1. Starting Abiquo for the First Time

After Abiquo is installed, you can access the platform through the web interface by entering these URLs in your browser:

http://<server-ip>/client

http://<server-ip>/client-premium (Enterprise Edition)

The Abiquo client is compatible with the latest versions of almost all major web browsers. For more information please see the Compatibility Tables section in the Administrator's Guide.

The default data for this platform are:

• Users & Organizations:
  • Enterprise: abiquo
  • Cloud Administrator (Complete access to all functionality)
    • Username: admin
    • Password: xabiquo
  • Enterprise User (Virtual applications only)
    • Username: user
    • Password: xabiquo

1.1. Getting Started with Abiquo

Abiquo is a flexible platform that will allow you to configure your cloud infrastructure as required.

We recommend that the system administrator logs in first as Cloud Administrator, using the default credentials above, and then changes the password and user details in Users View.

The cloud administrator will then need to create both physical infrastructure and users, but either of these can be created first.

• Before you create users, you can also create enterprises and roles to suit your cloud requirements. For information about creating users, enterprises and roles, please see Users View in this User's Guide.

• For information about creating physical infrastructure, please see Infrastructure View in this User's Guide.

The Abiquo Quick Tutorial is an introductory overview of working with Abiquo infrastructure and virtualization from a multi-user perspective.

1.2. Help Using Abiquo

To open the help page for a pop-up in Abiquo, click the blue wiki links help icon when it is displayed in the top right corner of a pop-up. You can configure the display of the help icon display and the URLs of the help pages in Configuration view.

2. Home View

This dashboard is the first screen you will see when you log in to Abiquo. It is intended as a general view of the resources currently being used by your system on four different screens, which are from left to right, top down:

• Enterprise Resources
• Running Virtual Appliances
• Virtual Datacenters
• Events

These four screens can be minimized or maximized to give a better view of only the data you are interested in.

Visible Information All information shown in this dashboard is contextualized for the current user, so you'll only see data related to the enterprises or resources you have access to. Users that can view more than one enterprise can select an enterprise to see its data.

API feature This feature is available in the API. See Statistics.

2.1. Selecting an Enterprise

If you have the List all enterprises privilege, you can view the dashboard statistics for all enterprises or any selected enterprise. In the top left corner of the screen, below the logo, you will see the Enterprise selector. Click to open the enterprise list and select an enterprise. The dashboard will now show the data for the selected enterprise only.

2.1.1. Administer the Selected Enterprise

By default, the Cloud Administrator belongs to the Abiquo enterprise. This enterprise is used to administer users, enterprises, roles and privileges in Abiquo.

If you have the Administer all enterprises privilege, click the impersonate icon beside a name in the enterprise list to administer that enterprise.

The name of the enterprise with which you are currently working will be displayed beneath your username in the top right-hand corner of the screen.

You will now be working as the administrator of this enterprise and all your actions with virtual datacenters and virtual appliances will apply to this enterprise. You will work with this enterprise until you choose to impersonate another or until you log out and log in again, at which point the enterprise will be reset to your enterprise.

While working with another enterprise, you can still display the statistics of any of the other enterprises by selecting them in the enterprise list in the left pane of Home view.

2.2. Enterprise Resource Statistics

This screen shows statistics of the resources used by the datacenters managed by the enterprise(s) selected:

• Virtual CPUs used by the virtual machines (total and currently running).
• Storage size (total and used) of disks used by virtual machines (total and currently running).
• RAM used by the virtual machines (total and currently running).
• External storage (in volumes defined in the datacenter's storage section) used by virtual machines (total and currently running).
• Total and used number of VLANs defined.
• Total, reserved and used number of public IPs.

2.2.1. Filtering

You can filter the enterprise resource data by virtual datacenter using the combo box.

If you have the Display enterprise statistics privilege, you can also filter the statistics by enterprise using the combo box.

2.3. Virtual Datacenters

This is a list of all the virtual datacenters defined and data of each of them:

• Virtual datacenter name.
• Total virtual machines deployed.
• Currently running virtual machines.
• Total number of storage volumes created.
• Number of storage volumes currently attached to virtual machines.

2.3.1. Running Virtual Appliances

This is a list of all the virtual appliances defined and data of each of them:

• Virtual appliance name.
• Virtual datacenter currently hosting this virtual appliance.
• Total virtual machines deployed.
• Currently running virtual machines.
• Number of storage volumes currently attached to virtual machines.

