Abiquo 5.0

Skip to end of metadata
Go to start of metadata

A  guide for cloud administrators to provision infrastructure and tenants.

Flow chart

This flow chart describes the basic process for provisioning infrastructure and tenants. 


Create datacenters andpublic cloud regions Create datastoreservice levels Configure networks Add compute withracks and servers Optionally createallocation rules Optionally createhardware profiles Provision tenants Provision networks Create virtual datacenters Capture VMs Configure backups Obtain publiccloud credentials Add credentialsfor a tenant Onboard frompublic cloud Private cloud Public cloud Private cloud Public cloud

Create datacenters and public cloud regions

This section describes all the basics for adding your datacenter infrastructure and public cloud providers to the platform.


Abiquo defines a datacenter  as a set of IT resources (servers, networking and external storage) in the same physical location. From the Infrastructure view you can manage basic infrastructure elements such as networks, racks, and physical machines.  

Abiquo defines a public cloud region as a set of IT resources exposed by a supported cloud provider.

The following diagram shows a datacenter with compute resources and a public cloud region in AWS with VPCs.

 




Create a datacenter

Before you begin:
  1. Obtain the IP address of the Remote Services server. If you are using a monolithic trial environment, this is the same as your Abiquo Server IP address

  2. Check if you will require the DHCP service (it is required for standard Abiquo networking) and check the protocol to use (Omapi or Dnsmasq)

    Privilege: Access infrastructure view and Private DCs, Manage datacenter

To create a datacenter do these steps:

  1. Go to Infrastructure → Private
  2. At the bottom of the Datacenters list, click the + add button
  3. On the Create datacenter dialog, enter the Name of the datacenter and its Location to plot the datacenter on the Infrastructure view map. Then click Next 
  4. To create the datacenter remote services, enter the IP address of the remote services server for the Virtualization manager. To copy the remote service location, click Duplicate IP addresses 


After the platform creates the datacenter, do these steps:

  • To allow users to deploy in the datacenter, edit your enterprises to add the new datacenter to the Allowed datacenters list 
  • To allow administrators to manage the datacenter, edit your administration scopes and add the new datacenter 

Related pages



Create a public cloud region

A public cloud region represents a region of a cloud provider in Abiquo, to enable users to use virtual resources and deploy VMs in the cloud.


Privilege: Access Infrastructure view and PCRs, Manage public cloud regions

Before you begin:

  • To create a public cloud region for a vCloud Director cloud, obtain credentials for the Administrator or Organization. For more details, see VMware vCloud Director.

To create a new public cloud region:

  1. Go to Infrastructure → Public
  2. Click the + add button at the bottom of the public cloud regions list. 

  3. The Create public cloud region dialog will open. Enter the base Name and select the Provider. Select the Regions

    • The platform will create the first region with the Name you enter and the others with a suffix of "_1", "_2", and so on. 

    • If for some reason the platform cannot create a region, it will move on to the next region on the list

  4. Click Next

  5. In the remote services IP address field for the Virtualization manager, enter the first letters of the domain name of the remote services server and select it from the selection list
  6. Click Save

    The platform will create your public cloud region.


  • To allow users to deploy in the public cloud region, edit your enterprises to add the new region to the Allowed datacenters list and to add cloud provider API credentials See Obtain public cloud credentials
    • You will require one separate account for each enterprise using a public cloud region, i.e. one account per enterprise
    • For certain regions, such as those in China, you will require separate credentials, which you can enter separately with the appropriate provider (e.g. Amazon CHINA)
    • For vCloud Director, you will require Organization and Administrator credentials 
  • To allow administrators to manage the public cloud region, edit your administration scopes and add the new region



Create datastore service levels

In private cloud, to group hypervisor datastores and price them according to service levels, use datastore tiers. 

  • When you use tiers, administrators or cloud users can choose the service level for VM hard disks at the level of VM templates, virtual datacenters, and VMs. 
  • When you perform VM or storage moves outside of Abiquo, the platform will synchronize disks to their new datastore tiers.
  • If you do not enable datastore tiers feature, all datastore disks will be created in the "Default Tier".

You can add datastores to a tier when you add a hypervisor to the platform, or from the Datastore tiers tab.

  • You can only add datastores to datastore tiers if they do not have any managed VM disks on them or if none of the disks are in a tier.



Create datastore tiers

To create a datastore tier:

Privilege: Access infrastructure view and Private DCs, View datacenter details, Manage storage elements

  1. Go to InfrastructurePrivate → select datacenter → Datastore tiers
  2. Click the + Add button
  3. Enter the Name and Description
  4. Click Save

The platform will create the tier and allow access to all future enterprises that you create. For more details about the datastore tier settings, see the documentation on Abiquo Screens: GUI Create datastore tier General information and GUI Create datastore tier Enterprise access



Configure networks

Before you configure your private cloud networks in Abiquo, configure the network infrastructure outside of the platform. You will need ranges of VLAN tags and IP addresses for use in the platform. See Network in the Abiquo Infrastructure Guide.

To manage datacenter networks:

  1. Go to Infrastructure → Private → select a Datacenter→ select datacenter details view → Network

To manage networks in public cloud:

  1. Go to Cloud view → select a virtual datacenter or All virtual datacenters → Network




Create labels for networks and hypervisor NICs

To assign networks to network interfaces on your hypervisors, tag the network interfaces with "network service types". Then later, tag your networks to assign them to these network interfaces.

Privilege: Access infrastructure view and Private DCs, View datacenter details, Manage network elements

To create network service types:

  1. Go to Infrastructure → Private → select datacenter → Servers section → Network → Network service types 
  2. Click the + add button 
  3. Enter the Name of the network service type that the tag will represent
  4. Click Save







Define network virtualization integrations with devices

The platform has integrations with network virtualization systems to offer features such as network blueprints, self-service firewall and load balancer policies, NAT, and VPNs. The platform uses Devices to define integrations with external systems.

Devices do the following:

  • register the endpoint and credentials of the network virtualization system in a private cloud datacenter
  • contain a list of the virtual datacenters that the network virtualization system is managing.

A device can be created:

  1. For a datacenter
  2. For a single enterprise

A device belonging to a specific enterprise has a higher priority than a device for all enterprises.

The device functionality is transparent to the cloud user, who will automatically have self-service access to networks, and firewall and load balancer policies.

Privilege: Manage devices

Devices on KVM

Each KVM hypervisor can only point to one Neutron device but it can be shared by multiple enterprises in the datacenter. So for KVM there are two main configurations:

  • Recommended: for all enterprises to use Neutron, a single global device for all enterprises that configures a single Neutron system
  • Alternative: for selected enterprises to use Neutron, a device for each enterprise that configures a single Neutron system

To create a device to define a network virtualization system:

  1. Go to Infrastructure → Private → select Datacenter → Datacenter details view → Network → Devices
  2. Click the + add button and enter the device details

    Field

    Value

    Plugin type

    Network virtualization system and blueprint

    InterfacesA list of interfaces or functionality supported by the plugin

    Name

    The name of the device. Identify the device to users who will create platform networks, such as external and public networks

    User

    The username of the account that Abiquo will use to connect to the device.
    For NSX: use a vCenter account with NSX permissions

    Password

    The password of the account that Abiquo will use to connect to the device.

    Description

    Your description of the device

    Endpoint

    The URL where Abiquo can connect to the device; usually requires HTTPS

    Enterprise

    Optional: to restrict the device to a single cloud tenant, select the enterprise.

