Now users could work directly with public cloud platforms, it may seem difficult to maintain control, as though the users were just walking into a datacenter and grabbing a few servers to install and run their choice of software! This section explains how the Abiquo multi-cloud platform can bring everything together and save costs, and it also introduces some basic technical concepts of the public cloud integrations. 

2. Public cloud management concepts

This section describes just two of the key concepts of public cloud management in Abiquo. These features are in addition to the powerful policy and governance of Abiquo's multi-cloud platform, which includes user privileges and allocation limits for private and public cloud.

2.1. Manage costs

No one likes a big public cloud bill surprise but you probably know someone who has received one! The Abiquo public cloud platform obtains public cloud billing data for recent bills from all providers and even has an aggregate view of all providers, so that you and your users (if you allow them) can discover the trends in public cloud costs.

And it loads the current usage on a daily basis to incorporate into an estimate of the next bill.

And Abiquo enables you to create and track budgets across multiple public cloud provider accounts based on this usage and billing data.

All of these cost control features are available at both a reseller and a customer level.

2.2. Manage reseller tenants

If your organization is a public cloud reseller (for example, as part of the CSP or APN programs), then you can easily create customer accounts through the platform, with the click of a button.

Just enter the details that the provider requires, including the cloud tenant ("Enterprise") that the account will belong to.

The platform will automatically create an account in the provider and add the credentials for the cloud tenant, so they will be ready to deploy. 

3. Technical public cloud concepts

Let's look at some key technical concepts of the Abiquo integrations with vCloud Director, AWS, and Azure. Abiquo offers unifies multiple different public cloud offerings to make it easier for your users to work in public cloud, and saving your public cloud experts time. It also gives you control over how much your users consume with resource allocation limits to match these technical elements.

3.1. Virtual datacenters

The platform offers user access to virtual datacenters (VDCs) that are separate groups of virtual resources. A VDC has equivalents in each cloud provider, so it gives you a common interface and API to all the providers - see the table below. For example, the platform’s concept of the VDC is equivalent to  the VPC in AWS (Amazon). In vCloud Director (vCloud), the VDC is equivalent to a vApp. In ARM Compute (Azure), the VDC is equivalent to a Virtual Network and its associated resources. 

3.2. Virtual appliances

Within its VDCs, the platform groups VMs into virtual appliances (VApps). The purpose of the VApp is to enable you to manage a group of VMs together, which means that you can deploy them in one click, or view their metrics together, or create custom metrics for the VApp, for example. You can move VMs from one VApp to another within the same VDC. A VApp is not equivalent to any specific concept in vCloud or public cloud.

3.3. Networks

In vCloud, the platform supports the onboarding of the following networks. Users can also fully manage certain network types.

• External networks outside the OrgVDC but connected to the Edge are external networks in the platform, for use by load balancers but not VM vNICs
• External networks outside the OrgVDC with a direct connection to OrgVDC as OrgVDCNetwork are external networks
• Org networks inside the Org VDC and routed through the Edge are external networks
• Isolated Org networks are external networks, for use by VM vNICs but not load balancers
• vApp networks are private networks.

To change your user password and user details:

1. Click on the username icon at the bottom left of the screen
   
2. Select Edit user
3. Change the Password, enter an Email, a Phone number and an SSH public key, and change other details as required.
   General information
   Advanced
   

Note that you cannot change many of the details of the main cloud administrator account, and you cannot change its role and privileges. However, you can replace the main cloud administrator account  with another equivalent cloud administrator account. You can also edit this user account and other user accounts in Users View

Before you begin:

• To use Google Authenticator to obtain the codes, install the Google Authenticator app on your cell phone. 
• To use email authentication to obtain the codes, check that you have a valid email address in your user account on the platform.

To enable two-factor authentication for your user account, do these steps:

1. Click on the user initials or user icon in the lower left corner of the screen, and from the menu, select Two-factor authentication.
2. Select the authentication method and click Enable

3. Copy the Backup codes from the configuration window to a secure place. You can use these codes to log in to the platform if the authentication cycle fails

   The platform will display Backup codes ONCE only

4. Authenticate according to your selected method
   • For Google Authenticator, use the Google Authenticator app on your cell phone to scan the QR code. Google will supply a verification code in the app. During login, the platform will request the Authentication code from the app. 
   • For email, during login, every time you enter your user name and password to log in, a code will be sent to the E-mail address registered in your user account. Enter the Authentication code in the Login dialog

Before you begin:

• To create a public cloud region for a vCloud Director cloud, obtain credentials for the Administrator or Organization. For more details, see VMware vCloud Director.

To create a new public cloud region:

1. Go to Infrastructure → Public

2. Click the + add button at the bottom of the public cloud regions list. 

3. The Create public cloud region dialog will open. Enter the base Name and select the Provider. Select the Regions

   • The platform will create the first region with the Name you enter and the others with a suffix of "_1", "_2", and so on. 

   • If for some reason the platform cannot create a region, it will move on to the next region on the list
     

4. Click Next

5. In the remote services IP address field for the Virtualization manager, enter the first letters of the domain name of the remote services server and select it from the selection list
   
6. Click Save
   

   The platform will create your public cloud region.