2.3.2. Events

This is a condensed view of the Events view logs. It is controlled with the same privileges as the Events view, so if the user has no events privileges, no events window will display here.

Otherwise, the window will display all events for the enterprise or all events, depending on the user's privileges.

3. Infrastructure View

The Infrastructure view allows cloud administrators to manage their datacenters' physical infrastructure, including physical machines, networking and external storage. This physical infrastructure will be offered to the end user as an Infrastructure as a Service (IaaS) cloud.

Abiquo allows you to manage the physical infrastructure with a multi-datacenter approach, so enterprises can provide virtual infrastructure supported by physical infrastructure in different locations.

Click the Infrastructure button at the top of the screen to access Infrastructure view. On the main screen in this view you will see a map with the locations of all the datacenters. You can configure this map in Configuration view. If the map is not configured, you will see a large version of the Resource Usage panel, which contains a summary of the infrastructure managed by Abiquo.

From the Infrastructure view you can manage datacenters and their basic infrastructure elements: racks, physical machines, networks and external storage.

3.1. What is a Datacenter

Abiquo defines a datacenter as a set of IT resources (servers, networking and external storage) in the same physical location (on the same local area network). This hardware will be the backend infrastructure for providing the cloud of compute, storage and network as a service.

Cloud administrators can use Abiquo to manage multiple datacenters so users can deploy their virtual appliances in different physical locations.

3.2. Managing Datacenters

Cloud administrators manage the physical infrastructure (represented in Abiquo as a set of physical datacenters) from the Infrastructure view. To manage datacenters, click the Infrastructure button at the top of the main screen. To open a datacenter and view its details click on the datacenter in the list.

Users with the Manage datacenters privilege can perform the following operations:

Button	Action
	Create a new Datacenter
	Remove an existing Datacenter
	Edit the selected Datacenter

3.2.1. Creating a Datacenter

API feature This feature is available in the API. See Datacenter Resource.

To create a new datacenter, enter the name and location of the datacenter, and the location of the remote services that are deployed as part of the Abiquo platform.

The basic fields of the Create Datacenter form are:

Remote Services

API feature This feature is available in the API. See Remote Service Resource.

Because Abiquo is based on a distributed architecture, the Remote Service interface configures the different elements of the distributed architecture that will be used by a datacenter to provide the IaaS cloud. The remote services used by Abiquo are described in the table below.

Enterprise Edition Remote Services

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Remote Service Fields

For each Remote Service complete the following fields, then click Check to test the remote service connection. If the remote services are all running on the same machine, enter the machine's address in the first box and mark the Duplicate IP Addresses checkbox to copy the same URL for all remote services.

You must enter an accessible (public) IP for the Remote Services servers. Abiquo uses these addresses for intermodule communication between the distributed components of the platform, so you cannot enter localhost or 127.0.0.1. The icon will be displayed when the IP format has been verified.

Do not create a Datacenter without all the Remote Services running On the Create Datacenter form you should check if the URLs you have entered have the corresponding remote service running. You cannot deploy machines without all the remote services running. Thus we strongly recommend that you do not create a datacenter if any of the remote services are down or not properly configured.

Datacenters Cannot Share an NFS Repository or Appliance Library

Each datacenter MUST have its own NFS repository configured for its own Appliance Library. This is done at Remote Service level. See repositoryLocation in the Abiquo Configuration Properties.

The Virtual Factory, Virtual System Monitor and Appliance Manager Remote Services cannot be shared across datacenters. This is because these remote service configurations include the NFS repository or Appliance Library of the datacenter.

Open the Datacenter After Creation

Mark the checkbox.

3.2.2. Modifying a Datacenter

API feature This feature is available in the API. See Datacenter Resource.

The following image shows the pop-up for modifying a datacenter. The information that can be entered in this pop-up is identical to that for creating a datacenter.

The following actions are allowed in the remote services tab:

Button	Action
	Add a remote service to the datacenter.
	Remove the selected remote service.
	Check the status of the selected remote service.
	Edit the selected remote service.

3.2.3. Deleting a Datacenter

To delete a datacenter, first delete any virtual datacenters defined within it. For more information, see Manage Virtual Datacenters.
Then click the remove button in the bottom-left part of the DATACENTERS screen.

3.3. Infrastructure Statistics

A user with the Display resource usage panel privilege can display detailed statistics of all cloud resource usage or a specific datacenter, by clicking All or a specific datacenter in the list in the left pane of Infrastructure view.

The following information is displayed for either All Datacenters or a selected Datacenter:

• Total number of enterprises.
• Total number of users.
• Total number of virtual datacenters.
• Servers: Total number of physical machines managed running or stopped.
• Total virtual machines managed: running / not running.
• External storage (in volumes defined in datacenter's storage section) used by virtual machines: limits (yellow) / total (green) / currently running (red).
• Limits virtual CPU (yellow) / Total virtual CPU (green) / Used virtual CPU (red).
• Hard disk resources: Limits (yellow) / Total hard disk resources (green) / Used hard disk resources (red).
• RAM in virtual machines: Limits by enterprises (yellow) / Total memory (green) / Used memory (red).
• Total enterprise limits for public IPs (yellow)/ Total public IPs created in all datacenters (green) / Total public IPs used (reserved or used by virtual machines).

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

API feature This feature is available in the API. See Datacenter Resources Usage Stats.

These statistics are presented in a numeric mode next to the map view, but you can maximize the window to show them in graphical mode.

Information about limits shown in the charts depends on user selection:

• Select 'All' to see all limits defined for all enterprises in the cloud.
• Select a datacenter to see the sum of limits defined for the enterprises in this datacenter.

3.4. Manage Network Configuration

To manage network configuration, click the Infrastructure button at the top of the main screen, select a datacenter in the list, and click the button to see the datacenter detail. In the datacenter pane on the right, click the Network tab.

Abiquo offers three types of networks in virtual datacenters:

• public networks with Internet addressable public IP addresses.
• external networks assigned to an enterprise and used in one or more virtual datacenters.
• private networks with private IP addresses restricted to one virtual datacenter.

New Feature External networks were introduced in version 1.8.5.

3.4.1. Viewing Private Networks

The default view is the Private network screen. Private networks are usually managed by enterprise administrators for their own virtual datacenters, so from the Infrastructure view the cloud administrator can only view network use. On the left of the Private network screen, an expanding tree provides network information ordered hierarchically by enterprise and virtual datacenter. The search box will filter the expanding tree by enterprise. When you click a private network in the expanding tree, the right pane shows the list of network IP addresses.

The default VLAN for a virtual datacenter may be either the auto-created private VLAN, named default_network, or another private VLAN, shown in bold, or an external VLAN. External VLANs are managed in the Public/External tab and assigned to an enterprise's datacenters or virtual datacenters. You can override the default private network for a virtual datacenter in Virtual Datacenters view. The network details are shown in the right lower pane. The Type field is only used for public and external networks.

The PRIVATE IPs pane contains the detail of each of the IPs of the selected internal VLAN. Click in the header of a column to sort by that column, use the Search button to filter the results and navigate through the pages with the page scroll.

3.4.2. Managing Public and External Networks

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

New Feature External Networks were introduced in version 1.8.5. From this version onwards, public networks cannot be reserved for enterprises and you should use external networks instead.

Public Networks allow the users of virtual datacenters to use Internet addressable public IP addresses in their virtual infrastructure. These networks are not assigned to any specific enterprise in Abiquo and they cannot be the default network for a virtual datacenter.

External Networks are assigned to a single enterprise and they may have public or private IP addresses. IP addresses on these networks can be used in more than one virtual datacenter. External networks can be assigned to an enterprise's datacenters or virtual datacenters as a default network, thus streamlining the configuration of access to networks outside the virtual datacenter.

Click the Public/External tab to open the public and external network screen. You can distinguish these two types of networks by the value in the Type field. The cloud administrator is responsible for the proper administration of IP address ranges and VLAN tags.

From this screen the cloud administrator or other authorized user can:

Button	Action
	Create a new public or external VLAN
	Remove an existing public or external VLAN
	Edit the selected public or external VLAN

Create VLANs for Public or External Networks

Click the button and complete the form.

Tag Availability Info* The check availability button will check if the VLAN tag is available for all the racks of the datacenter. A public or external VLAN can be used in any rack and should be tagged in the same way on all racks. Tags in use by other VLANs will display an orange warning signal but they may be used; only invalid tags will be rejected, with a red signal.

Click Next to select from a list of available public or external IP addresses:

Leave the IPs you wish to offer to users in the left pane.

To make the external VLAN the default for an enterprise's datacenter, go to Users view and edit the enterprise's datacenter. You can also assign it as the default for a virtual datacenter from the virtual datacenter's network screen.

Edit Public or External VLANs

To edit a public or external VLAN, select it in the VLAN list and click the button in the lower right corner of the NETWORKS pane. The form is the same as the creation form, but you can only change the VLAN name, the VLAN tag, and the VLAN gateway.

Add or Remove IPs Available on Public or External Networks

To add or remove the Public IPs available for purchase or the External IPs available for use by enterprise administrators, select the VLAN in the list, click the down arrow in the and select 'Edit Public IPs'. You will see the currently available and unavailable IPs.

Make your changes and click 'Accept'.

Purchased Public IPs and External IPs in use will not be shown You cannot move to Not Available: A public IP address that has been purchased by the users of an enterprise An external IP address that is in use

Remember that IP addresses on the public network can be assigned to different enterprises, whereas IP addresses on an external network all belong to the same enterprise.

Delete Public or External VLANs

To delete a public or external VLAN, select it in the VLAN list and press the Delete Button and the public or external VLAN will be deleted.

Restrictions on deleting VLANs You cannot delete: A public VLAN if users have purchased IP addresses in the network. An external VLAN if any of its IP addresses are in use on virtual machines.

View the Public or External IP List

On the right side of the screen, in the PUBLIC IPs pane, you will see details of the IPs of the selected public or external VLAN. Click in the header of a column to sort by that column, use the Search button to filter the results by any field and navigate through the pages with the page scroll. The VLAN type (Public VLAN or External VLAN) is shown in the bottom right section of the VLAN details when you click on the VLAN name.

How to Put an IP in a Black List

Occasionally a user may misuse a Public IP. If this happens, the DNS providers can block this IP. Abiquo also allows you to mark an IP to quarantine it. This prevents another enterprise from reserving this IP and attaching it to another VM. Just select the problem IP and mark the quarantine checkbox.

3.5. Manage Racks and Physical Machines

Go to the Infrastructure View by pressing the button at the top of the main screen, select a datacenter in the list, and press the '>' button to see the datacenter information. Here you can manage racks and physical machines and enable high availability of virtual machines.

3.5.1. Management Actions

The actions for managing racks and physical machines are:

Button	Action
	Add a rack or physical machine.
	Delete a rack or physical machine.
	Edit the selected rack or physical machine.
	Refresh the resources used in the selected physical machine and synchronize the virtual infrastructure (Virtual machine CRASHED or UNKNOWN)

The buttons for performing these actions are found at the bottom of the machine list.

If there is no rack, the button will open Creating Racks. Otherwise, if a rack is selected, the same button will open Creating Physical Machines on the selected rack.

3.5.2. What is a Rack

In Abiquo, a rack is a logical entity used for grouping physical machines and providing VLAN isolation to the virtual machines deployed there. The Administrator's Guide describes the hypervisor network configuration. Abiquo supports two types of racks: standard racks and managed racks.

3.5.3. High Availability of Virtual Machines

New Feature This feature has been available since version 1.8

Abiquo High Availability (HA) is a vendor-neutral automatic VM restart capability that allows enterprises deploying multi-hypervisor datacenters to have a cost-effective high availability mechanism. Abiquo High Availability is based on Abiquo's virtual machine management features and is designed to complement hypervisor HA. In Abiquo, High Availability is implemented at rack level.

HA Compatibility External storage and persistent VMs are compatible with HA. Abiquo HA is not compatible with VMware vCenter. Use VMware HA. Abiquo HA does not support XenServer.

To configure HA, first see High Availability Prerequisites and Configuration in the Administrator's Guide.

Introduction to Abiquo High Availability

When High Availability is enabled on a rack, Abiquo periodically checks the hypervisors on the physical machines of the rack. If a hypervisor does not respond after two checks, Abiquo will start the HA process. It will restart the virtual machines on another hypervisor of the same type in the same rack from the shared datastore. Then, Abiquo shuts down the failed physical machine. If there are not enough resources on suitable hypervisors, the virtual machines will remain on the failed hypervisor and when the administrator restarts the machine, they will be unchanged. In Abiquo, the administrator must manually re-enable the physical machine that failed.

See and Configuring High Availability of Virtual Machines and The High Availability Process in the Administrator's Guide.

