Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.

Abiquo 4.6

Skip to end of metadata
Go to start of metadata

Introduction to public cloud

The multi-cloud platform enables you to add public cloud provider regions, OpenStack clouds, and vCloud Director clouds as public cloud regions. You can offer cloud tenants a federation of private cloud and public clouds in a single pane of glass. And you can control the use of public cloud resources in the same way as you can in the platform's private cloud datacenter (quotas, limits, etc).  

The platform manages public cloud regions using remote services. For a public cloud region, the remote services can be shared with other datacenters or public cloud regions, and you do not need an NFS repository.  Each cloud tenant using the public cloud region will require its own cloud provider account and needs to add a set of credentials to the Enterprise. 


When users create a virtual datacenter and deploy in the public cloud region, the platform creates the entities in the public cloud provider. For example, in AWS, Abiquo creates a VPC and in AWS, virtual machines deployed in the VPC virtual datacenter are AWS EC2 Instances. 

Allow the enterprise access to public cloud regions

When you first create a datacenter or public cloud region, by default only the users of the enterprise that created it will be allowed to use it. To enable other users to deploy and work with VMs, administrators must allow enterprises to access datacenters or public cloud regions. For brevity, these may be collectively called "Allowed datacenters" or "Allowed locations". For each allowed location, the enterprise will have an Apps library with their templates, and their virtual datacenters for deploying VMs.  

Allowed locations are where users can work, for example, create a virtual datacenter and deploy VMs. To administer the infrastructure of a location, the administrator must also have the location in their administration Datacenters scope list. See  Manage Scopes

To set the datacenters and public cloud regions that an enterprise is allowed to access:

  1. Go to Enterprise → Datacenters. The left pane contains a list of datacenters and public cloud regions, which are "Prohibited Datacenters" by default
  2. Select one or more datacenters or public cloud regions in the left pane and drag and drop them into the "Allowed Datacenters" right pane

    If you have multiple public cloud regions on the platform, they may be grouped provider, which enables you to drag and drop the provider or selected regions. To set default allocation limits and VDC roles for regions in a provider, edit the provider.

     Click here to expand...

To configure resources, including allocation limits for each allowed datacenter and public cloud region, see Configure an Enterprise in a Cloud Location.

To display the enterprises with access to a region, go to Infrastructure → Public → select Region → servers view → Virtual machines → Account

Add public cloud credentials for the enterprise

To work with a public cloud region, each enterprise should have its own public cloud account for the cloud provider. All the users in the tenant will work with this same account. 

Before you begin:

  1. Check your provider's documentation and pricing. 
  2. Obtain credentials to access the cloud provider's API. We provide the following basic guides but you should always check with your provider. See Obtain public cloud credentials
  3. Check that the public cloud region you wish to use is available in your environment.

Privilege: Manage provider credentials

To add public cloud credentials:

  1. Go to Users → edit enterprise → Credentials → Public
  2. Enter the credentials as described here

    ProviderSelect public cloud provider or vCloud Director region
    Access key ID

    Identity to access the cloud provider API. For example, a username, API access key ID, subscription ID and certificate, or another account identifier. For DigitalOcean v2, the platform does not use this field.

    For Azure, the format is subscription-id#app-id#tenant-id

    Secret access keyKey to access the cloud provider API. For example, an API key or other API credential
    Also use for pricingUse this credential to access pricing data in the provider. For example, to get hardware profile prices from AWS. For Azure, add a separate pricing credential.
    Current credentialsProvider credentials that are already in the platform
  3. Click Add account. The platform will validate your credentials with the cloud provider and save them
  4. Finish editing the enterprise and click Save

Control how VMs onboard from public cloud

To onboard all VMs into a single virtual appliance, set the singlevapp property to true. If you wish to configure the name, set the singlevapp name enterprise property:
"sync.singlevapp.name":"sync vapp name"

For instructions on how to set an enterprise property, see Manage Enterprises#Enter additional tenant details.

This will add a cloud provider account for a tenant enterprise with access to a public cloud region.

Onboard enterprise resources from public cloud

To onboard a virtual datacenter from public cloud:
  1. Go to Virtual datacenters
  2. At the top of the V. Datacenters list, click the + Add button
  3. Select Synchronize public cloud
  4. Select a public cloud region
  5. Select the virtual datacenter entity to onboard. For example, VPCs in AWS or Virtual networks in Azure. Select an entity and click the Synchronize button. 
    For an AWS region, select a VPC to synchronize as an Abiquo virtual datacenter
  6. The platform will load all of the elements into a virtual datacenter so they can be managed. For example, from AWS, the platform will import the VPC, VMs, subnet with IP addresses, public IPs, firewalls and load balancers, which will be named with their provider identifiers. 
    • The platform will mark the public subnet (identified by a custom route table and NAT gateway) with a globe symbol and set the Internet gateway flag for this subnet. 

    • Users with bespoke network configurations should check the results of the synchronization. 

    • The platform will synchronize private and public IP addresses even if they are not in use by VMs, and mark the IP addresses in use by provider entities with provider identifiers.

       Click here to show/hide the screenshot

    • The platform will import VM templates. If the platform cannot find the VM template, the VM will have no template in the platform. To save a copy of your VM disk to create a template, so you can recreate the VM, make an Abiquo instance of the VM. 

       Click here to show/hide the screenshot

If you delete a synchronized VDC, the platform will delete it in the provider. Always check which is the default VDC in your provider, e.g. AWS default VPC, because it may be inconvenient to delete this VPC

If your enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will still exist in the public cloud provider

During VDC synchronization, the platform will ensure that the resources in the platform and the provider are the same.
  • It will delete entities in the platform that were deleted already in the provider
  • However, it will maintain resources attached to undeployed VMs in the platform
    • For example, if a user has an undeployed VM with IPs and a load balancer, then after the synchronization, these resources are attached to the VM in the platform only
    • Warning: These resources are "free" in the provider. Users working directly in the provider could assign these resources to other VMs. This will cause a conflict and error at deploy time

To update a virtual datacenter and onboard any changes made in the provider, synchronize the virtual datacenter:

  1. Go to Virtual datacenters → V. Datacenters list
  2. Beside the virtual datacenter name, click the double arrow Refresh button

You can also synchronize resources such as networks, public IPs, firewalls, and load balancers. To do this, go to the resource tab and click the straight double arrow Synchronize button. For more information, see the resource documentation.

 Click here to show/hide the screenshots

Screenshot: Synchronize firewalls

Synchronize firewalls that you onboarded or created in public cloud

Screenshot: Synchronize private networks in public cloud

Public cloud synchronization parameters

Note to System Administrators: For information about tuning public cloud synchronization, see Abiquo Configuration Properties#pcrsync.

Control enterprise resource usage in public cloud

At the location level, you can limit resources and set defaults. This means you can set an allocation limit for an enterprise in each datacenter or public cloud region.

To configure the same limits for all regions in a provider, select a provider group. For example, if you enter a hard limit of 8 CPUs, then the platform will create a hard limit of 8 CPUs in each region for this provider. This option is available when regions are grouped by provider or vCloud endpoint. See Group public cloud regions by provider or endpoint

To limit resources in a datacenter or public cloud region, set allocation limits:

  1. Go to Users → edit Enterprise → Allowed Datacenters
  2. Select an Allowed Datacenter (datacenter or public cloud region) in the right pane 
  3. Click the pencil Edit button. An edit dialog will open at the Allocation limits tab
  4. Set valid allocation limits

This is process is very similar to that of setting enterprise limits, so for more details, see 

LimitChecked atDescription



Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs

Virtual CPUs


Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs

Local Hard Disk


Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers

External Storage


Private cloud: Total size of external storage that may be assigned to VMs



Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create.

Public IPs


Total number of Public IPs, floating IPs (in public cloud), and NAT IPs that may be used

RepositoryOperationsPrivate cloud: Total size of NFS Repository space that maybe used for the Apps Library including templates and instances (but not conversions). Manage the Datacenter Apps Library#How much space can I use in the Apps Library?
Virtual machinesDeploymentTotal number of VMs that users can deploy in the location using their allowed resources


Display public cloud resources and statistics

In public cloud, Abiquo infrastructure metering and accounting register virtual CPUs, RAM, system disks, and floating public IPs. 

The platform displays infrastructure statistics and resource usage for private and public cloud. The statistics vary slightly depending on whether the data is for all datacenters or all public cloud regions, or filtered for a specific datacenter or region.

Privilege: Access Infrastructure view, Display resource usage panel

To view the resource usage of a cloud location:

  1. Go to Infrastructure → Private or Public
  2. Select All, or select a datacenter or public cloud region
  3. If necessary, click on the graph symbol in the top right hand corner to display the statistics view

Obtain infrastructure statistics with the API 

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource StatisticsResource.

Synchronize hardware profiles with a provider

In public cloud providers with hardware profiles, when you create a public cloud region and add credentials for an enterprise, Abiquo will automatically retrieve the hardware profiles for the public cloud region.
  • Provider hardware profiles are locked, which means that you cannot edit them
  • In public cloud regions with provider hardware profiles that also support CPU and RAM, you can deactivate hardware profiles mode.


To synchronize hardware profiles:

Privilege: Access infrastructure view and PCRs, View public cloud region details, Manage enterprises

  1. Go to Infrastructure → Public → select Public cloud region → Servers view → Hardware profiles
  2. Click the round arrows refresh button

By default, for each enterprise with credentials, the hardware profiles mode is enabled. By default, all hardware profiles are available to all enterprises. 

For information about hardware profiles in a provider, see Hardware profiles#Synchronizehardwareprofileswithaprovider

Control VMs running in public cloud providers

To display the VMs created in a provider region, go to Infrastructure → Public → select Region --Virtual machines → select Enterprise account.

To go to the VM, or the virtual appliance or virtual datacenter that contains the VM, click on the active name link in the list. 

To display the details of a VM and the available controls, select it in the list. 

To send an email to the owner and perform the standard VM actions, as appropriate and/or supported by the provider, use the buttons on the control panel.

Sending Email Notifications

To send email notifications about a physical machine in private cloud or VMs in private or public cloud:
  1. Go to Infrastructure → Private → Servers OR Infrastructure → Public → Public cloud region → Virtual machines
  2. Select a server or a VM and click the email icon 
  3. Optional: To add the email from your user account as the Sender address, select the checkbox. 
  • For a VM, the platform can send a notification to the owner of the VM
  • For a physical machine, select checkboxes to send notifications to:
    • All administrators of enterprises using this physical machine. 
      • Administrators have the "Define Enterprise Manager" privilege.
    • All users who have VMs deployed on that machine.

For event notification from the platform, the system administrator could use the Abiquo Events Notifier.

Delete a public cloud account

It is possible to release a public cloud account without deleting the resources in public cloud. This means that the enterprise cannot work with the public cloud regions in the platform but the enterprise's resources in public cloud will remain intact. 

To delete virtual resources in the provider, delete them in the platform before you delete the account. After you release credentials, you can then delete virtual resources in the platform that you do not wish to delete in the provider, for example, the default VPC.

If you wish to use the account again, you can add the credentials again. After that you can synchronize to onboard resources from public cloud to update the resources in the platform

Pages related to public cloud