• To allow users to deploy in the public cloud region, edit your enterprises to add the new region to the Allowed datacenters list and to add cloud provider API credentials See Obtain public cloud credentials
  
  • You will require one separate account for each enterprise using a public cloud region, i.e. one account per enterprise
  • For certain regions, such as those in China, you will require separate credentials, which you can enter separately with the appropriate provider (e.g. Amazon CHINA)
  • For vCloud Director, you will require Organization and Administrator credentials 
• To allow administrators to manage the public cloud region, edit your administration scopes and add the new region

Before you begin managing enterprises, we recommend that you do these steps:

• Add infrastructure to the platform in Infrastructure View. For example: create datacenters and public cloud regions; configure networks; in private cloud, configure hypervisors and storage; and configure the platform in Configuration View including:  Configure two factor authentication
• Prepare pricing. See Pricing View
• Prepare enterprise themes for white-labelling following the  Abiquo Branding Guide
• Create user Roles and Scopes

6.1. Create an Enterprise

To create a cloud tenant enterprise, do these steps:

1. Go to Users → Enterprises

2. Click the + add button below the Enterprises list
   

3. Enter tenant details and options as described below
   
   • To enable the tenant's users to deploy, allow the tenant to access at least one datacenter or public cloud region
4. Define the resources the enterprise can use
5. Click Accept to save

Abiquo will create the enterprise and filter to display only this enterprise. To display other enterprises, click the X beside the enterprise name in the filter box at the top of the Enterprises list. 

1. Abiquo will add this enterprise to the scope of the administrator who created the enterprise
   
   1. Optionally move this enterprise to a scope with related enterprises and assign the scope to the appropriate cloud and/or tenant administrators
2. Optionally edit the tenant to set the default scope for users created in this tenant
3. Create enterprise users with appropriate roles and scopes, for example a tenant administrator and users. Note that the tenant administrator can be allowed to create their own users

To set enterprise allocation limits:

1. Go to Users → edit Enterprise → Allocation limits
2. Complete the dialog. 

To set the datacenters and public cloud regions that an enterprise is allowed to access:

1. Go to Enterprise → Datacenters. The left pane contains a list of datacenters and public cloud regions, which are Prohibited datacenters by default

2. Drag datacenters and public cloud regions from the left pane to the Allowed datacenters right pane
   If you have multiple public cloud regions on the platform, they may be grouped provider, which enables you to drag providers or regions. To set default Allocation limits and VDC roles for regions in a provider, edit the provider. 

   

To display the enterprises with access to a public cloud region, go to Infrastructure → Public → select region → servers view → Virtual machines → Accounts

At the location level, you can limit resources and set defaults. This means you can set an allocation limit for an enterprise in each datacenter or public cloud region.

To limit resources in a datacenter or public cloud region, set allocation limits:

1. Go to Users → edit Enterprise → Allowed Datacenters
2. Select an Allowed Datacenter (datacenter or public cloud region) 
3. Click the pencil Edit button. An edit dialog will open at the Allocation limits tab
4. Set valid allocation limits

This is process is very similar to that of setting enterprise limits.

Before you begin:

1. Check your provider's documentation and pricing. 

2. Obtain credentials to access the cloud provider's API. We provide basic guides but you should always check with your provider. See Obtain public cloud credentials. 

To add public cloud credentials:

1. Go to Users → select and edit enterprise → Credentials → Public
2. Enter the Credentials as described here
   

   

   Attribute	Description
   Provider	Select public cloud provider or vCloud Director region. Some providers may require different credentials for groups of regions, for example, "Amazon (CHINA)". If a specific provider does not display, for example, a vCloud Director region, the cloud administrator may need to allow access for your enterprise.
   Access key ID	Identity to access the cloud provider API. For example, a username, API access key ID, subscription ID and certificate, or another account identifier. For DigitalOcean v2, the platform does not use this field but you need to write something in to enable the button Add account after. For Azure, the format is subscription-id#app-id#tenant-id
   Secret access key	Key to access the cloud provider API. For example, an API key or other API credential. For DigitalOcean v2 enter the token.
   Also use for pricing	Use this credential to access pricing data in the provider. For example, to get hardware profile prices from AWS. For Azure, add a separate pricing credential.
   Current credentials	Provider that have credentials already in the platform
   Create account	For resellers with Amazon, Azure ARM, and other partner accounts, click the enterprise create account button to create a customer account in the provider and add it to an enterprise in the platform

3. Click Add account. The platform will validate your credentials with the cloud provider and save them

4. Finish editing the enterprise and click Save

This will add a cloud provider account for a tenant enterprise with access to a public cloud region.

Public cloud libraries can have many thousands of VM templates (e.g. AWS has 19,000 AMIs) that are difficult to find and manage. In addition, administrators cannot control the content of public cloud templates. In the Apps library, you can define a cache of details of your approved or certified public cloud templates. And you can customize the templates' representation to make it even easier for cloud users to find the right template. 