High Availability Configuration in the Abiquo GUI

• Enable HA when Creating Racks.
• Configure IPMI when Creating a Physical Machine.
• Create and enable a shared datastore on all hypervisors on the HA rack when Creating Physical Machines.
• Manually re-enable a physical machine after HA by Modifying a Physical Machine.

3.5.4. Creating Racks

API feature This feature is available in the API. See Rack Resource.

Before you add physical machines to your Infrastructure, you must create a Rack. On a standard rack, you manually create physical machines, but on a managed rack Abiquo will communicate with the rack and automatically detect physical machines, so you cannot create them. If you have set up your systems for high availability of virtual machines, mark the High Availability checkbox to enable it for the rack.

Creating Standard Racks

General Information Tab for Standard Racks

Creating Managed Racks and Blades

New Feature This feature has been available since version 1.8

Abiquo communicates directly with managed racks and blades to automatically create the blades in an Abiquo rack. So you cannot manually create physical machines in an Abiquo managed rack but you can work with blades as with other physical machines.

General Information Tab for Managed Racks

After you create a managed rack, it will appear in the PHYSICAL SERVERS list. Click on the rack to open it and display the list of blades.

Network Parameters Tab for All Racks

*See VLAN Allocation Tuning and VLAN Scheduler Algorithm

VLANs

By definition there is VLAN isolation inside a rack. This is an excellent security feature to prevent external access to a client's internal private networks and offer scalable VLAN networks. Thus a whole VDC (Virtual Datacenter) will be deployed in the same rack so the virtual machines can network locally. The Abiquo Scheduler will determine which rack will be the most suitable (in terms of VLAN availability) when deploying the first virtual machine of a virtual datacenter.

VLAN Allocation Tuning

The 'Estimated VLANs per VDC' and the 'VLAN pool size for VDCs that exceed estimation' as well as the virtual datacenter allocation limits and the 'abiquo.server.networking.vlanPerVdc' configuration property give cloud administrators some control over VLAN allocation. The 'Estimated VLANs per VDC' is only used to decide how many VDCs can be deployed in a rack. It does not reserve VLANs for VDCs. To prevent a VDC from using more than a certain number of VLANs, set this number as an allocation limit. The default balanced scenario is shown here.

Default Balanced Scenario

Estimated VLANs per VDC = 1 (or other low value)
VLAN pool size for VDCs that exceed estimation = 10%

• balances VLAN allowance with number of VDCs per rack
• allows low average number of VLANS for each VDC
• small pool of VLANs for VDCs that require more than estimated VLANs
  • to control the maximum number of VLANs per VDC, set allocation limits

These parameters can only be modified on a rack with no VDCs deployed. For detailed information about VLAN allocation, please see VLAN Scheduler Algorithm.

3.5.5. Editing Racks

API feature This feature is available in the API. See Rack Resource.

To edit a rack, select it in the rack list and press the Configuration Button in the lower right corner of the PHYSICAL SERVERS pane.

You can change the same rack values that are used for rack creation creation.

Restrictions You cannot modify the network parameters of a rack if there are any virtual machines deployed in any of the rack's physical machines.

3.5.6. Deleting Racks

To delete a rack, select it in the rack list and press the Delete Button in the lower left corner of the PHYSICAL SERVERS pane. The rack will be deleted.

Restrictions You will not be able to delete a rack if there are any virtual machines deployed in any of the rack's physical machines.

3.5.7. Creating Physical Machines on Standard Racks

Automatically Discovering Physical Machines

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Enterprise Edition uses the Discovery Manager remote service to automatically discover physical machines and their data with two options: basic or advanced discovery.

Basic Physical Machine Discovery

In the drop down menu of the Infrastructure Screen, select the 'Physical Machine' option.

Leave the Basic radio button selected and enter the IP address of the physical machine to add.

After you enter the IP address, the Discovery Manager will look for information about the Hypervisor running on the physical machine. The client has a configuration file with the default user and password (see Default Hypervisor User, Default Hypervisor Password and Default Hypervisor Port in the Configuration View to use when logging in to the remote hypervisor. If the default user and password match those of the physical machine, the Discovery Manager will show the form described in the previous section, with the discovered values completed. Otherwise it will open the Advanced Physical Machine Discovering with the 'Invalid Credentials' error.

If the user and password do not match those of the remote hypervisor, you will see a screen like the advanced screen. If no hypervisor responds to the call, the blank form is shown.

Advanced Physical Machine Discovery

Press the 'Advanced' button, to see the advanced screen for retrieving the physical machine information. You can use this option when you know all the connection data of the remote hypervisor.

Depending on the hypervisor you select, the next step will be to complete the username and password (XenServer, Hyper-V and ESXi) or complete the port field in the same screen (Xen, KVM and VirtualBox).

If the hypervisor does not respond, the empty physical machine form will also open to allow you to complete the physical machine definition.

Create a Physical Machine on a Standard Rack

API feature This feature is available in the API. See Machine Resource.

To create a new physical machine, you will need to complete the following form:

This table describes each field in the form:

Field	Description
Name	The name of the physical machine (usually set to its hostname).
Rack	The rack where the physical machine will be added.
Description	An optional description of the physical machine.
CPU /RAM / Hard Disk	The Resources allocated in the cloud. This information will be used in the provisioning process. Abiquo stores the real resource allocation of the Physical Machine and the resources allocated in the cloud. In the beginning, real resources = allocated resources.
IP	The address of the physical machine in the management network.
IP Service	The address of the physical machine in the service network.
Virtual Switch	The physical machine's address of its connection to the Abiquo server through the service network. VirtualBox, Xen, KVM: In standard environments this is ethx, i.e. eth0, eth1. ESX, ESXi: The network called vSwitchx, i.e. vSwitch0, which is connected to the vmnicx i.e. (the physical ethernet interface). XenServer: As in Xen, the physical ethernet interface should be ethx, i.e. eth0 or eth1. Hyper-V: This would be the network we named SERVICE_NETWORK during installation
Hypervisor Type	The type of virtualization technology.
User-Password/Port	Depending on the hypervisor type selected, the connection configuration will be the tuple user-password (for XenServer, Hyper-V and ESXi) or the AIM port for the connection (KVM, XEN and VirtualBox).
IPMI	Show or Hide the IPMI parameters that are used in Abiquo high availability. For further information about these parameters, see Configuring IPMI
State	Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition The state of the physical machine, which can have the following colors: STOPPED: The physical machine is stopped; it does not respond to ping. PROVISIONED: The physical machine exists, but there is no connection to the hypervisor. NOT MANAGED: The physical machine and hypervisor exist, but are not properly configured. MANAGED: The physical machine and hypervisor are ready to deploy virtual machines. DISABLED: The physical machine and hypervisor are ready but the machine has been disabled by the cloud administrator to prevent deployment of virtual machines on it. HA DISABLED: The physical machine and hypervisor have been disabled by high availability after restarting of virtual machines on another hypervisor.
Datastores	Datastores are covered the Datastore Management section of this document. Abiquo allows you to manage multiple datastores for each physical machine and it is integrated in a vCenter environment

Configuring IPMI for Abiquo High Availability

New Feature: High Availability This feature has been available since version 1.8. For further information, please see High Availability of Virtual Machines.

IPMI is used by Abiquo in the high availability (HA) process to shut down a physical machine that is not responding. Click Show on the Create Physical Machine form to open the IPMI parameters section.

For further information about Abiquo high availability, see Configuring High Availability of Virtual Machines in the Administrator's Guide.

Datastore Management

In Abiquo, datastores include the disks used by the hypervisors to store information related to the virtual machines and the NFS repositories.

When you create a physical machine, you will see a list of all the datastores that are installed on that machine. For some hypervisors this list includes the NFS repository (usually /opt/vm_repository), which should not be used as a hypervisor datastore.

Mark the Enabled checkbox on the create physical machine form to enable a datastore. Abiquo will deploy a VM on the enabled datastore with the most available space.

Do Not Enable the NFS Repository

Wherever possible, the datastores list does not include the NFS repository because it is an internal datastore that is used to share images between the NFS server and the hypervisor. If the NFS Repository is visible in the datastores list, you should not enable it as a hypervisor datastore because deployment over a network to the same NFS shared directory from which the virtual image templates are being copied will severely degrade performance.

Available Space

Abiquo runs a periodic infrastructure check process to update infrastructure values in the Abiquo database, including the real disk space available on a datastore. However, at deployment time, Abiquo only checks the database value.