    If you do not select a tenant, the device will be the default for all enterprises that do not have a specific device assigned,

Select devices for external and public networks

To use a network virtualization system to manage Abiquo external and public networks, the Network Administrator must first pre-create the networks in the network virtualization systems. Then when you create the external or public network in Abiquo, select the device for your virtualization system.




Reserve private network ranges with excluded networks

To create an excluded network:
  1. Go to Infrastructure → Private → select a datacenter → Servers view → Network → Excluded
  2. Click the + Add button and enter the network details


    Field

    Value

    Network Name

    The name of the network to exclude of up to 128 characters

    IPv6To exclude an IPv6 network, select this checkbox

    Address

    The network address of the network to exclude

    Netmask

    The network mask in CIDR format. For IPv4, the networks created in the platform the netmask can have a value from 16 to 30 inclusive, and for IPv6, it can have a value of 64, 56, or 48.

  3. Click Save. 
  4. If users already have private networks with this range, the platform will display a warning popup. To force the creation of the excluded range, click Confirm. 

The platform will exclude the network range. Users with existing private networks within the excluded range can continue to work with them. But if the users delete the networks, they will not be able to create them again. 

You can also manage excluded networks with the API.

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource ExcludedNetworksResource.



Configure NAT

As part of the Abiquo NSX integration, you can use the NAT blueprint to configure virtual datacenters with NAT.

To configure NAT for a datacenter:

  1. Go to Infrastructure → Private → select datacenter → Network → Devices
  2. To define the NSX integration in Abiquo, create a NAT device




Create racks

In the platform, compute resources in private cloud datacenters are represented as physical machines on racks. A rack is a logical entity used for grouping physical machines that may be useful, for example, to manage VLANs and VXLANs for virtual datacenter networks or for Abiquo high availability of VMs. 

Administrators usually configure racks in the platform to mirror physical racks, with a group of physical machines connected to the same top-of-rack switch. 

To create a rack:

Privilege: Access infrastructure view and Private DCs, View datacenter details, Manage datacenter infrastructure elements

  1. Go to InfrastructurePrivate → select a datacenter
  2. At the bottom of the Physical servers list, click the + add button and select Rack
  3. Enter the Name and optional values
  4. Go to Network
    1. Enter the range of the VLAN or VXLAN tags to use on this rack for private networks
    2. In Excluded VLAN IDs, enter a comma-separated list of ranges (with a dash "-") and/or individual tags that you will use for other networks.
    3. In Reserved VLANs per VDC enter the number of VLANs that you expect VDCs to use. Note that this is not a real reservation, but it will prevent the creation of too many VDCs on the rack!
    4. In VLAN pool size enter the number of VLANs to reserve for VDCs that use more than the expected number
  5. Click Save

Related pages:




Create servers

To add a host (also called a server or physical machine)

Privilege: Access infrastructure view and Private DCs, View datacenter details, Manage datacenter infrastructure elements

  1. Go to InfrastructurePrivate → select datacenter → Servers
  2. If there are no racks, first create a rack. See Create racks
  3. Select a rack, then click the + add button. Select Physical machine
  4. Select the Hypervisor type, which could be a standard hypervisor, master hypervisor system, or VMware vCenter cluster as a physical machine
  5. Enter the connection details. You can enter the IP address or the FQDN of the server

    Using the connection details, the Discovery Manager remote services will try to retrieve the hypervisors or clusters from a master hypervisor or connect with the hypervisor or cluster.
  6. For a master hypervisor, the multiple hypervisor selection dialog will open with a list of the physical machines managed by the master hypervisor. Select the ones that you wish to add and click Edit to complete their details as required. 
  7. After the platform retrieves each host (server or "physical machine"), the Create physical machine dialog will open.

Register a physical machine in Abiquo

To register a physical machine in Abiquo, do these steps.

  1. Enter the Name, which defaults to its IP address, and check the other details
  2. Go to Network interfaces and enable at least one network interface. To do this, select the network service type of the VLANs that will use this interface
  3. Go to Datastores and and enable at least one datastore. Do not enable the NFS repository (usually /opt/vm_repository) because this will severely degrade deployment performance
     
  4. Click Save

Related pages:



Create allocation rules

The platform uses allocation rules to control the scheduling of resources in datacenters, although your virtualization technology must manage the use of the resources. For details of the allocation process, see the Virtual Machine Allocation section. 

There are two types of allocation rules: Global rules apply to all datacenters and Datacenter rules apply to the selected datacenter. 




Create a global load balance rule

The platform uses allocation rules to control the scheduling of resources in datacenters, although your virtualization technology must manage the use of the resources. For details of the allocation process, see the Virtual Machine Allocation section. 

You can create the following types of load balance rules:

  • PERFORMANCE:  select the machine with the most available resources. If more than one physical machine has the same resources available, use a round-robin algorithm to allocate each VM to a different physical machine.
  • PROGRESSIVE:  select the same physical machine until it is full, then change to another one. Begin with the machine with the most available resources. Default rule

To create a global load balance rule:

Privilege: Access infrastructure view and Private DCs, View datacenter details, Manage allocation rules

  1. Go to Infrastructure → Private → select a datacenter
  2. If you are in Map view or Statistics view, click the Server symbol in top right-hand corner to go to Servers view
  3. Go to Allocation rules
  4. On the Global panel, click the + add button
  5. As the Rule type select "Load balance"
  6. Select the Load balance type




Create datacenter load balance rules

The platform uses allocation rules to control the scheduling of resources in datacenters, although your virtualization technology must manage the use of the resources. For details of the allocation process, see the Virtual Machine Allocation section. 

You can create the following types of load balance rules:

  • PERFORMANCE:  select the machine with the most available resources. If more than one physical machine has the same resources available, use a round-robin algorithm to allocate each VM to a different physical machine.
  • PROGRESSIVE:  select the same physical machine until it is full, then change to another one. Begin with the machine with the most available resources. Default rule

A datacenter load balance rule will have priority over a global load balance rule.

To create a datacenter load balance rule:

Privilege: Access infrastructure view and Private DCs, View datacenter details, Manage allocation rules

  1. Go to Infrastructure → Private → select datacenter
  2. If you are in Map view or Statistics view, click the server symbol in top right-hand corner to go to Servers view
  3. Go to Allocation rules
  4. On the Datacenter panel, click the + add  button
  5. Select Load balance as the rule type
  6. Select the load balance type 




Create load level compute rules

To specify the CPU and RAM load on machines, use compute load level rules. The scheduler will use these rules to help determine if a physical machine is a candidate to hold a VM. 

The platform uses Load level rules to specify the level that the scheduler can assign to the virtualization technology. The virtualization technology is responsible for managing the load that is assigned

You can create load level rules for the following elements:

  • a datacenter (all racks)
  • a rack (all servers on the selected rack)
  • a cluster (for supported hypervisors)
  • a specific server 

You can only add one rule for an element at each level, but more than one rule may apply.

The priority order of rules is any cluster rule first (if it is present), then the other rules from the most specific rule to the least specific rule. A cluster rule affects all hosts in a cluster irrespective of their state, for example, it applies to hosts that are powered off.

To create a load level compute rule:

Privilege: Access infrastructure view and Private DCs, View datacenter details, Manage allocation rules

  1. Go to Infrastructure → Private → select a datacenter
  2. If you are in Map view or Statistics view, click the Server symbol in top right-hand corner to go to Servers view
  3. Go to Allocation rules
  4. On the Global panel, click the Add   button
  5. Select the "Load level compute" rule type
  6. Complete the dialog



Field

Value

Rule type

Select Load level compute

Rack

Select All or a specific rack

Server

Select All or a specific server.