8.1. Filter local public cloud templates

To onboard a virtual datacenter from public cloud:

1. Go to Virtual datacenters
2. At the bottom of the V. Datacenters list, click the + add button
3. Select Synchronize public cloud
4. On the General information tab, select the region and the resources to onboard 
   

   

   Field	Description
   Location	Select the public cloud region to synchronize from the pull down list
   Virtual datacenter	Select the virtual datacenter entity to onboard. In AWS, this will be a VPC. In Azure, it will be a virtual network and its resources. If the provider does not support a virtual datacenter entity, the paltform will onboard all of the compatible virtual resources in the region into a default virtual datacenter.
   See classic	Click here to display classic VMs that the platform does not onboard

• On the Roles tab, optionally restrict user permissions in the virtual datacenter
  

  

  
  

  Field	Description
  Role	To limit access to the VDC for cloud users, select a more restrictive role to replace user roles within this VDC. For example, to give users read only access, select the ENTERPRISE_VIEWER role
  User exceptions	To create exceptions to the VDC role, select a username and an exception role for the user and click Add. The exception will enable all privileges that are included in both the user's role and the exception role

  • The platform will mark the Public subnet (identified by a custom route table and NAT gateway) with a globe symbol and set the Internet gateway flag for this subnet. 

  • Users with bespoke network configurations should check the results of the synchronization. 

  • The platform will synchronize private and public IP addresses even if they are not in use by VMs, and mark the IP addresses in use by provider entities with provider identifiers.

  • The platform will import VM templates. If the platform cannot find the VM template, the VM will have no template in the platform. To save a copy of your VM disk to create a template, so you can recreate the VM, make an Abiquo instance of the VM. 

  If you delete a synchronized VDC, the platform will delete it in the provider. If your enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will still exist in the public cloud provider

1. Go to Virtual datacenters → V. Datacenters list
2. Beside the virtual datacenter Name, click the round arrow Synchronize button

To synchronize specific resources such as networks, public IPs, and so on:

1. Go to Virtual datacenters → select the resource tab
2. Click the round arrow Synchronize button for the resource. 

For more information, see the resource documentation.

• External networks
• Firewalls 
• Classic firewalls 
• Load balancers 
• NAT network
• NAT IPs

To delete these resources (if they are not in use), select the resource and click the delete button.

Before you begin:

1. If you recently created virtual resources, such as load balancers, synchronize the virtual datacenter to ensure that the platform can find and delete all the dependencies of the virtual datacenter.

To delete onboarded resources in public cloud:

1. Delete each virtual datacenter
   • You can choose to delete each virtual datacenter in the platform only, or in the platform and the provider. 
   • If you delete in the platform only, the platform will automatically remove VMs, virtual appliances, load balancers, public IPs, and firewalls from the virtual datacenter. The firewalls will remain in the enterprise and you can reuse them.
   • When you delete a virtual datacenter, public IPs that are not used by VMs will remain in the provider and the synchronization process will delete them
   • Remember to check which is the default VDC in your provider, e.g. AWS default VPC, because it may be inconvenient to delete this VPC

If your public cloud provider does not support virtual datacenter entities, to onboard virtual resources do the following steps:

1. Go to Virtual datacenters
2. At the bottom of the V. Datacenters list, click the + add button
3. Select Synchronize public cloud
4. Select a public cloud region

The platform will place all VMs and network resources that are not related to existing virtual resources into a generic virtual datacenter. The platform names this virtual datacenter with the same name as the public cloud region, but the user can rename it. The platform will use this virtual datacenter for future synchronizations, adding or removing resources to match the cloud provider.

If there are already virtual resources in the platform for this provider, then these entities will already be part of a virtual datacenter. The platform will check if any new entities in the provider are related to the existing ones in the platform and place them in the existing virtual datacenter.

If the integration with the provider supports entities that are not in a virtual datacenter, such as firewalls, load balancers, or floating IPs, the platform may load these as separate entities.

If conflicts occur during synchronization, the platform will cancel the synchronization. This would occur if two VMs already exist in different VDCs but are related by a firewall or load balancer. Or if two firewall policies or load balancers exist in different virtual datacenters but are related by a VM.

1. Go to Virtual datacenters
2. Above the V. datacenters list, click the + add button
3. Select Create a new virtual datacenter from the pull-down menu
4. Complete the dialog as described below
5. Click Save

10.1.1. General information

This section describes the basic details to enter when creating a virtual datacenter. The following sections describe further configuration.

Field	Description
Name	The name of the virtual datacenter
Location	The datacenter or public cloud region where virtual appliances will be deployed. You can select any of your allowed locations
Hypervisor	The type of the hypervisor for the virtual datacenter. This option will not display if there is only one choice.
Network	Default: Create a VLAN (default private or external) in the pre-configured range Custom Private: Create a custom private VLAN (see form below)

If your environment supports NAT you may also be able to select the IP address for the default SNAT rule

Field	Description
NAT network	Optionally select the NAT network to use for the default SNAT rule
Default NAT IP	Optionally select the NAT IP address for the default SNAT rule for the virtual datacenter

10.2. Create a virtual datacenter with custom networks

When you create a virtual datacenter, the platform always creates a private network and it counts as part of your VLAN allocation limits, even if the default network is another type of network.

The private network can be the "Automatically-created private VLAN", which is called "default_private_network", or a custom private network, which will be set as the default network.

To create a Custom private network, complete the Network section of this dialog.

To manage the VLANs or other networks of your virtual datacenter, go to Virtual datacenters → Network. See Manage Networks.

• For information about changing the default network of the VDC, see Manage Networks and Manage public cloud networks

10.3. Manage resource allocation limits for a virtual datacenter

 

Limit	Checked at	Description
Memory	Deployment	Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs
Virtual CPUs	Deployment	Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs
Local hard disk	Deployment	Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers
External storage	Configuration	Total size of external storage that may be created for VMs
VLANs	Configuration	Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create
Public /floating/NAT IPs	Configuration	Total number of public IPs, floating IPs (in public cloud), and NAT IPs that may be used
Virtual machines	Deployment	Total number of VMs that users can deploy in the location using their allowed resources

In public cloud regions, the platform does not use Repository (Apps library storage) features or limits. 

10.4. Set virtual datacenter defaults

10.5. Limit user access to the virtual datacenter

After you have entered Allocation limits, Defaults, and Role, click Save.

The platform will create the virtual datacenter and the default private VLAN and display it in the Virtual datacenters view. 

10.6. Create a virtual datacenter using the API

1. Go to Virtual datacenters → select virtual datacenter → Network.

• The default network is highlighted with a star symbol
• A network with an internet gateway is highlighted with a globe symbol
• In public cloud, to synchronize networks and IP addresses, click the round arrows synchronize button
• In AWS, you can filter the list of private networks by Availability Zone

Screenshot: Private networks in private cloud

Screenshot: Private networks in public cloud (AWS)

In the Networks list, to view the pool and allocation of IPs:

• To display all the IPs in the virtual datacenter, click the All button at the top of the list
• To display the IPs in a network, click the Network name

You can then:

• Use the slider at the bottom of the list to move through the pages 
• Filter the list by entering text in the Search box. The filter works with all the columns of the table including:

• • IP Address
  • MAC address
  • Network name
  • Virtual appliance using the IP
  • VM using the IP
  • Provider ID of the entity using the IP (for example, a load balancer)

When you add IPv6 addresses on strict networks, you don't need to set the starting address. On non-strict IPv6 networks, Abiquo recommends that you create an automatic IP address, or you can enter a From IP address manually.

1. Go to Virtual datacenters → select a virtual datacenter → Network
2. Select the network
3. Click the pencil edit button below the Networks list
4. You can change the network Name, Gateway, DNS settings, and optionally make the network the new default for this virtual datacenter.
5. Click Save

The new settings will apply to all VMs deployed after you save the network.

To delete a private network:

1. Go to Virtual datacenters → select a virtual datacenter → Network → Private
2. Select the network and click the delete button below the networks list. 

To display onboarded external networks

1. Go to Virtual datacenters → Network → Select vCloud VDC → External

To set a new or existing network as the default:

1. When you create or edit the network, select the Default network checkbox. The new default network will apply to all VMs deployed after you set it.  

In private cloud, if you set a public network as the default, remember to obtain IP addresses for your VMs before you deploy!

To add new public IP addresses to your virtual datacenter:

1. Click the + Add button on the Public IPs page to display the list of available public IPs
   
   1. To move between pages, use pagination controls such as arrows and page numbers
   2. To filter your search, enter an IP address or Network name in the Search filter box
2. Select IP addresses to add them to your virtual datacenter 
3. Click Add to reserve the IPs

The platform will add the IPs to your VDC

You can also reserve public IPs directly from the Edit VM dialog.

11.10. Obtain public IP addresses in public cloud

During onboarding from public cloud, the platform will onboard existing public IP addresses in providers that support them, such as AWS and Azure. You can obtain them from the provider and assign them to your virtual datacenters and VMs.

To add public IP addresses to your virtual datacenter, so that you can later assign them to your VMs:

1. Go to Virtual datacenters → Select a public cloud virtual datacenter → Network → Public
2. On the Allocated public IPs page, click the + add button
3. To add the public IP to a virtual datacenter, click the Add to VDC link near the IP address

Now when you edit a VM in the VDC and go to Network → Public, the platform will display the public IP address and you can add it to your VM.

To obtain a public IP directly for a VM, click Purchase public IPs.

11.11. Synchronize public IP addresses with the cloud provider

To onboard any public IP addresses that were already created in your cloud provider, or update changes made directly in the provider:

1. Go to Virtual datacenters → select a public cloud virtual datacenter → Network → Public
2. Click the double arrow synchronize public IPs button (beside the + add button)

11.12. Release a reserved public IP address

You can release a public IP if it is not assigned to a VM.

In private cloud, to release a public IP that belongs to a public network, select the IP in the IP list and click the delete button.

In public cloud, click the link to Remove from VDC and then click the delete button.

During onboarding from public cloud, the platform will onboard existing public IP addresses in providers that support them, such as AWS and Azure. You can obtain them from the provider and assign them to your virtual datacenters and VMs.

To add public IP addresses to your virtual datacenter, so that you can later assign them to your VMs:

1. Go to Virtual datacenters → Select a public cloud virtual datacenter → Network → Public
2. On the Allocated public IPs page, click the + add button
3. To add the public IP to a virtual datacenter, click the Add to VDC link near the IP address

Now when you edit a VM in the VDC and go to Network → Public, the platform will display the public IP address and you can add it to your VM.

To obtain a public IP directly for a VM, click Purchase public IPs.

11.13. Synchronize public IP addresses with the cloud provider

To onboard any public IP addresses that were already created in your cloud provider, or update changes made directly in the provider:

1. Go to Virtual datacenters → select a public cloud virtual datacenter → Network → Public
2. Click the double arrow synchronize public IPs button (beside the + add button)

Related links:

• Abiquo Public Cloud Guide
• Obtain IP addresses from public networks

This section describes firewall policies, which are similar to security groups. The platform supports firewall policies in private cloud with network managers (NSX) and in public cloud (AWS, Azure). In Oracle Cloud, the platform enables users to onboard classic firewalls and assign them to VMs.

In vCloud Director, the platform also supports classic firewalls, which are Edge firewalls at level of the public cloud region (orgVDC). See Manage classic firewalls

To synchronize firewalls do these steps:

1. Select All virtual datacenters and the location, or a single virtual datacenter
2. Click the double-arrow synchronize button 

To synchronize a firewall before you add new firewall rules:

1. Select the firewall and click the double-arrow synchronize button

To set or unset a default firewall for a virtual datacenter:

1. Select the firewall
2. Click the star button

When the user creates a VM, the platform will assign the default firewall. The firewall rules apply to VMs, not individual NICs on the VMs. Changes to the firewall ruleset will apply to every VM in the virtual datacenter with the default firewall. If you do not set a default firewall but the provider requires one, for example, AWS, the platform will set the provider's default firewall. In AWS the default firewall is not marked. 

To edit a firewall policy:

1. Go to Virtual datacenters → select virtual datacenter or select a region → Network → Firewalls
2. Select the firewall policy and click the pencil edit button.
3. Make your changes and click Save

1. Check if your provider allows you to move firewalls. For example, Azure ARM allows you to move firewalls to other VDCs in the same resource group

To move a firewall to another virtual datacenter

1. Go to Virtual datacenters → Locations
2. Select the public cloud region
3. Edit the firewall policy and select the Virtual datacenter
   
   

To add a new firewall rule:

1. Select the virtual datacenter or location
2. Select the firewall
3. On the Firewall rules panel, click the pencil Edit button
4. Select the Inbound or Outbound tab for the traffic direction you wish to control
5. Enter the details of a rule
   1. Protocol
   • • Select from Common protocols, OR
     • Select and enter a Custom protocol
   1. Port range with the Start port and End port that this rule will apply to. To enter one port, enter the same value twice, or optionally apply the rule to a number of ports at the same time
   2. Sources or Targets as a network address and netmask
6. Click Add. The firewall rule will be added to the Firewall rules list
7. Enter more rules as required, then click Save

12.7.1. Edit firewall rules in AWS

Before you edit firewall rules in AWS, synchronize the firewall to update the rules because AWS will not allow you to create a rule that already exists in the security group. Remember that it may take some time for firewall rules to propagate throughout AWS. Until the rules have propagated, the platform will not be able to detect them. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/query-api-troubleshooting.html#eventual-consistency

To display firewalls that exist in a virtual datacenter in the provider:

1. Go to Virtual datacenters → select a virtual datacenter → Network → Firewalls
   

To display all firewalls in a location (public cloud region or datacenter), including those that only exist in the platform and not in the provider:

1. Go to Cloud virtual datacenters view → Locations
2. Select a location
3. Go to Network → Firewalls
   

To filter firewalls, enter text in the Search box to search by the Name, Description, and Provider ID in the Firewalls list.

Please refer to cloud provider documentation as the definitive guide to the load balancing features.  And remember to check your cloud provider pricing before you begin.

In vCloud Director, load balancers belong to a public cloud region, not a virtual datacenter. This means that in vCloud Director, you can attach VMs from more than one virtual datacenter to the same load balancer, and these load balancers do not work with private networks, which belong to only one virtual datacenter.

To display load balancers in a region, including those that are not assigned to a virtual datacenter in a provider

1. Go to Cloud virtual datacenters view
2. Click the Locations button and select a location
3. Go to Network → Load balancers

To display load balancers in virtual datacenters:

1. Go to Cloud virtual datacenters view

2. Select a virtual datacenter

3. Go to Network → Load balancers.

• Synchronize your virtual datacenters (including VMs, networks, firewalls, firewall rules, and load balancers)
• If required by your provider, create firewalls for your VMs to allow your load balancers to access the VMs
• In Azure make sure that your VMs belong to availability sets

To create a load balancer:

1. Go to Virtual datacenters → select a virtual datacenter → Network → Load balancers 
   1. For vCloud, select All virtual datacenters → Network → Load balancers → Region

2. Click the + add button and complete the following dialogs according to your cloud provider's documentation

13.3.1. Load balancer general information

The following screenshots are from AWS or Azure

13.3.2. Load balancer routing rules

13.3.3. Load balancer SSL certificate

13.3.4. Load balancer health check

13.3.5. Load balancer firewalls

13.3.6. Assign load balancer nodes

To assign a virtual machine to a load balancer, select the load balancer from the list.

To access vCloud load balancers, and provider-only load balancers

1. Go to Virtual datacenters → All virtual datacenters
2. Go to Network → Load balancers → select region

To synchronize all load balancers in a VDC or region:

1. Go to Virtual datacenters
2. Select the VDC or region
3. Click the arrow synchronize button.

Load balancers that have been deleted directly in the provider are displayed in light gray text. You can edit these load balancers to recreate them in the provider, or delete them.

1. Select the load balancer
2. Click the delete button.

If your enterprise does not have credentials in the provider, then the load balancer will be released (it will be deleted in the platform but it will remain in cloud provider).

1. Click the User icon in the lower left-hand corner of the screen
   
2. From the menu, select Edit user
   
3. Change your Password
4. To receive VM passwords, login authentication codes, and email notifications, enter your E-mail address and Phone number
   
   
5. Go to Advanced and add your Public key for remote access to VMs
   

If you are using a single sign on, you may need to ask your system administrator to update your details

To filter templates:

• Click the filter funnel button and select a Category from the pull-down list
  • To display only ISOs, select the checkbox
• Enter text (including * wildcards) in the Search box and press Enter

To clear the search:

• Click the Clear link on the Category filter popup, which will clear both category and text search box
• Click the grey x button in the Search box

1. On the VM icon, click on the options menu button
2. From the menu, select Edit 
3. Configure your VM as described below 
   

14.4.1. General configuration

To configure the VM with a basic general configuration, optionally change the following:

1. The Label is a friendly name for the VM. Power-on is in alphanumeric order
2. Guest setup in private cloud. If your template supports it, you can request a Guest initial password that will be sent to your user Phone number by SMS or your Email address
3. Fully qualified domain name that the platform will set at deploy time
4. Hardware profile and/or CPU, RAM and Cores per socket
5. Description

To enable remote access to the VM in private cloud:

1. select the Enable remote access check-box
2. Optionally display and change the password for the remote access connection. Note down the password. 
3. Before you deploy, remember that for SSH access, your user account must have a Public key. And you will need the SSH private key to log in to your VM

You can now continue with further configuration or Save and deploy your VM.

To configure IP addresses on your VM, do these steps:

1. Select the Private, External, or Public tab
2. For private or external networks, select the network
3. Create NICs as required:
   • To use an existing IP address, drag it into the NICs list
   • To request an automatically created NIC and IP, drag the Automatically generated IP tag into the NICs list
   • For private networks, to create a new IP address and NIC, click the + add button
   • For public networks, to obtain a new IP address, click Purchase public IPs, select the network, and select the IP address
4. Select the Default gateway address
5. Continue configuring your VM or click Save to finish

14.4.2. Firewall policies

Select the Firewall policies to add. You can add as many firewall policies as necessary, up to the cloud provider's limit. If you can't see the expected policies, you may need to synchronize with your provider or wait for the platform to update provider data

14.4.3. Load balancers

Select the Load balancers to use for the VM.

14.4.4. Monitoring

To enable monitoring and metrics do these steps:

1. Select the Fetch metrics checkbox, which will retrieve all metrics from the provider
2. Select from the available options for your provider, for example, for AWS, you can select Basic or Advanced monitoring
3. Select the metrics you would like to display for your VM

The platform will check your access and schedule or allocate your VM to a hypervisor, public cloud region or Docker. Then the platform will configure it in the virtualization technology, then power it on. Of course, you can also deploy the whole group of VMs by clicking Deploy virtual appliance.

14.6. Display all VMs

14.7. Move a VM to another virtual appliance

To move a VM to another VApp in the same virtual datacenter:

1. Select the VM

2. On the VM control panel, click the VM move button
   

3. Select the virtual appliance or create a new one, and click Accept

If you have the privilege to restrict VMs, you may also be able to move the VM to a restricted VApp in the same virtual datacenter. 

14.8. Move a VM to a restricted virtual appliance

14.9. Move a deployed VM to another virtual datacenter

14.10. Delete a VM

If you would like the platform to notify you when an alarm activates, create an Alert for it in Control view.

• Alerts are a group of one or more alarms. They are like a worker monitoring a group of alarms; when all the lights for the group are lit up, then the worker takes action and activates the alert. Alerts can also trigger action plans to perform automated actions when their alarms activate. After you create an alert, create an action plan in Control view with the alert as a trigger.

You can create alarms for built-in VM metrics or scaling group metrics, as well as custom metrics created using the API for VMs, scaling groups, virtual appliances, and virtual datacenters. 

• You cannot create alarms for cloned VMs that are part of a scaling group. This is because scaling groups have aggregate alarms that are associated with the base VM. 

1. Go to Virtual datacenters 
2. Select a virtual datacenter or All virtual datacenters
3. Go to Alarms

1. Configure the metrics you will use in the alarm. See VM monitoring and metrics and Custom Metrics Resources.

To create an alarm:

1. Go to Virtual datacenter → Alarms
2. Select virtual datacenter, virtual appliance, scaling group, or VM
3. Click the Add + button in the top right hand corner
4. Enter the alarm details
   

   

   

   Field	Description
   Entity type	Select an entity with metrics from the list on the left.
   Entity name	The name of the entity
   Entity label	The label of the entity, which for VMs is shown in the list on the left
   Entity icon	The icon that the platform displays in the UI for VMs and virtual appliances
   Name	Name of the alarm with up to 128 characters. Alarm names must be unique for each metric
   Description	Description of the alarm. Used together with the alarm name and VM name to identify the alarm, for example, when creating an alert
   Metric	Select one of the metrics available for the VM
   Metric unit	The unit of the metric. Read only
   Metric description	The description of the metric. Read only
   Dimension	When the metric has multiple dimensions, optionally select one or more dimensions. For example, if a VM has multiple hard disks, then the disk read bytes metric may have a dimension for each disk
   Last datapoints in period	The number of datapoints that the platform will evaluate the metric during the elapsed time. If you request the evaluation of an alarm more frequently than metric data is collected by the platform or sent by the provider, then the alarm will not activate. We recommend that you create alarms with longer evaluation periods, for example, an average of 10 points over the last hour, so the transmission and collection intervals will not affect the activation of the alarm.
   Statistic	Statistic that the platform will use for evaluating the alarm, which can be: average, maximum, minimum, sum, count, dev
   Formula	Operator that the platform will use for evaluation of the alarm, for example, greater than. Values can be: notequal, greaterthan, greaterthanorequalto, lessthan, lessthanorequalto, trendup, trenddown
   Threshold	Value that the platform will evaluate the alarm against, if appropriate

5. Click Save

The platform will create the alarm for the metric. If you would like the platform to notify you when an alarm is triggered, create an Alert.

For API documentation about alarms on an entity, see the API documentation for the entity's resource. For example, for VMs, see VirtualMachinesResource.

When you edit an alarm, there is an extra field, "Active", that shows if the alarm is activated or not.

After you save the alarm, the platform will start to evaluate it again with new data when it receives the next set of metrics datapoints.

You can also remove an alarm from an alert.

To delete an alarm:

1. Go to Virtual datacenters or Infrastructure →  Alarms
2. Select the alarm and delete it

To remove an alarm from an alert:

1. Go to Control → Alerts → edit alert

2. Select the alarm, click the delete button, and confirm
   The platform will remove it from this alert, but it will remain in all other alerts that it is associated with

1. Go to Control → Alerts

Before you begin:

1. Retrieve VM built-in metrics, by editing VMs and enabling monitoring (see VM monitoring and metrics) or create custom metrics
2. Optionally create metric alarms (see Manage cloud alarms and Infrastructure Alarms). You must add at least one alarm to be able to save the alert.

To create an alert:

1. Go to Control → Alerts
2. Click the + add button

3. Enter the alert details and assign alarms as described below

4. Click Save

You can also remove an alarm from an alert.

To delete an alarm:

1. Go to Virtual datacenters or Infrastructure →  Alarms
2. Select the alarm and delete it

To remove an alarm from an alert:

1. Go to Control → Alerts → edit alert

2. Select the alarm, click the delete button, and confirm
   The platform will remove it from this alert, but it will remain in all other alerts that it is associated with

Screenshot: A scaling group with VMs deployed automatically.

• Limitations:
  • Autoscaling does not clone captured VMs, so to use scaling groups with a captured VM, create an instance and recreate the VM. Create instances to save VM disks to templates
  • VApp specs do not support scaling groups. See What do specs save and create

  • Scaling groups have aggregate alarms that are associated with the base VM. This means that you can push custom metrics for clone VMs but you cannot create alarms for cloned VMs that are part of a scaling group. 

• State of base VM: A scaling group with a deployed base VM would be destroyed if the base VM were deleted directly on the hypervisor. In contrast, a scaling group with an undeployed base VM is not vulnerable to interference at the hypervisor level

1. Configure the base VM that will be scaled
2. Ensure that you have enough resources in your virtual datacenter to deploy up to the maximum number of cloned VMs, especially IP addresses

To create a scaling group:

1. Go to Virtual datacenters → Virtual appliances
2. On the VM icon, from the options menu, select Define scaling group
3. Enter the scaling parameters and rules
4. Click Save

When you save the scaling group, Abiquo will mark the VM icon with the scaling group symbol and display the scaling group name.

• When the scaling group leaves maintenance mode, Abiquo will create clones of the base VM and deploy them to reach the minimum size. 
• The number in the bottom right-hand corner of the icon is the number of running VMs in the scaling group, including the base VM.

To open the scaling group and check its parameters, click the scaling group symbol at the top of the VM icon.

1. Create a VM and a scaling group for the VM. See Define a scaling group
   1. If you create an automatic scaling action, then the VM metrics will trigger autoscaling when they cross the thresholds set for the actions

To enable autoscaling operations to run:

1. Create an action plan with a scaling action for the VM with the scaling group. See Create an action plan to automate VM actions
2. Create triggers to run the action plan. See Create a trigger for an action plan

When scaling, the platform will search for a scaling rule that is valid for the specific time range, or for a default rule. It will create or delete/undeploy the number of VMs in the rule, then wait for the cooldown period before accepting another scaling request.

1. Create disks using the following:
   
   1. Copies of content of disks from the VM template
   2. Empty disks or volumes for each additional disk used in the VM
   3. Disk controllers used in the VM
2. Apply ALL configuration used in the VM, for example:
   
   1. CPU and RAM
   2. Network connections of the same type (e.g. private network)
   3. Assignment of firewall policies and attachment to load balancers
   4. Chef recipes, backups, cloud-init, variables, and so on
   5. Metrics. The group of metrics from clone VMs and the base VM (if it is deployed) can activate alarms in the base VM, even if it is not deployed
   6. Exception – Alarms: the scaling group has only one set of alarms in the base VM

To scale in,  Abiquo currently selects the VMs to delete or undeploy using first in, first out (FIFO). The platform deletes and undeploys VMs without requesting user confirmation when there are disks that are not stored in the Apps library (ISO configuration drive or additional hard disk). 

When you leave maintenance mode, the platform will apply your modifications to the scaling group, e.g. adding new rules. Then the platform will adjust the number of VMs in the group to within the minimum and maximum size range.

To put the scaling group in maintenance mode:

1. Go to Virtual datacenters → Virtual appliances → select VM
2. At the bottom of the VM icon, click the cog maintenance symbol at the bottom of the VM icon
   
   OR if the scaling group is open, click the spanner maintenance symbol in the top right corner
   

To leave maintenance mode

1. Click a maintenance button

To automatically manage maintenance mode

1. Trigger action plans with the action "Scaling group: start maintenance mode" or "Scaling group: end maintenance mode".

To delete the base VM, you must delete the scaling group first. 

1. Go to Virtual datacenters → Virtual appliances → open virtual appliance
2. If the scaling group is not in maintenance mode, click the cog maintenance symbol 
3. Edit the scaling group and go to Autoscaling actions
4. To show or hide more details of a scaling action, click Show more or Show less

You can also display all the elements created for the automatic scaling action in the relevant sections of the UI, such as the Alarms tab, and the Control view. 

1. Put the scaling group in maintenance mode
2. Click the Move button
   
3. Select the new virtual appliance

To delete a scaling group:

1. Go to Virtual datacenters → Virtual appliances
2. Open the scaling group
3. Click the wrench maintenance button to put the scaling group into maintenance mode
4. Click the trash can delete button

1. Go to Control → Action plans

To create an action plan:

1. Go to Control → Action plans, and click the + add button 
2. Enter the action plan details
3. Add actions: 
   1. Click the + Add button
   2. Select a general action or select a VM or scaling group and a specific action type
   3. Enter parameters as described below

Put the actions in run order using the arrow buttons. Delete actions as required using the trash can button to the left of the action name.

General information

Field	Description
Name	The name of the action plan
Description	A description of the action plan

Actions

Action Notes and Parameters table

Action	Notes and Parameters
Virtual machine
Increase CPU	vCPUs
Decrease CPU	vCPUs. Not supported by hot-reconfigure. Check OS compatibility
Increase RAM	RAM RAM unit of GB or MB
Decrease RAM	RAM. Not supported by hot-reconfigure. Check OS compatibility RAM unit of GB or MB
Increase hardware profile	Use the same family and type
Decrease hardware profile	Use the same family and type
Resize disk	Amount Disk unit of GB or MB Selected disk
Instance	Name for Instance (clone) template. The platform will append the date to the name supplied All disks or selected disks
Set hardware profile	Select from the available hardware profiles
General
Send email	Subject Body To (email addresses). Click the add + button to add an email address Cc (copy to these addresses)
Send webhook	See webhook parameters table
Scaling group
Start maintenance
End maintenance
Scale in
Scale out

Webhook action attributes table

Attribute	Description	Required	Default value
Endpoint	Where to submit the request	true
HTTP Method	The type of request can be GET, POST, or PUT	false	GET
Expected HTTP status code	If this status code is returned, continue running the action plan	false	204 No Content
Request headers	Headers such as, secret, authentication, and content-type	false
Request content	Request body	false

---

When you create actions on VMs also consider the following constraints.

• User constraints: e.g. allocation limits
• Platform constraints: e.g. to create an instance, the VM must be deployed and powered off 
• Hypervisor constraints: e.g. when using hot reconfigure on ESXi, you cannot decrement CPU or RAM

For the API, note that you can request the JSON schema for each action plan entry type from the API.
See: https://wiki.abiquo.com/api/latest/ActionPlansResource.html#list-action-plan-entry-templates

To run the action plan automatically, go to the Triggers tab and create an alert or schedule trigger. 

1. Go to Control → Action plans
2. Select the action plan 
3. On the Actions panel, click the Run action plan button  

Abiquo recommends that you run an action plan manually to test it before you create a trigger to run it automatically

To run your action plan based on metrics, select an existing alert with these steps:

1. Go to Control → Action plans
2. Select an action plan
3. Below the Alerts panel, click the + add button
4. Select an alert. For details about creating an alert, see Manage Alerts

To run your action plan automatically at selected dates and times, create a schedule trigger with these steps:

1. Go to Control → Action plans
2. Select an action plan
3. Below the Schedules panel, click the + add button
4. Enter the details of the schedule

• To run the action plan at intervals of a fixed number of seconds within a set timeframe:

1. 1. Select an Interval schedule
      
   2. Enter the following parameters
      
      1. Interval seconds: the number of seconds from when the action plan excution starts to when it will start again
      2. Repeat count: the number of times to run the action plan. A value of 0 means repeat forever
      3. Start time: date and time
      4. End time: date and time
2. After you create an interval schedule, the platform will display the execution count of how many times the action plan has run. If the repeat count is 0, the execution count is null

• To run an action plan as specified using a Cron-type schedule, select an Advanced schedule and use the calendar selector.

1. Create your VM with a template that is compatible with cloud-init version 0.7.9 or above, or cloudbase-init

To add a VM bootstrap configuration or script in public cloud:

1. Go to create or edit VM → Bootstrap
2. Paste your configuration or script in the Bootstrap script text box
3. Continue to configure the VM or click Save to finish

To add VM variables:

1. Go to Virtual datacenters → edit a VM that is not deployed → Variables

2. Enter each Key and Value

   1. The length of these can be up to 255 characters each 

3. Click Add

   
   

4. To delete a variable click the trash can symbol beside the Key. To edit the Value of a variable, click the pencil edit button beside the Value

5. To apply changes to variables, and other changes to the VM, click Save

1. Edit the VM and go to Chef → Attributes
2. Enter the attributes, which are the parameters for each recipe, in JSON format. 
   • The Chef attributes must be enclosed in "{ }". You must enter a valid JSON document and Abiquo will validate it
   • Abiquo does not validate the attributes, so check them carefully
3. Click Save, which will save the entire VM configuration