High Availability with a Shared Datastore

Abiquo High Availability of Virtual Machines requires all the hypervisor hosts involved to share the same datastore, which must be enabled for deployment of virtual machines. This will allow Abiquo to restart machines in other hypervisors from the shared datastore. High availability does not copy virtual machine system disks. Thus, if none of the other high availability hypervisors can see the datastore used by a hypervisor, the virtual machines using this datastore will not be restarted. Therefore, Abiquo recommends that you should enable only shared datastores (and disable other datastores) on high availability hosts and ensure that this datastore is available to all other high availability hosts on the same rack.

Creating Multiple Physical Machines

You can use this feature to enter a defined range of IPs and register multiple existing physical machines with these IPs into Abiquo. For each IP, the Discovery Manager will check if the physical machine has the requirements established in the Multiple Physical Machines screen. The main difference from adding a single Physical Machine is that you will not see the confirmation screen with the physical machine parameters.

In the drop down menu of the Infrastructure Screen

Select the 'Multiple Physical Machines' option to open the following screen:

3.5.8. Discovering Blades on Managed Racks

The Blades on UCS Racks are automatically discovered to create the list of blades on the UCS Rack when the rack is created. In the rack pane, click Discover Blades to discover the hypervisors running on these blades. Click Refresh Blades to rescan the blades.

When you discover blades, you will not see the confirmation screen with the physical machine parameters. All blades found by the discovery process will be automatically added or updated in the Rack. You can then work with these blades as physical machines.

3.5.9. Managing Physical Machines

Disabling a Physical Machine

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

The provisioning process always finds the best physical machine for deploying a virtual machine, according to the Virtual Machine Allocation. You can disable a physical machine in order to avoid deploying virtual machines on it. To do this, click the disable button:

While the machine is disabled, the disable button will change to an enable button. To re-enable the physical machine, click the enable button.

Enabling a Physical Machine Disabled by HA

After a physical machine has been disabled by HA, the system administrator should restart the machine and check the hypervisor.

Attention: Restarting an ESX or ESXi host disabled by HA Before manually enabling an ESXi host in Abiquo: check the hypervisor configuration using vSphere Client to ensure that the datastores are active. Perform a rescan if necessary. check for virtual machines with no name, in the UNKNOWN (INVALID) state. Delete these machines in the hypervisor. Do not delete machines with proper names because Abiquo will manage these machines.

A machine disabled by HA will have the state HA DISABLED in the Abiquo GUI.

Manually enable the physical machine in Abiquo by clicking the enable button on the right-hand side of the screen.

Reserving a Physical Machine for an Enterprise

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Physical machines can be reserved for a specific enterprise and the enterprise's deployments can be restricted to these reserved machines.

This is done in Users View by selecting the editing the Enterprise and selecting the Reservations tab (see Reservations.)

Powering On/Off a Blade

Click the Power button in the top right corner of the blade details pane to power on/off the blade.

3.5.10. Removing a Physical Machine

To delete a physical machine, select it and press the Remove Button at the bottom of the physical servers pane; the machine will be deleted.

All the virtual machines will be deregistered When you delete a physical machine, all the virtual machines will be deregistered in Abiquo.

3.5.11. Physical and Virtual Machine Details

A summary of the properties of the machine appears in the lower virtual machines pane when the user selects a virtual machine or a physical machine. This summary contains the information on the selected object and the user with the appropriate privileges can edit its properties.

Each time a user deploys or undeploys a virtual appliance, the used resources (CPU, RAM, Hard Disk) in the physical infrastructure are updated. These resource allocation values can be viewed in the State tab of the Physical Machine details.

Manually refreshing allocated resources In some situations, the allocated resources information may be out of date. To manually refresh it, click the button to refresh the state of the selected physical machine.

View Virtual Machines on Physical Machines

You can view the virtual machines created in different physical machines (or grouped by rack). The virtual machines can be viewed as a list of names or icons with each entry representing a virtual machine object.

In each virtual machine object you can:

• Power On/Power Off the virtual machine.
• Pause the virtual machine.
• Restart the virtual machine.
• Open VDRP/VNC to access the virtual machine (if supported by the hypervisor).

3.5.12. Working with Imported Virtual Machines

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Abiquo can discover if there are virtual machines running in the registered physical machines. You can select the virtual machines you wish to import into Abiquo. After importing these virtual machines you will be able to see them in Abiquo and power them on and off.

Retrieve Virtual Machines from a Physical Machine

At physical machine level, you can get information about the virtual machines running in the hypervisor but not yet managed by the Abiquo Platform.
Click the Retrieve Button to retrieve the details of a physical machine. All the virtual machines found will appear in the Virtual Machine list with the following icon: . The Abiquo health check will refresh the state of these virtual machines. Remember that Abiquo high availability does not support imported virtual machines.