If you are using a cluster as a physical machine, select the "Server" radio button to create rules for the cluster

Cluster


If you are using vCenter with ESXi, the platform detects the clusters. Select a specific cluster

A cluster rule affects all hosts irrespective of their state, for example, it applies to hosts that are powered off.

Aggregate

Select to create a rule for the sum of all resources in a group (datacenters, racks, or clusters). This means that the platform will sum all of the resources in the group and calculate the load level percentage of the total in order to determine the available resources for the group.

Service Port

The port used by the cloud nodes to connect to the storage technology

RAM

Percentage usage of memory to allow. We DO NOT recommend the overallocation of RAM

CPU cores

Percentage usage of CPU cores to allow. We DO NOT recommend the oversubscription of CPU cores



Create load level storage rules

To specify the storage load on machine datastores, use storage load level rules. The scheduler will use these rules to help determine if a physical machine is a candidate to hold a VM. 

You can create rules for the following elements:

  • A datacenter (all datastore tiers)
  • A tier (all datastores in a tier)
  • A specific datastore.

If there is more than one rule that applies to a datastore, the most specific rule takes precedence over more general rules.

To create a load level storage rule:

Privilege: Access infrastructure view and Private DCs, View datacenter details, Manage allocation rules

  1. Go to Infrastructure → Private → select a datacenter
  2. If you are in Map view or Statistics view, click the Server symbol in top right-hand corner to go to Servers view
  3. Go to Allocation rules
  4. On the Global panel, click the Add   button
  5. Select the "Load level storage" rule type
  6. Complete the dialog

Field

Value

Rule type

Select Load level storage

Datastore tier

Select All or a specific tier

Datastore

Select All or a specific datastore

Storage

Percentage usage of storage to allow, from 0 to 100%.

Notes
  • The platform uses Load level rules to specify the level that the scheduler can assign to the virtualization technology. The virtualization technology is responsible for managing the load that is assigned




Create hardware profiles

Hardware profiles are a convenient way of displaying CPU and RAM values that enable you to simplify the configuration of VMs for your users. They also enable you to control available hardware configurations and to recommend suitable hardware configurations for VM templates. And you can restrict users to a set of recommended configurations for a template.
  • For public clouds with provider hardware profiles, you can synchronize and manage the provider's profiles in the platform. You can onboard and synchronize public cloud hardware profile price lists and incorporate them into your pricing models. 
  • Note that the Azure API returns a value for cores per socket but the platform does not use this value
  • For private cloud datacenters and public clouds without native hardware profiles, you can create and fully manage hardware profiles in the platform. 
  • Some cloud providers may offer both hardware profiles and CPU and RAM.

In private cloud, the hardware profile can be dynamic for CPU and/or RAM, which means that the user can enter these values. Users can also enter cores per socket.



Manage hardware profiles with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource HardwareProfilesDatacenterResource.



Synchronize hardware profiles for a public cloud region

In public cloud providers with hardware profiles, when you create a public cloud region and add credentials for an enterprise, Abiquo will automatically retrieve the hardware profiles for the public cloud region.
  • Provider hardware profiles are locked and you cannot edit them
  • In public cloud regions with provider hardware profiles that also support CPU and RAM, you can deactivate hardware profiles mode.

To synchronize hardware profiles: 

Privilege: Access infrastructure view and PCRs, View public cloud region details, Manage enterprises

  1. Go to Infrastructure → Public → select Public cloud region → Servers view → Hardware profiles
  2. Click the round arrows refresh button

By default, for each enterprise with credentials, the hardware profiles mode is enabled. By default, all hardware profiles are available to all enterprises. 



Create a hardware profile

You can create Abiquo hardware profiles in private cloud datacenters and for public cloud providers that do not have provider hardware profiles, such as vCloud Director clouds.

Privilege: Access infrastructure view and private DCs, View datacenter details, Manage datacenter infrastructure elements

To create a hardware profile:

  1. Go to InfrastructurePrivate or Public → select a location →  Hardware profiles
  2. Click the + add button
  3. Enter the details of the hardware profile
  4. Click Save

Field

Value

Name

Enter a unique name for the hardware profile. Identify it to users who will select it for their VMs.

CPU

The number of virtual CPUs to assign to VMs using this hardware profile. The combination of CPU and RAM must be unique in the datacenter. For dynamic hardware profiles this is the default value.

Cores per socketThe number of cores per socket to use for supported hypervisors such as VMware. The number of CPUs must be divisible by this value. For dynamic hardware profiles this is the default value.

RAM

The amount of virtual RAM to assign to VMs using this hardware profile. The combination of CPU and RAM must be unique in the datacenter. Select RAM units of MB, GB or TB. For dynamic hardware profiles, this is the default value.

DynamicTo allow the user to enter CPU and/or RAM values, select the Dynamic option/s. Pricing and billing of dynamic hardware profiles will include cost codes, and CPU and RAM usage pricing.
Cost codeFor pricing and billing, select a cost code for the hardware profile. See Pricing View#Create a new cost code

Active

Select this checkbox to activate or deactivate the hardware profile

Troubleshooting

  • The platform will only display active hardware profiles to make available to an enterprise but inactive hardware profiles may be shown if they were previously selected when active.
  • The platform will only display active hardware profiles for selecting the recommended profiles for a template.
  • Users can only work with active hardware profiles.



Set prices for hardware profiles

You can set prices for hardware profiles using cost codes or for each individual hardware profile.




Provision tenants

This section describes how to set up enterprises, which are basic cloud tenants.

Before you create tenants, you should do these steps:




Introduction to user roles

Each user has a role to define how they can work with resources. 

User roles have groups of privileges to allow access to different cloud features.

  • Global roles are available to all enterprises, and display with "(Global)" after the name
  • Enterprise roles belong to a specific enterprise, and the platform displays them when you select an enterprise.


OpenID, AD, or LDAP groups

You can specify directory groups in user roles. The platform will automatically create users and assign the matching roles to them. 
See LDAP and Active Directory Integration and Abiquo OpenID Connect Integration.


Generally, you will assign one role to a group of users. You can clone and modify default roles to create your own roles. The Privileges page lists all the privileges and marks those assigned to each default role. 

Default Role

Description

CLOUD_ADMIN

Manages the physical infrastructure and configurations in order to offer a cloud service. The default "admin" user has this role and unlimited global scope. You can create cloud administrators with lesser scopes that restrict them to certain enterprises and cloud locations. You cannot modify the privileges of this role. There must always be at least one user with this role and the global scope, but it does not have to be the default admin user.

ENTERPRISE_ADMIN

Manages configurations at enterprise level and grants access to other enterprise users. You can add privileges to allow the user to administer multiple enterprises, for example, as a reseller.

USER

Works with virtual appliances in their enterprise.

OUTBOUND_APIThe default privileges of this role allow the user to read all events. This user is for the module that stores events in the API and streams them for the outbound API.
ENTERPRISE_VIEWERAllows read-only access to the cloud platform. A user with this role can access a VDC and view VApps, VMs and VM details.

Privileges are generally independent, for example, when the user role does not have the "Access Infrastructure view" privilege, the Infrastructure icon will not display in the UI. However, with the "Manage datacenters" and "View datacenter details" privileges, the user can access this functionality through the API.

For information about creating a reseller, see Create a Reseller and Reseller Administrator User

Changes to privileges by version



Create a user role

To create or clone a role do these steps:
  1. Go to Users → Roles.
  2. To clone a role, click the clone button. The platform will prefix the clone name with "Copy: ".
  3. To create or modify a role, click the + Add button or Edit button and complete the following dialog and click Save.

