Mutli-tenancy is built into vCAC6.0. What it means? It simply means for every tenant you do not need to install vCAC. You can have multi-tenant on single vCAC. Each tenant can have its own branding, Active Directory Authentication source, group, Business policies, Catalog offering and dedicated infrastructure. Tenants in vCAC are an organizational unit. Tenant represent business unit within an organization or can be organization itself.
In vCAC each tenants gets
Notification Providers (email alerts)
Service Catalog offering (small VM, Big VM, Web service, Apache Service)
Infrastructure Resources (virtual. Physical, Cloud)
vCAC gets a default tenant vSphere.local (cannot be changed/avoided) and can be accessed via http://vCACApplianceFQDN/shell-ui-app
1) To create a new tenant click on green Icon encircled above. New window opens up. When all details are entered, press Submit and Next
2) Lets add the identity source. In my case I’m using my own AD.
Here you as Administrator create two very important roles.
Infrastructure Administrators (I have referred it as IaaS Admin in this post)
Name Name by which you wish to identify the Identity source Type You’ve option to choose from Active Directory or LDAP. Native AD option is available only for vsphere.local URL Provide the LDAP format even if you are using AD. It is referred as accessing AD over LDAP connection Domain Name of your domain Alias You can put any name here which is easier to remember and it helps to use to login this alias. In my case I can use spreetam@vZare.com or just spreetam@vZare . Both works. Login user DN User who has read only permissions on Active directory Password Password for Login user User search base DN Place in AD/LDAP where you wish to search the Users. I have put my Favorite company OU as a location to search users. Effectively I will be adding users only in my Favorite OU Group search base DN Same as above except that it will be used to search groups
Branding and other parameters in tenant creation I left it default as there isn’t much to learn
Below is the workflow we should follow to configure Tenants
IaaS Administrator is created by administrator and is responsible to perform
Management of endpoints, endpoints credentials and virtualization proxy agent
Management of cloud service accounts as well as physical machines and storage devices
Monitoring of IaaS system logs
Here in below screen I have logged in using IaaS Admin (userid:iAdmin). Go to the myfavoritecompany tenant in the infrastructure tab (9 out of 10 times you will be in infrastructure tab).
Let’s first create the credentials. This credential is like a template of credential which can be used several times without typing every time same credential or if credential of vCenter/endpoint cannot be shared with vCAC admins.Enter the Name for credential. I recommend to put FQDN name of the vCenter so that you’re aware of connection details. Put some short meaningful Description, Username and Password. Press the green check box.
Go to the endpoints tab. Now here Name is the most important field. This name must match to the name you have selected while installing the vSphere Endpoint.
- Just for reference purpose I’m pasting that screen here.
Address of vCenter. This is the address of end point. For vCenter it has to be https://vCenterFQDN/sdk format
Select the checkbox for Specify manager for network and security platform If you have vShield manager (vCNS Manager) or NSX Instance in your environment. After you select checkbox you get need to put the URL and credentials for it (not shown & explored by me here. It is topic which I will deal with vCloud Director endpoint).
At this point if vSphere endpoint is configured correctly you should see compute resources e.g. clusters are discovered. Quickest way to check this is to go to Agents tab and in the description tab from the drop down menu you should see vSphere agent. It confirms agent and endpoint are communicating
Below depicts how data collection works out using end points and what kind of data is collected
Organize Compute Resource
In order to organize resources we must create fabric group. Fabric group manages resources within their group. e.g. if you create a fabric group just for virtual resource then it cannot manage anything outside this assignment. Below I have create a fabric group and assigned a vCluster (later on I renamed this cluster to Gold cluster to make sense). So VirtualFabgroup will be able to manage only resources inside vCluster. However these resources are restricted to Memory and Storage as we will see it during creation of reservation.
This where vCloud Director must more superior product. You can configure things at much more granular level
Type name for Fabric Admins as VirtualFabgroup. This name should reflect type of fabric this group is going to manage. It helps a lot. Assign administrator to manage this Fabric as shown below. Select the resource it will manage.
Now that we have organize resource and appointed fabric admin. Let’s use fabric admin credential to login. It is worth noting all configuration till has been done by IaaS admin
You cannot create business group before creating Machine Prefix. It is must parameter for business group. You need at least one machine prefix. As mentioned above machine prefix are created by Fabric admin. Using Fabric admin lets create some meaningful prefix
I have created another two prefix offline just in case we need it and named them starting with CC-UAT and CC-DEV as seen below
Now that machine prefix is sorted out, let’s do business group. Business group represents BU within a organization. It could represent sales BU, Marketing BU or HR BU. In below example I considered Sales BU. So if tenant is organization then BU becomes part of Tenant.
You get an option within business group to create Business group administrator, support user and end user.
Business group manager Role
Approves machines and lease requests.
Manages machines created by all users in the business group.
Business Support Role: Support user helps you to request resources on behalf of the user. User role can request/self-provision machines/services from the catalog
Name for the Business group. Ensure it reflects Business group name.
Business group admins group/user name.
Email id of business group admin.
Active directory container is optional, I left it unfilled.
Only Tenant Administrators can create business group
Create Reservation and Reservation Policy
Using fabric admin credentials lets create a simple reservation
Click Infrastructure tab, –>> Click Reservations, –>> select Reservations, –>> click New Reservation, –>> vSphere (vCenter)
I have not configured reservation policy. I left machine quota and Priority to default values.
Lets move to Resources tab. Actual reservation is done here. You choose to reserve memory & storage. In Memory section you get to know how much of is available i.e. Physical, How much is reserved and how much is allocated out of this reservation.
Similar way I have reserved 27 GB out of 40 GB on Gold cluster. None is allocated.
Finally select network label by moving into Network tab. I have just one network label. But you can have as many as. But remember you must plan about it in advance.
I think I’ll pause my post here as I see it is already very big. But I’ll continue in next post. That being said lot of configuration of tenant is still pending.