Skip to main content

vCAC 6: Configuring IaaS-Tenants and Roles

This blog will cover configuring IaaS. In the last we learnt about IaaS installation

in this blog  we will discuss Tenants and Roles

A tenant is an organizational unit in a vCloud Automation Center deployment. When the system administrator configures single sign-on during the installation of VMware vCloud Automation Center, a default tenant is created. The default tenant includes a built-in  system administrator account to log in to the vCloud Automation Center console.If only one organizational unit is necessary for a deployment, the system administrator can then configure and use the default tenant.

There is a Division of Tenant and Non-Tenant Entities. Non-tenanted entities are visible and
consumable by all tenants. This means non-tenanted items like Build Profiles and Reservation
Policies are consumable in some tenanted objects, like blueprints.

To access the default tenant:
1.   Go to https://VCAC_Server_FQDN/shell-ui-app.

2.   Use the system administrator account(administrator@vsphere.local) to create additional tenants,
manage identity sources, and configure system roles.

In a single-tenant deployment, all configuration occurs in the default tenant. The tenant
administrators manage users and groups. The administrators also configure branding, notifications,
business policies, and catalog offerings.

In a single-tenant scenario, the system administrator and tenant administrator roles are typically
assigned to the same person, but the accounts are distinct. The system administrator account is
always administrator@vsphere.local, while the tenant administrator must be a user in one of the
tenant identity stores.

In a multitenant environment the system administrator creates new tenants for each organization:
Each tenant has a unique URL to access the vCloud Automation Center console:
    https://vcac_hostname/shell-ui-app/org/tenant_ URL_name
  • Tenant-level configuration for new tenants is segregated from the default tenant. 
  • Users with system-wide roles can view and manage configuration across multiple tenants.
A multitenant environment can be deployed in the following ways:
  • Default tenant-managed multitenancy
  • Individual tenant-managed multitenancy
Individual Tenant-Managed Multitenancy

In tenant-managed multitenancy, each tenant might have a dedicated infrastructure or use shared
infrastructure. Each tenant has IaaS administrators and fabric administrators that manage resources
for business groups in their own tenant.

Each tenant must be associated with at least one identity store. Identity stores can be OpenLDAP or Active Directory (AD). For a default tenant, you can also use AD in native mode.

System-Wide Roles

System administrator: The system administrator is typically the person who installs vCloud
Automation Center and is responsible for ensuring its availability for other users. 

Infrastructure (Iaas) administrator: The IaaS administrator is responsible for managing
endpoints and endpoint credentials, and creating fabric groups.

Fabric administrator: A fabric administrator is the administrator of one or more fabric groups.
Fabric administrators manage physical machines and compute resources in their groups, and
manage reservations and reservation policies associated with those resources. 

Tenant roles have responsibilities that are limited to a specific tenant, and cannot affect other tenants
in the system. Tenant roles are of the following types:
Tenant administrators: Tenant administrators are typically the business manager or IT administrator who is responsible for a tenant. Tenant administrators configure vCloud Automation Center according to the needs of their organizations. The responsibilities of tenant administrators include the following:
• User and group management.
• Tenant branding and notifications.
• Business policies such as approvals and entitlements.
• Tracking resource usage by all users in the tenant.
• Initiating reclamation requests for virtual machines.
• Managing business groups and shared blueprints in IaaS.

Approval administrator: An approval administrator has the ability to define approval policies.
These policies can be applied to catalog requests through entitlements that are managed by a
tenant administrator or business group manager.

Service Architect: This is role designation for the individuals who are responsible for creating
the blueprints for the catalog items that consumers can request from the service catalog

Business Group Manager: The business group manager is designated by the tenant administrator when creating or editing business groups. Manages one or more business groups. Typically a line manager or project manager. Business group managers manage catalog items and entitlements for their groups in the service catalog. 

• Support user: The support user is a role in a business group. Support users can request and
manage catalog items for other members of their groups. A support user is typically an executive administrator or department administrator.

• Business user: Any user in the system can be a consumer of IT services. Users can request
catalog items from the service catalog and manage their provisioned resources.

• Approver: As part of an approval policy, any user of vCloud Automation Center, for example, a
line manager, finance manager, or project manager can be designated as an approver


Popular posts from this blog

Data Center Migration

Note: This blog is written with the help of my friend Rajanikanth
Data Center Migrations / Data Center Consolidations
Data Center Consolidations, Migrations are complex projects which impact entire orgnization they support. They usually dont happen daily but once in a decade or two. It is imperative to plan carefully, leverage technology improvements, virtualization, optimizations.
The single most important factor for any migration project is to have high caliber, high performing, experienced technical team in place. You are migrating business applications from one data center to another and there is no scope for failure or broken application during migration. So testing startegy should be in place for enterprise business applications to be migrated.
Typical DCC and Migrations business objectives
Business Drivers
·Improve utilization of IT assets ·DC space & power peaked out - business growth impacted ·Improve service levels and responsiveness to new applications ·Reduce support complexi…

HP CSA Implementation

I know the above picture is little confusing but don’t worry I break it down and explain in detail. By the time I am done explaining you all will be happy. HARDWARE AND SOFTWARE REQUIREMENTS 1.VMware vSphere infrastructure / Microsoft Hyper V: For the sake of Simplicity we will use VMware vSphere. We Need vSphere 4.0 /5/5.5 and above and vCenter 4.0 and above ready and installed. This is the first step. 2.We need Software medias for HP Cloud Service Automation, 2.00, HP Server Automation, 9.02, HP Operations Orchestration (OO)9.00.04, HP Universal CMDB 9.00.02, HP Software Site Scope, 11.01,HP Insight Software6.2 Update 1 3.DNS, DHCP and NTP systems are already installed and configured. NTP information should be part of VM templates 4.SQL Server 2005 or Microsoft® SQL Server 2008 or Microsoft® SQL Server 2012 , Oracle 11g, both 32-bit and 64-bit versions may be used for CSA database.
5.We will install  HP Cloud Service Automation, 2.00, HP Server Automation, 9.02, HP Operations Orchestra…

Openstack- Its importance in Cloud. The HP Helion Boost

Every enterprise expects few things from cloud computing, mainly:

· Auto scaling: The workload should increase and decrease as needed by the IT environment.

· Automatic repair: If there is any fault or crash of the application or the server, it automatically fix it

· Fault tolerant: The application or underlying technology is intelligent enough to make itself fault torrent

· Integrated lifecycle: It should have integrated lifecycle

· Unified management: Its easy to manage all different aspects of technology

· Less cost

· Speed

Its year 2014. till now only 5% to 7% enterprises are using cloud computing. Such a small number. Its a huge opportunity and a vast majority for anyone who is interested in providing cloud computing services.
Current IT environment is very complex. You just cant solve all your problems with cloud computing.
There are legacy systems, databases, data processors, different hardware and software. You name it , there are so many technology available in just o…