    Field

    Description

    Role name

    The name of the role. Local roles in different enterprises can have the same names

    Enterprise

    The enterprise that a local role belongs to

    Make this role global

    To create a global role that can be used in all enterprises, mark the Make this role global checkbox.

    Allowed CIDRsOptional: to create a default list of network addresses from which users with this role can access the platform, enter Allowed CIDRs. You can also set allowed CIDRs for a scope. The user will inherit the role and scope CIDRs. Any allowed CIDRs set directly for the user will have priority over these inherited allowed CIDRs.

    External Roles

    The corresponding external roles, e.g. LDAP group, for the user.   Required in external authentication modes (openid, ldap). A user's external roles must map to a single role (local or global). See  LDAP and Active Directory Integration  and  Abiquo OpenID Connect Integration. You can also set external scopes.

  4. Select the role and modify its privileges 

Edit user role privileges

To edit the privileges of a role do these steps:

  1. If you wish to modify a local role, first select the enterprise that the role belongs to
  2. Select a role in the Roles list
  3. Edit the privileges, selecting or deselecting groups or individual privileges as required
    1. See Privileges for more details of existing roles
  4. Click Save or discard changes by clicking outside the privileges pane, e.g. by clicking another role.

Privilege: Access Roles and Scope screens, Manage roles, Manage global role


Manage roles with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource RolesResource.



Introduction to user scopes

A user scope is an access list that allows the user to access the appropriate resources in the tenant hierarchy. The platform controls access with the role, the scope, and the tenant's allowed locations. The tenant's default scope positions the tenant in an optional tenant hierarchy, and the platform assigns it to the tenant's users by default. For an administrator that can work with more than one tenant, the platform uses the Enterprises list to control access to tenants. 

To manage a complex hierarchy of resellers and/or tenants and to delegate user management and share resources, create a scope hierarchy. See the following sections:



Create a scope

If you would like to restrict your tenants to a specific set of resources or allow administrators to access a limited group of tenants, then you can create a scope, which is an access list. We recommend that you create a scope before you create an enterprise. This means that you will give the scope access to the public cloud regions and datacenters first. Later you will edit the scope and add the tenant enterprise and any new enterprises that the tenant will directly manage. 

Privilege: Manage scopes, Allow user to switch enterprises

To create a scope do these steps:

  1. Go to UsersScopes
  2. Click the + add button
  3. Enter the Name
  4. Optional: to add the scope to a hierarchy, select a Parent scope
  5. Select Datacenters and Enterprises to include in the scope
    • The options to Use all enterprises or Use all datacenters will automatically include new enterprises or datacenters

Create a scope - General info

Create a scope - Entities



Manage scopes with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource ScopesResource.



Create a basic tenant

This section describes how to create a basic tenant enterprise for a cloud tenant. For more detailed information, see Manage Enterprises.

To create a basic customer enterprise do these steps:

  1. Go to Users
  2. At the bottom of the Enterprises list, click the + add button to add an enterprise
  3. On the General tab

    1. Enter the customer Name
    2. As the Default scope, set the tenant scope
    3. If the enterprise represents the tenant headquarters or similar, select Key node
  4. Go to Allocation limits and set resource usage limits for the enterprise
    • Hard limit is the maximum amount of a virtual resource (e.g. RAM) that an entity will be allowed to consume. 
    • Soft limit warns users and administrators that the entity is running out of a resource.

    The rules for creating allocation limits are as follows:

    • You cannot have a hard limit only
    • Soft limits must always be less than or equal to hard limits
    • When a limit is equal to 0, it means that there is no limit to resource usage at this level
    • When editing limits, you cannot set the hard limits below the existing resource usage.


  5. On the Datacenters tab, drag and drop providers, datacenters, or regions to Allowed datacenters, to allow the tenant's users to work in them. 

    1. To configure the tenant in each allowed location, see Configure an Enterprise in a Cloud Location
  6. On the Properties tab, for each tenant metadata property, enter a key and value, and click Add

    To onboard all public cloud VMs into a single virtual appliance, set the singlevapp property to true. If you wish to configure the name, set the singlevapp name enterprise property:

    "sync.singlevapp":"true",
    "sync.singlevapp.name":"sync vapp name"
  7. Optionally add credentials for public cloud. See Add credentials for public cloud
  8. Click Save

The platform will create the enterprise and filter to display only this enterprise. 

To display other enterprises, click the X beside the enterprise name in the filter box at the top of the Enterprises list. 



Add the tenant enterprise to the tenant scope

The platform will add a new enterprise to the scope of the administrator who created the enterprise. Optionally, remove this enterprise from your administration scope, and add it to a scope with related enterprises for another administrator.

Generally the tenant should also be in its own scope. For example, this enables an administrator of the tenant with the appropriate privileges to manage users in the tenant.

  1. Go to Users → Scopes → select the scope
  2. Click the pencil Edit button
  3. Go to Entities and select the customer enterprise in the Enterprises list
  4. Click Save




Create a pricing model

If you already have a pricing model that is assigned to your enterprise, then the platform will use this model as the basis for the new pricing model. You can then enter a percentage markup on the costs for your enterprise.

To create a pricing model:

  1. Go to Pricing → Pricing models
  2. Click + add and enter details,  including resource prices, and cost code prices.

    Field

    Description

    Name

    The name of your pricing model. The name can represent a service level agreement

    DescriptionDescription of pricing model
    Change all resource prices

    Only displays when the enterprise already has a pricing model assigned to it. Resellers can change all prices by adding this percentage. See below

    Charging period

    Standard period of time by which a user will be charged, such as day, week, etc. Does not have to be equal to the minimum period

    Minimum charging period

    Minimum period of time that a user will be charged for. This may be longer or shorter than the charging period. This value is not sent to the billing system. Note that the accounting system records the maximum usage value of a resource during an accounting period.

    Currency

    The currency for this pricing model. Enter new currencies in the Currency tab before you create the pricing model

    Standing charge

    Standing charge per Charging period. You can include this value in the pricing estimate message but the platform does not send it to the billing system

    Minimum charge

    Minimum charge per Minimum charging period. You can include this value in the pricing estimate message but the platform does not send it to the billing system

    Show charges before deployment

    Mark this checkbox to show a pricing estimate popup before deployment with the message entered in the box at the bottom of the window. See the explanation below

    Insert variable

    Choose a variable from the pull-down list to add to the pricing estimate message. The variables are described in the table below

    Deployment message

    Enter the estimate message for VM deployment, including variables. See Create a pricing estimate message

    The platform uses the first pricing model for a location in a currency as the set of base prices for the location. When you create a new pricing model, you can enter a percentage to modify prices. If you then enter a resource price that is lower than the base price, the platform will highlight the price.

     Click here to show/hide the screenshot

    The price for hypervisor datastores is below the cost price for the reseller.

    Field

    Description

    Hypervisor Datastores GB

    Price of hypervisor datastores per gigabyte. In public cloud regions, the platform does not use this value

    VLANs

    Price per VLAN (at least one VLAN is always created for each virtual datacenter)

    Public IPs

    Price per public IP address reserved

    CPU

    Price per virtual CPU core for deployed virtual machines. If the location uses hardware profiles, pricing does not use this value.

    CPU onPrice per virtual CPU core when virtual machine is powered ON
    CPU offPrice per virtual CPU core when virtual machine is powered OFF

    Memory (GB)

    Price of virtual memory in GB for deployed virtual machine. If the location uses hardware profiles, pricing does not use this value.

    Memory on (GB)Price of virtual memory in GB when virtual machine is powered ON
    Memory off (GB)Price of virtual memory in GB when virtual machine is powered OFF
    Repository (GB)Price of template repository use in GB for virtual machine templates. The platform does not include conversions. In public cloud regions, the platform does not use this value
    Anti-AffinityPrice per VM deployed in anti-affinity layer. In public cloud regions, the platform does not use this value
    FirewallPrice per firewall attached to VM
    Load balancerPrice per load balancer attached to VM

    The provider can configure billing by usage or allocation.


    Datastore tiers

    In a private cloud datacenter, datastore tiers set service levels for storage. See Manage Datastore Service Levels with Datastore Tiers.

    Persistent storage

    In a private cloud datacenter, persistent storage tiers set service levels for storage. See Manage Storage

    Hardware profiles

    In public cloud and in private cloud datacenters with hardware profiles, see Hardware profiles.

    Privilege: View datacenter details, Manage enterprises

    Cost Code Prices

    The cost codes for assigning to templates and hardware profiles, and their prices.

     

 



Assign the pricing model to the enterprise

To assign the pricing model to the enterprise, do these steps:

  1. Go to Users → Edit enterprise
  2. Go to Pricing
  3. Select the Pricing model from the list

You can also assign pricing models at Pricing → Pricing models → Enterprise associations.



Create a tenant administrator user

To create a tenant administrator user:
  1. Go to Users → Optionally select an enterprise → Users tab
  2. Click the + button to add a user and complete the dialog
  3. Click Save

Field

Description

Enterprise

The enterprise that the user will belong to.

Full Name

The user's first name and family name

Role

The Role of the user defining their set of privileges on the platform

ScopeThe Scope of a user defining the set of enterprise and datacenters that they can manage on the platform

Username

The username for login. After you create the user, you cannot change the username

Password

The user account password. Requirements are set by the options of Configuration → Security. See also Manually reset a user password

Repeat password

Re-enter the password

Email

The contact e-mail address of the user for platform messages, including password reset. The platform will display a Gravatar icon associated with this address on the Users's card

Phone numberThe phone number of the user. The platform will not validate this field.

Field

Description

Description

Optional description of the user account, maximum 100 characters

Public keySSH key for secure access to VMs. Add this key before you create your VMs
Allowed CIDRsTo restrict user access, enter the allowed network addresses in CIDR format. This network address will have priority inherited allowed CIDRs. Requires the Manage user allowed CIDRs privilege. By default users can access the platform from any IP address.
Inherited allowed CIDRsIf the user does not have allowed CIDRs, and the user's role and/or scope have CIDRs, then the platform will display the allowed CIDRs that apply to the user, which are inherited from the role and/or scope.
Reset password on next login

If this checkbox is selected, the user must reset their password the next time they log in.

Activated

If this checkbox is selected, the user account is active and the user can log in.


Provision networks

This section describes how to manage datacenter networks in Abiquo. It explains the basic datacenter network concepts and links to datacenter network pages.

Privilege: Manage datacenter infrastructure elements, Manage datacenter infrastructure elements, Manage network elements, Manage devices


Cloud networks are the virtual networks that administrators configure to deliver self-service IP addresses to the VMs.

The cloud network types supported by Abiquo are as follows:

  • Private Networks within virtual datacenters (in private and public cloud)
  • External Networks accessible from outside the virtual datacenter and outside the platform, and assigned to a single tenant. Used in private cloud with standard networking and integrations.
  • Unmanaged Networks with IP addresses managed outside of Abiquo only, and assigned to a single tenant. Used in private cloud
  • Public Networks with public IP addresses and Internet access and can be shared by multiple tenants. Used in private cloud
  • Public IPs in public cloud, such as AWS Elastic IPs.  

For more detailed descriptions of each network, please see Cloud networks

The external, unmanaged, and public networks may be collectively referred to as 'datacenter networks' because they are managed at the Abiquo datacenter level.

Create public networks

Public Networks allow the users of virtual datacenters to use Internet addressable public IP addresses in their virtual infrastructure. Users purchase or reserve public IPs for their enterprises in Virtual datacenters view.

To create a public network:

  1. Go to Infrastructure → Private → select Datacenter → Datacenter details → Network → Public
  2. Complete the dialog


Field

Value

Name

The name of the public VLAN with up to 128 characters

IPv6To create an IPv6 network, select this checkbox
StrictFor IPv6 networks only. If you select Strict, the platform will automatically generate EUI64 IP addresses.

Address

The network address of the VLAN

Netmask

The network mask in CIDR format. For IPv4, the value can be from 16 to 30 inclusive, and for IPv6, enter a value of 64, 56, or 48

Gateway

The gateway of the network that must be within the range defined by the network address and the network mask

Tag*

Enter the VLAN or VXLAN tag to use for this network

Check

Click to check tag availability for all the racks of the Abiquo datacenter.

  • Green: available
  • Yellow: in use by other networks but can be reused
  • Red: not available because it is excluded by rack configuration.
Network service typeChoose the Network Service Type, which assigns the network to network interfaces on the hypervisors
DeviceOptional device that defines a network virtualization system that will manage the IP addresses of this network. They may be assigned using its DHCP service. Ensure that VMs deployed on this network allow traffic to the appropriate ports for a DHCP connection.

Primary DNS

Address of the primary DNS

Secondary DNS

Address of the secondary DNS

DNS suffix

The default DNS suffix

RestrictedSelect to create a Restricted network so that users require privileges to Attach NICs in restricted networks and/or Detach NICs from restricted networks
Excluded from firewallSelect Excluded from firewall to define a network where VM firewalls will not apply

Static Routes

Click "Manage" to add and modify static routes.



Create an external network

External networks belong to a single enterprise and may have public or private IP address ranges used in more than one virtual datacenter.

Before you begin:

  • If you are using a network virtualization system to manage external networks, first precreate the networks in the network virtualization systems. You will need the network address, gateway, and VLAN or VXLAN tag.
  • If you are using standard networking, you will need the VLAN tag to use with this network

  • If you are using vCloud Director, you can create or onboard external networks and manage them in the Virtual datacenters view. See VMware vCloud Director

To create an external network:

  1. Go to Infrastructure → Private → select Datacenter → Servers view → Network → External
  2. Click the  add button  and enter the details

Define static routes

Field

Value

Name

The name of the external VLAN with up to 128 characters

IPv6To create an IPv6 network, select this checkbox
StrictFor IPv6 networks only. If you select Strict, the platform will automatically generate EUI64 IP addresses.

Net. Address

The network address of the VLAN

Netmask (CIDR)

The network mask in CIDR format. For IPv4, the value can be from 16 to 30 inclusive, and for IPv6, enter a value of 64, 56, or 48

Gateway

The gateway of the network, which must be within the range defined by the network address and the network mask

Tag*

The tag to use for this network, e.g. VLAN tag

Check

Check tag availability for all racks of the datacenter as you should define each network with the same tag on all racks. Green = available, Yellow = in use, Red = unavailable

Network service typeSelect the Network Service Type, which represents a Network Interface on the hypervisors.

Unmanaged

Select to create an unmanaged network, when you will manage IP addresses outside Abiquo

Enterprise**

Select the owner enterprise that will use the external VLAN

DeviceTo manage IP addresses with a network virtualization system, select the device that defines this system in the cloud platform. VMs deployed on this network must allow traffic to the appropriate ports for the virtualization system's connection, e.g. DHCP

Primary DNS

Address of the Primary DNS server

Secondary DNS

Address of the Secondary DNS server

DNS suffix

The default DNS suffix

RestrictedSelect to create a Restricted network so that users require the privileges to Attach NICs in restricted networks and/or Detach NICs from restricted networks
Excluded from firewallSelect Excluded from firewall to define a network where VM firewall policies will not apply

Static Routes

Select the Define checkbox to add and modify static routes

When you create an IPv4 network, the platform will create an IP address for the gateway. When you create an IPv6 network, the platform does not create IP addresses.




Create static routes for external and public networks

To add a Static Route:
  1. When creating or editing an IPv4 network
  2. Select the Define checkbox. 
  3. Enter the details of the static route. For example, to add a static route to the network/netmask 1.1.1.0/24 via the gateway/next hop 192.168.0.250

    Field

    Description

    Example

    Netmask

    Destination network mask

    255.255.255.0

    Network ID

    Destination network or host

    1.1.1.0

    Gateway IP

    Next hop (on your network)

    10.10.10.100

  4. Click Save and the platform will add the static routes to the VM network configuration. To delete a static route, click the delete button ("X") beside the static route details.


Notes:
  • The platform will configure the static routes in VMs using the network configuration method so it may not always be possible to update the static routes in a deployed VM.
  • If you are using DHCP to configure VMs, changes to static routes will be received by the VMs when they reconnect to the DHCP server; for example, after they are restarted. 



Add IP addresses to external and public networks

To add IP addresses to your network:

  1. Go to Infrastructure → Private → select Datacenter → Servers view → Network → External or Public
  2. Click the + Add button in the top right-hand corner
  3. Complete the dialog

Enter the Number of IPs to create and the From IP address (the first in the range). The From IP address must be a new address that does not already exist in the network. After creating the first IP address, the platform will try to create the other IPs and it will skip any existing IP addresses. 


For example, if you have IP addresses in network 30.30.30.30, which are 30, 33, and 34 and then you request 3 new IPs from 30.30.30.31. The new IPs created should be as follows: 31, 32, 35. 
IP Addresses
30.30.30.30
30.30.30.31
30.30.30.32
30.30.30.33
30.30.30.34
30.30.30.35

When you add IPv6 addresses on strict networks, you don't need to set the starting address. On non-strict IPv6 networks, Abiquo recommends that you create an automatic IP address, or you can enter a From IP address manually.




Make IP addresses available

After you create public, external, or NAT IP addresses, they will automatically be available to all users to purchase or reserve for their virtual datacenters.  

Abiquo recommends that you should make unavailable any IP addresses that will be used for administration purposes, for example, the IPv4 gateway network address.

To edit the available IP addresses:

  1. Go Infrastructure → Private → select datacenter → Servers view → Network → select network type
  2. Click the Available IPs link in the top right-hand corner of the IPs page
  3. The Edit network popup for Available IPs will open and by default, all IPs will be in the Available column
  • To move an IP, select it and click a single arrow button
  • To move all IPs from one column to the other column, use the double arrow buttons to move in the direction indicated by the arrows

Notes
  • Public or NAT IPs that have been purchased or reserved by the users of an enterprise will not display in the Available list and you cannot make these IPs unavailable.




Create unmanaged networks

In private cloud datacenters, unmanaged networks are a special type of external network with IP addresses that are allocated outside of the platform. Abiquo does not manage the IP addresses for VMs attached to these networks.

Before you begin, obtain the details of your network in the infrastructure, including the VLAN tag, network address, and gateway.

To create unmanaged networks do these steps:

  1. Go to Infrastructure → Private → select Datacenter → Datacenter details → Network → External.
  2. At the top of the External page, click the Add + button  
  3. Complete the dialog as described, marking the Unmanaged checkbox.

FieldValue

Name

The name of the unmanaged VLAN with up to 128 characters

IPv6To create an IPv6 network, select this checkbox
StrictFor IPv6 networks only. If you select Strict, Abiquo will automatically generate EUI64 IP addresses and you will not be able to manually generate them

Address

The network address of the VLAN

Netmask

The network mask in CIDR format

Gateway

The gateway of the network. It must be an IP address inside the range defined by the network address and the network mask

Tag

The VLAN tag to use for this VLAN

CheckCheck tag availability for all racks of the datacenter. You should define a VLAN with the same tag on all racks. Green = available, Yellow = in use, Red = unavailable
Network service typeSelect the Network Service Type, which represents a network interface on the hypervisors

Unmanaged

Select to create an unmanaged network, when you will manage IP addresses outside Abiquo

Enterprise

Select the owner enterprise that will use the unmanaged VLAN

DeviceNot used for unmanaged networks

Primary DNS

The IP address of the Primary DNS server

Secondary DNS

The IP address of the Secondary DNS server

DNS suffix

The default DNS suffix

RestrictedMark this checkbox to create a Restricted network. To work with IPs in a restricted network, users require the privileges to Attach NICs in restricted networks and/or Detach NICs from restricted networks
Excluded from firewallSelect Excluded from firewall to define a network where VM firewalls will not apply
Static routes

Not used for unmanaged networks


To display IP addresses of NICS in unmanaged networks, add them:

  • using the API; or
  • during VM capture using the UI or API 

For strict IPv6 networks, you cannot add IP addresses, but the platform retrieves the MAC address from the hypervisor and uses that to generate an IPv6 address for display, which should be the same as the one allocated by the router system.




Create a NAT network

To use NAT in private cloud, first configure the NSX integration, then define the NAT device. NAT networks are very similar to public networks.

To use NAT in vCloud Director, you will need the definition of a NAT network that is compatible with an Edge interface network, which connects the Edge to the external networks.

To create a NAT network: 

  1. Go to InfrastructurePrivate or Public → select datacenter or region → Servers view → Network → NAT
  2. Click the + add button

  3. Create networks with ranges of public IPs for NAT

    Field

    Value

    Network Name

    The name of the NAT network

    Net. AddressThe network address of the NAT network

    Netmask

    The network mask in CIDR format. For IPv4, the networks created in the platform the netmask can have a value from 16 to 30 inclusive, and for IPv6, it can have a value of 64, 56, or 48.

    Device

    For NSX, the device that will manage the NAT network

  4. To add IP addresses to your network, click the + add button in the top right-hand corner of the Networks page.

    Enter the Number of IPs to create and the From IP address (the first in the range). The From IP address must be a new address that does not already exist in the network. After creating the first IP address, the platform will try to create the other IPs and it will skip any existing IP addresses. 


    For example, if you have IP addresses in network 30.30.30.30, which are 30, 33, and 34 and then you request 3 new IPs from 30.30.30.31. The new IPs created should be as follows: 31, 32, 35. 
    IP Addresses
    30.30.30.30
    30.30.30.31
    30.30.30.32
    30.30.30.33
    30.30.30.34
    30.30.30.35

    When you add IPv6 addresses on strict networks, you don't need to set the starting address. On non-strict IPv6 networks, Abiquo recommends that you create an automatic IP address, or you can enter a From IP address manually.

The NAT network and IPs will display on the NAT tab. In the same way as for public IPs, you can quarantine NAT IPs as required.

Screenshot: NAT networks and IPs in private cloud with NSX

When users create virtual datacenters, the platform can automatically configure a NAT IP, and users can manage NAT rules, and purchase additional NAT IPs. See Manage NAT for virtual datacenters

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource NatNetworksResource.




Display networks

You can scroll through the network list using the page number and arrow buttons at the bottom of the list. And you can filter the list by entering text and wildcards to search for in network names.

On the IPs page, click on the header of a column to sort by that column, use the Search box to filter the results by any field, and navigate through the pages with the page scroll.




Make a network the default for an enterprise or virtual datacenter

You can make an external network the default for an enterprise in a datacenter (see Configure a location for an enterprise) or a virtual datacenter (See Manage Networks).

You can make a public or external network the default for a virtual datacenter (See Manage Networks)




Create virtual datacenters

The platform administrator will generally create virtual datacenters for tenants when accounting is by virtual datacenter. 

To create a new virtual datacenter:
  1. Go to Virtual datacenters
  2. Above the V. datacenters list, click the + add button
  3. Select Create a new virtual datacenter from the pull-down menu
  4. Complete the dialog as described below
  5. Click Save

General information

This section describes the basic details to enter when creating a virtual datacenter. The following sections describe further configuration.


Field

Description

Name

The name of the virtual datacenter

Location

The datacenter or public cloud region where virtual appliances will be deployed. You can select any of your allowed locations

Hypervisor

The type of the hypervisor for the virtual datacenter. This option will not display if there is only one choice.

Network

  • Default: Create a VLAN (default private or external) in the pre-configured range
  • Custom Private: Create a custom private VLAN (see form below)

If your environment supports NAT you may also be able to select the IP address for the default SNAT rule

Field

Description

NAT networkOptionally select the NAT network to use for the default SNAT rule
Default NAT IPOptionally select the NAT IP address for the default SNAT rule for the virtual datacenter




Create a virtual datacenter with custom networks

When you create a virtual datacenter, the platform always creates a private network and it counts as part of your VLAN allocation limits, even if the default network is another type of network.

The private network can be the "Automatically-created private VLAN", which is called "default_private_network", or a custom private network, which will be set as the default network.

To create a Custom private network, complete the Network section of this dialog.

 Click here to show/hide the screenshot

Field

Description

Network name

The name of the VLAN to create

NetmaskThe network mask

Network address

The network address

Gateway

The IP of the gateway of the VLAN

Availability zonePublic cloud - AWS: The availability zone where VMs attached to this network will deploy.

Primary DNS

The primary DNS of the network

Secondary DNS

The secondary DNS of the VLAN

DNS suffix

The DNS suffix for the VLAN

Static routesMark the checkbox to define static routes

To manage the VLANs or other networks of your virtual datacenter, go to Virtual datacentersNetwork. See Manage Networks.




Manage resource allocation limits for a virtual datacenter

  • Hard limit is the maximum amount of a virtual resource (e.g. RAM) that an entity will be allowed to consume. 
  • Soft limit warns users and administrators that the entity is running out of a resource.

The rules for creating allocation limits are as follows:

  • You cannot have a hard limit only
  • Soft limits must always be less than or equal to hard limits
  • When a limit is equal to 0, it means that there is no limit to resource usage at this level
  • When editing limits, you cannot set the hard limits below the existing resource usage.

 

LimitChecked atDescription

Memory

Deployment

Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs

Virtual CPUs

Deployment

Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs

Local hard disk

Deployment

Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers

External storage

Configuration

Total size of external storage that may be created for VMs

VLANs

Configuration

Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create

Public /floating/NAT IPs

Configuration

Total number of public IPs, floating IPs (in public cloud), and NAT IPs that may be used

Virtual machinesDeploymentTotal number of VMs that users can deploy in the location using their allowed resources

In public cloud regions, the platform does not use Repository (Apps library storage) features or limits. 


 Click here to show/hide allocation limit message details

Consider a virtual datacenter with a soft limit of 1 virtual CPU and a hard limit of 4 virtual CPUs.
  • The user will exceed the soft limit if they deploy a virtual appliance with more than 1 CPU in the virtual datacenter.
  • The user will exceed the hard limit if they attempt to deploy a virtual appliance with more than 4 CPUs in the virtual datacenter.

Soft limits message

A soft-limits message popup will allow the user to to acknowledge the message and continue with the operation.

By default, the message will provide details of the limits, used, and requested resources.

For example, the limits are 5 CPUs, the users have 2 CPUs in deployed VMs, and they have requested 3 more CPUs.

The platform will also display this type of message when the users exceed soft limits at another level, for example, enterprise, enterprise in provider, or enterprise in location.

Hard limits message

A hard-limits message pop-up will allow the user to acknowledge the message and terminate the operation.

By default, the message will provide details of the limits, used, and requested resources.

For example, the limits are 5 CPUs, the users have 5 CPUs in deployed VMs, and they have requested 1 more CPU. Because the user will exceed the hard limit, the platform will not allow the user to obtain 1 CPU.

The platform will also display this type of message when the users exceed soft limits at another level, for example, enterprise, enterprise in provider, or enterprise in location.




Set virtual datacenter defaults

Field

Description

Default datastore tier

Select the default disk service level for your non-persistent virtual machine disks on the hypervisor. This is the default datastore tier for the virtual datacenter.

  • To use your cloud provider's default tier, select "Configured by location"
  • Or select a default tier, according to the available service levels

To clear the current tier, click the black x symbol beside the tier name




Limit user access to the virtual datacenter

If you are able to manage user roles, you can limit user access to the virtual datacenter for users that are subject to VDC restriction, for example, to give users read-only access.

Privilege: Manage roles, No VDC restriction


Field

Description

Role

To limit access to the VDC for cloud users, select a more restrictive role to replace user roles within this VDC. For example, to give users read only access, select the ENTERPRISE_VIEWER role

User exceptionsTo create exceptions to the VDC role, select a username and an exception role for the user and click Add. The exception will enable all privileges that are included in both the user's role and the exception role

After you have entered Allocation limits, Defaults, and Role, click Save.

The platform will create the virtual datacenter and the default private VLAN and display it in the Virtual datacenters view. 


Create a virtual datacenter using the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource VirtualDatacentersResource.

You can automate the process of creating virtual datacenters using the Abiquo API. See How to create virtual datacenters and VMs via API



Import and capture VMs

You can import and capture VMs from private cloud manually and you can also automate the process of capturing VMs using the Abiquo API. See How to capture a remote virtual machine



Introduction to import and capture VMs

In a private cloud datacenter, when you add a physical machine to Abiquo, it may already have VMs running on it, and you can import (retrieve) and capture these VMs.

Privilege: Manage infrastructure elements

When you import (also called "retrieve") VMs, they are registered but not managed by Abiquo. The platform will take into account the resources they use when scheduling and allocating resources, and track their state as part of the virtual infrastructure check. The platform will also include them to improve the accuracy of resource usage statistics.

You can then capture (also called "onboard") imported VMs so they will be managed by the platform. When you capture a VM it is almost identical to a VM created in Abiquo. The main difference is that when you capture a VM, Abiquo does not have a copy of the template disks in the Apps library. This means that you cannot automatically create a fresh copy of the VM with the same configuration and the template disks, by undeploying the VM and deploying it again to copy the template from the Apps library. When you capture a VM, to store the disks in the Apps library, you can create an Abiquo instance template, which you can then use to create a fresh copy of the VM.

Importing, capturing, releasing and removing VMs from the platform does not change them in the infrastructure; these operations only determine which operations the platform can perform on them.

This diagram shows steps to import and capture VMs that were created outside of Abiquo.

Import and capture of individual VMs is only available in private cloud. To capture resources from public cloud regions, onboard them as part of regions or virtual datacenters. See Manage Virtual Datacenters#Onboardfrompubliccloud



What does Abiquo import?

To import VMs (also called retrieve VMs), the physical machine must be in an Abiquo private cloud datacenter, or in the process of being added to one. You do not need to enable a datastore to import VMs that are running on the datastore. You cannot import persistent VMs with system disks that are located on external volumes.

What does Abiquo capture?

Abiquo captures the following VM configuration:

  • CPU and RAM including hardware profiles
  • Remote access configuration, including the password. But if there is no password, the platform disables remote access.
    • If a user later releases a VM, the changes made in the platform will remain in the VM
  • MAC addresses of compatible NICs and their VLAN tags and network details. Abiquo recommends that your VMs should have at least one NIC. Exception: Abiquo does not capture NICs on IPv6 networks
  • Hard disks in compatible formats on the hypervisor datastores. See Template Compatibility Table

During capture the platform will skip incompatible VMs and incompatible virtual hardware components. You cannot capture external storage volumes but you can add these afterwards as Generic iSCSI volumes. The platform does not add the virtual datacenter's default firewall policy to a VM as part of the capture process.

Undeploy Destroys the Captured Virtual Machine on the Hypervisor

When you undeploy a captured VM, this will destroy the VM on the hypervisor. If you would like to be able to redeploy it, before you undeploy, create an instance to copy the VM disks as a template in the Apps library.



Prepare to capture VMs

Before you capture a VM

  1. Obtain the details of the networks that the VM belongs to (VLAN tag, network address, netmask), and the IP address(es) of the VM
  2. Identify or create these networks and IPs in Abiquo, unless the VM is only in a default private network that Abiquo will manage

     Click here to show/hide the screenshot

  3. You will need to add the captured VM to a virtual datacenter (VDC), so if necessary, create a VDC. In order to do this, you will need to have already added a hypervisor of the same type as the one you are capturing from.
    1. If the VM uses a public IP, purchase the appropriate public IP. Go to Virtual datacenters → select virtual datacenterNetworkPublic and click the + Add button

       Click here to show/hide the screenshot

  4. If you wish to add a new cost code to the VM, create the cost code in Pricing view before you capture the VM



Retrieve VMs from a physical machine

To retrieve or import VMs from a physical machine:
  1. Go to InfrastructurePrivateServers
  2. For a new physical machine, add the physical machine and to automatically import VMs, select the Retrieve existing virtual machines checkbox
  3. For an existing physical machine, select the physical machine, and click the Retrieve virtual machines button

The imported VMs will appear in the list with the imported symbol (warning). If duplicate VMs display, you may have clicked the retrieve button while an import process was already running. To remove duplicates, click the Remove unmanaged virtual machines button and then retrieve the VMs again.



Capture a VM

To onboard a VM that you already imported into the platform:

  1. Go to Infrastructure → Private → select a datacenter → Servers → select a physical machine
  2. Select the VM and on the VM details panel, click the Capture VM button 
  3. The Capture virtual machine dialog will open, listing all the compatible virtual appliances

     Click here to show/hide the screenshot

    Select the virtual appliance in the VDC with the network address, or create a new virtual appliance by clicking the + Add button.

  4. Click Accept to capture the VM

  5. Review the General Information of the captured VM

    1. Optionally select a cost code for the VM

    • After capture, you can reconfigure the VM to enable remote access. On vCenter, configure WebMKS access to enable hot reconfigure of remote access on captured VMs
  6. Configure and assign the corresponding network and IP configuration to each NIC. Select a default gateway.

  7. Review hard disks that Abiquo will capture

  8. After reviewing the VM configuration, click Accept to continue. The platform will now capture the VM

The captured VM will have the Release VM button on its VM details panel. The platform will now fully manage captured VM.

If the virtual appliance was deployed before the capture, the new VM will be added to the virtual appliance but no other changes will be made. If the virtual appliance was undeployed (and contained VMs) before the capture, afterwards it will be deployed and in the Partially deployed state.




Configure backups

Abiquo offers optional backup plugins that support popular backup systems such as Veeam and Networker. For information about configuring these plugins, see Abiquo Backup Plugins. After the plugins are configured, you can manage Abiquo backups in Infrastructure view on the Backup policies tab as described here.




Create a Backup manager

To work with a backup system in Abiquo, first create a Backup manager to define the connection to the backup system.

Abiquo does not validate the connection details. A connection will be made to the backup system when a user requests a backup operation.

PropertyDescription
NameName to identify backup manager
TypeSelect the backup plugin type. After you save the backup manager, you cannot edit this attribute
Endpoint

This is the URL for connecting to the backup system API. Tip: When adding a Veeam backup manager, don't forget to add the slash "/" at the end of the URL

Veeam example: http://veeam.host.domain:9399/api/

Networker example: https://networker.host.domain:9090/nwrestapi/v3/global

User

User for the backup system.

For Networker, the "Restore a VM when it is not allocated" option requires credentials to connect to vCenter. Enter the Networker user, then add the separator character (configurable with default '#'), and then the vCenter user.

Password

Password for the backup system.

For Networker, the "Restore a VM when it is not allocated" option requires credentials to connect to vCenter. Enter the Networker password, then add the separator character (configurable with default '#'), and then the vCenter password.

When editing the backup manager, you can modify all values except the backup type. If you change the backup manager, future requests to the backup system will use the new values.


 

Configure backup properties

To define the characteristics of the backups offered in the platform, configure backup properties. 

Privilege: Manage datacenter backup configuration


To configure the backup properties:

  1. Go to Infrastructure → select a datacenter or public cloud region →  Backup policies
  2. Click Edit properties

The backup properties are described in the following table.

PropertyDescription
Enable multiple restoreAllow users to restore a backup more than once. If enabled, when the backup status is failed or success, the Restore link in the UI will activate again.
Enable multiple backup policiesAllow users to select more than one backup policy for a VM
Enable update when deployedAllow users to change backup policies and backup details when a VM is deployed
Enable backup nowDisplay a Backup now button on the Backup tab that will enable users to request an immediate manual backup.
The Abiquo Networker backup integration supports this option




Create Backup Policies

To enable users to configure VM backups in a datacenter, create backup policies 

To create a new backup policy:

  1. Go to Infrastructure → select a datacenter or public cloud region → Backup policies
  2. Click the + Add button and enter the details as described below.

Example backup configuration of Complete backup

General Info
FieldDescription
NameName of the backup policy that users can select
Code

The Code that identifies the policy and that must be unique in the datacenter. Abiquo may use the Code attribute to match policies that the administrator already created in the backup system

DescriptionDescription of the backup policy to help users identify it

After you enter the General info, select the backup type:

  • The Abiquo backup integrations only support Complete backups

For each backup type, the Cloud Admin can choose how to set the values: 

ValueDescription
FixedThe value is set by the Cloud Admin as part of the backup policy
Don't applyThe value is set by the backup system
Define in VMThe user must set the value and will require the appropriate privileges

Complete backup type
FieldDescription
Defined hour

Backup at a defined date and time. Date format is yyy/MM/dd HH:mm:ss +0000.

The Veeam backup integration does not support this option

Daily

Backup every day at a defined time. Time format is HH:mm:ss +0000

Monthly

A backup every month at the defined time. When the user enters a time it is in the format HH:mm:ss, and the user must select the UTC offset. This option is designed to enable the system administrator to define the monthly backup day in the backup integration.

Hourly

A backup at an interval of hours. Enter an integer less than 24.

Weekly planned

A backup every week on defined days at a defined time. When the user enters a value, the format is HH:mm:ss, and the user must select the UTC offset.



Optional additional tenant configuration

To allow specific tenants to access backup policies and hardware profiles:

  1. Go to Users → edit the enterprise
  2. Go to Datacenters → select the Allowed datacenter or public cloud region
  3. Go to Hardware profiles and/or Backups as required
  4. Enable and/or select the desired options

For more details, see Configure an Enterprise in a Cloud Location

  • No labels