services to display and break down the latest bills by service.

For details of how to configure this feature, see Display cloud provider billing data.

 

Create resellers

Create a reseller administrator role and user

To create a reseller administrator, you will first need to define their role, with the privileges they will have to perform actions on the platform.

A reseller role with minimum restrictions could grant the administrator the following privileges:

  • All dashboard privileges

  • No infrastructure privileges

  • Most virtual datacenter privileges (except those for infrastructure or system administrator features)

  • Most virtual appliance privileges (except those for infrastructure or system administrator features)

  • Most Catalogue privileges (except those for global and infrastructure features)

  • Most user privileges (except those to manage roles, and reseller enterprises) 

  • No system configuration privileges, except access to reports

  • Event privileges for the current enterprise

  • All control privileges.

The cloud administrator can create reseller customer enterprises centrally or delegate this work to the reseller, in which case the reseller administrator will require the Manage enterprises privilege. Note that this will mean that reseller administrator can also edit their own enterprise if it is in their scope.

Screenshot: Create the user and assign the reseller administrator role.

For more details about reseller administrator roles, see Create a reseller administrator user.

Create a reseller scope

You can define the hierarchy with a reseller scope and one or more customer scopes.

Your reseller tenant with a reseller scope will be at the top of a hierarchy of customer tenants with customer scopes.

An Abiquo scope is an access list that you can assign to tenants. To define a scope hierarchy, select a Parent scope for each scope.

To create a scope for a reseller:

  1. Go to Users → Scopes

  2. Click + add

  3. Enter the details

    1. For the reseller's Parent scope, select the Global scope or no scope.

  4. Go to Entities

  5. Select the tenant Enterprises that the reseller will manage directly, e.g. to manage users.
    The reseller administrator will be able to access the virtual resources of the enterprises in their scope if they are in datacenters that are allowed for the reseller enterprise.

  6. Select the Locations that the reseller and their customers can use

  7. Click Save

 

 

Create a reseller enterprise

To create a reseller enterprise do the following steps.

  1. Go to Users

  2. At the bottom of the Enterprises list, click the + add button

  3. Enter the enterprise details:

    1. Enter the Name of the reseller

    2. For the Default scope, select the reseller scope 

    3. Select the Reseller checkbox, so the enterprise will be the reseller for the default scope

    4. To configure a mail server for the reseller to send notification emails, enter the Mail server configuration.

    5. Optionally, enter a URL for the Logo and select a branding Theme for whitelabelling

  4. Optionally, go to Allocation limits and limit the resources that the reseller tenant can use

  5. Go to Datacenters and select the locations that the reseller will use and administer.
    These allowed datacenters and providers are where users of the tenant can work, for example, they can deploy VMs. This should match the user scope.

  6. Go to Credentials, and enter reseller credentials for public cloud providers, for example AWS partner or Azure CSP credentials.
    The platform will use the reseller's pricing credentials for the reseller customers. See Obtain public cloud credentials.

  7. Go to Properties and enter tenant metadata. This can include a reseller ID, provider discounts, price factor markups for customers, and billing data.
    See Display cloud provider billing data

  8. Go to Pricing and select a Pricing model. The platform will base customer pricing on this model.
    The platform supports a markup for resellers' customers.

  9. Click Save

Create a scope for a reseller customer

To create a scope for a customer of a reseller:

  1. Go to Users → Scopes

  2. Click + add

  3. Enter the details

    1. For the Parent scope, select the reseller scope

       

  4. Go to Entities

  5. Select the cloud providers and datacenters that the reseller customer will use

  6. Click Save

The platform will create the scopes in a hierarchy.

Later, for each customer tenant enterprise, for the Default scope you must select the customer tenant scope. The platform will automatically add an enterprise to its Default scope.

You can also select the customer tenant scope for the administrator of this enterprise. This means that the administrators in these enterprises can manage their tenant's users, templates, and so on.

 

Create a reseller customer

You can create a customer with one or more tenant enterprises. The main customer enterprise is the "key node" of each customer organization, for example, it would represent the headquarters of an organization.

For each enterprise default scope, there can be only one key node enterprise. In scopes below the key node enterprise, you can create enterprises to represent public cloud provider sub-accounts or other separate parts of the customer organization, for example, departments of a business, stores in a retail chain. If the administrators of these tenants will manage their own users, then create a separate scope to include these tenants as part of the scope hierarchy, and assign it to their administrators.

The following steps highlight the differences from creating a reseller enterprise.

  1. On the General tab

    1. For the Default scope, select the customer keynode scope

    2. Select the Key node checkbox

       

  2. On the Properties tab, enter tenant properties to identify the customer and set the markup for customers of resellers.
    For details of properties for billing dashboards, see Display cloud provider billing data

     

  3. On the Pricing tab, select the customer pricing model

 

 

Create a customer tenant with XaaS and Abiquo Setup Service

With XaaS and the AbiquoSetupService, you can automatically create a customer tenant structure in Abiquo.

  • A child scope with name “SCOPE-” + “New enterprise name”.

  • A key node enterprise in the new scope with name = “New enterprise name”.

  • A new user with role = “Default user role” and name = “admin” + “New enterprise name”

For more details, see Abiquo Setup service

 

Create customer accounts

The Create accounts feature for public cloud is for resellers with AWS partner and Azure CSP accounts.

To create accounts for a reseller customer:

  1. Edit the reseller enterprise, go to Credentials 

    • The enterprise must have the Azure CSP or AWS partner credentials

      • For Azure, the account must have the User Administrator role to create users and the Owner role to assign roles.

      • For AWS, for the policies to assign to an account, see AWS account policies

      • For vCloud, the user must be an Organization Administrator

  2. Click the building Create account button

  3. Enter the customer details for the provider.

  4. For AWS

    1. For the Enterprise, select a tenant in the reseller's scope hierarchy of enterprise default scopes

    2. For the Email, enter the billing contact's email address

    3. For the User name, enter the user name to create in the new account  

  5. For Azure

    1. For the Country, enter the country/region in ISO country code format

    2. For the Culture, enter the preferred culture for communication and currency, such as "EN-US"

    3. For the Language, enter the preferred language for communication

    4. For the Domain, enter the customer's domain name, for example, example.onmicrosoft.com. If null, the company name will be used to autogenerate it

    5. For the Organization registration number, enter the customer’s organization registration number, which is also called an INN number in certain countries.

Abiquo will automatically create the account in the cloud provider and add the credentials to the reseller customer's enterprise.

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved