Creating & Configuring Tenant/s in vCloud Automation Center 6.0 (vCAC 6.0)

Mutli-tenancy is built into vCAC6.0. What it means? It simply means for every tenant you do not need to install vCAC. You can have multi-tenant on single vCAC. Each tenant can have its own branding, Active Directory Authentication source, group, Business policies, Catalog offering and dedicated infrastructure. Tenants in vCAC are an organizational unit. Tenant represent business unit within an organization or can be organization itself.

In vCAC each tenants gets

  • Dedicated URL
  • Identity Stores
  • Branding
  • Notification Providers (email alerts)
  • Business Policies
  • Service Catalog offering (small VM, Big VM, Web service, Apache Service)
  • Infrastructure Resources (virtual. Physical, Cloud)

    vCAC gets a default tenant vSphere.local (cannot be changed/avoided) and can be accessed via http://vCACApplianceFQDN/shell-ui-app

     

    image_thumb3

    1) To create a new tenant click on green Icon encircled above. New window opens up. When all details are entered, press Submit and Next

    image_thumb5[1]

    2) Lets add the identity source. In my case I’m using my own AD.

    image_thumb15

    Here you as Administrator create two very important roles.

  • Tenant Administrators

  • Infrastructure Administrators (I have referred it as IaaS Admin in this post)

    image_thumb19

    Parameters

    Explanation

    Name Name by which you wish to identify the Identity source
    Type You’ve option to choose from Active Directory or LDAP. Native AD option is available only for vsphere.local
    URL Provide the LDAP format even if you are using AD. It is referred as accessing AD over LDAP connection
    Domain Name of your domain
    Alias You can put any name here which is easier to remember and it helps to use to login this alias. In my case I can use spreetam@vZare.com or just spreetam@vZare . Both works.
    Login user DN User who has read only permissions on Active directory
    Password Password for Login user
    User search base DN Place in AD/LDAP where you wish to search the Users. I have put my Favorite company OU as a location to search users. Effectively I will be adding users only in my Favorite OU
    Group search base DN Same as above except that it will be used to search groups

    Branding and other parameters in tenant creation I left it default as there isn’t much to learn

     

    Configuring Tenant

     

    Below is the workflow we should follow to configure Tenants

    image

     

     


    IaaS Administrator is created by administrator and is responsible to perform

    • Management of endpoints, endpoints credentials and virtualization proxy agent
    • Management of cloud service accounts as well as physical machines and storage devices
    • Monitoring of IaaS system logs

image

  • Here in below screen I have logged in using IaaS Admin (userid:iAdmin). Go to the myfavoritecompany tenant in the infrastructure tab (9 out of 10 times you will be in infrastructure tab).

     

    Credentials

    Let’s first create the credentials. This credential is like a template of credential which can be used several times without typing every time same credential or if credential of vCenter/endpoint cannot be shared with vCAC admins.Enter the Name for credential. I recommend to put FQDN name of the vCenter so that you’re aware of connection details. Put some short meaningful Description, Username and Password. Press the green check box.

    NB: I always keep searching for image Button. That green button should be on right hand side not left hand side.

    EndPoints

    Go to the endpoints tab. Now here Name is the most important field. This name must match to the name you have selected while installing the vSphere Endpoint.

  • Just for reference purpose I’m pasting that screen here.
  • SNAGHTML562d69b

    imageSo now we need to put the same name as we have configured in above screen. It is case sensitive.

    imageAddress of vCenter. This is the address of end point. For vCenter it has to be https://vCenterFQDN/sdk format

    imageNow select the credentials you had created earlier. You can use integrated authentication If you have selected integrated credentials while installing vSphere agent.

    imageSelect the checkbox for Specify manager for network and security platform If  you have vShield manager (vCNS Manager) or NSX Instance in your environment. After you select checkbox you get need to put the URL and credentials for it (not shown & explored by me here. It is topic which I will deal with vCloud Director endpoint).

    imagePress OK and we are done configuring vSphere Endpoint

    At this point if vSphere endpoint is configured correctly you should see compute resources e.g. clusters are discovered. Quickest way to check this is to go to Agents tab and in the description tab from the drop down menu you should see vSphere agent. It confirms agent and endpoint are communicating

    image

     

    Below depicts how data collection works out using end points and what kind of data is collected

    image

    Organize Compute Resource

    In order to organize resources we must create fabric group. Fabric group manages resources within their group. e.g. if you create a fabric group just for virtual resource then it cannot manage anything outside this assignment. Below I have create a fabric group and assigned a vCluster (later on I renamed this cluster to Gold cluster to make sense). So VirtualFabgroup will be able to manage only resources inside vCluster. However these resources are restricted to Memory and Storage as we will see it during creation of reservation.

    This where vCloud Director must more superior product. You can configure things at much more granular level

  • image

  • Type name for Fabric Admins as VirtualFabgroup. This name should reflect type of fabric this group is going to manage. It helps a lot. Assign administrator to manage this Fabric as shown below. Select the resource it will manage.

    Now that we have organize resource and appointed fabric admin. Let’s use fabric admin credential to login. It is worth noting all configuration till has been done by IaaS admin

    Fabric Administrator Role

    Machine Prefix

    You cannot create business group before creating Machine Prefix. It is must parameter for business group. You need at least one machine prefix. As mentioned above machine prefix are created by Fabric admin. Using Fabric admin lets create some meaningful prefix

    image

    I have created another two prefix offline just in case we need it and named them starting with CC-UAT and CC-DEV as seen below

    image

    Business Group

    Now that machine prefix is sorted out, let’s do business group. Business group represents BU within a organization. It could represent sales BU, Marketing BU or HR BU. In below example I considered  Sales BU. So if tenant is organization then BU becomes part of Tenant.

    test

  • You get an option within business group to create Business group administrator, support user and end user.

    Business group manager Role 

    1. Approves machines and lease requests.
    2. Manages machines created by all users in the business group.

    Business Support Role: Support user helps you to request resources on behalf of the user. User role can request/self-provision machines/services from the catalog

    Name for the Business group. Ensure it reflects Business group name.

  • Business group admins group/user name.
  • Email id of business group admin.
  • Support Role.
  • User Role.

    Active directory container is optional, I left it unfilled.

    image

    Only Tenant Administrators can create business group

    image

    Create Reservation and Reservation Policy

    Using fabric admin credentials lets create a simple reservation

    Click Infrastructure tab, –>> Click Reservations, –>> select Reservations, –>> click New Reservation, –>> vSphere (vCenter)

    image

    image

    I have not configured reservation policy. I left machine quota and Priority to default values.

    Lets move to Resources tab. Actual reservation is done here. You choose to reserve memory & storage. In Memory section you get to know how much of is available i.e. Physical, How much is reserved and how much is allocated out of this reservation.

    image

    Similar way I have reserved 27 GB out of 40 GB on Gold cluster. None is allocated.

    Finally select network label by moving into Network tab. I have just one network label. But you can have as many as. But remember you must plan about it in advance.

    image

    I think I’ll pause my post here as I see it is already very big. But I’ll continue in next post. That being said lot of configuration of tenant is still pending.

One thought on “Creating & Configuring Tenant/s in vCloud Automation Center 6.0 (vCAC 6.0)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s