Import a Retrieved Virtual Machine

You can import the retrieved virtual machines into Abiquo, so that you can see the machines and power them on and off. You cannot use them in High Availability.

To import machines so that they can be seen in Abiquo and powered on or off, you must have a Virtual Datacenter already set up. Select a virtual machine and press the Import Button which is on the left of the Virtual Machine detail pane.

The Abiquo GUI will then show you the Capture Virtual Machine screen listing all the virtual appliances into which you can import the virtual machine.

You can select the virtual appliance or create a new one by pressing the Create Button. The form to create a new virtual appliance is the same as the Create Virtual Appliance form.

When you have decided where to import the virtual machine, click Accept and the machine will be imported there and it will be listed and you can power it on and off.

Be aware of the new state of the virtual appliance If the virtual appliance was previously undeployed, the new state of the virtual appliance will be Update Running Appliance . You can update it by pressing the Update Virtual Appliance button on the Virtual Appliance Detail Screen.

No Instances of Imported VMs on KVM or Xen It is not possible to create an instance of an imported machine running on KVM or Xen hypervisors.

Removing Unmanaged Virtual Machines

API feature This feature is available in the API. See Machine Resource.

You can remove all unmanaged virtual machines from the platform. Unmanaged machines are ones that were retrieved but not imported. (The unmanaged machines are identified by the icon). Select the physical machine, and press the button.

The unmanaged virtual machines will no longer be displayed on the screen. Remember you can retrieve them again at any time.

3.5.13. Sending Email Notifications

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Click the email icon to send email notifications about a physical machine or its virtual machines. Notifications can be sent to either the owner of the machine (the user who created it) or to the administrator or enterprise manager.

The managers of an enterprise are all the users of that enterprise with the "Define Enterprise Manager" privilege. When an e-mail notification about a physical machine is sent, all users who have virtual machines deployed in that physical machine will receive the notification.

3.6. Managing External Storage

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

API feature This feature is available in the API. See Storage Resources.

3.6.1. External Storage in Abiquo

There are two main types of external storage available in Abiquo: Managed Storage and Generic iSCSI Storage.

• Managed Storage devices are fully managed by Abiquo allowing users access to Storage as a Service.
• Generic iSCSI can be accessed by Abiquo as a set of manually entered pre-created volumes. Abiquo cannot communicate with the management interface of generic iSCSI devices to detect or manage the storage.

See Virtual Storage.

Abiquo uses the iSCSI protocol to access the storage technology.

To manage a datacenter's external storage, go to the Infrastructure View by pressing the button at the top of the main screen, select the datacenter in the list, and click the button to view the Datacenter detail. Click the Storage tab to manage the external storage infrastructure.

3.6.2. Managed Storage

Abiquo can manage the following storage device types:

• LVM
• Nexenta
• NetApp
• OpenSolaris

You can contact Abiquo about the development of plugins for other storage devices or if they are iSCSI devices, you can access them without management as Generic iSCSI Storage.

Adding, Editing and Deleting Managed Storage Devices

The first step in working with managed storage is to create a Storage Device. A storage device provides access to the storage technology so you can configure the Management and Service networks that the cloud nodes will use to access it.

You can manage storage devices with the following buttons.

Button	Action
	Create a new Storage Device
	Remove an existing Storage Device
	Edit the selected Storage Device

Click the button to create a storage device, and complete this form:

After you have created a storage device, you can check its details by selecting it in the list of devices.

3.6.3. Generic iSCSI Storage

New Feature This feature has been available since version 1.8

Abiquo offers support for generic iSCSI storage without storage management capacity.

Creating a Generic iSCSI Storage Device

Click the to create a storage device, and complete this form, selecting GENERIC_iSCSI as the storage technology:

Adding and deleting volumes is described in the Managing External Storage#Managing Generic iSCSI Volumes section below.

3.6.4. Storage Pools

Managed Storage Pools

After you create a managed storage device, you can add storage pools. Abiquo automatically detects all the pools in the target storage and allows you to add them to the platform. After the managed storage pools have been added, users will be able to create volumes in them.

Generic iSCSI Storage Pools

Abiquo creates a single pool for an entire generic iSCSI storage device because it cannot communicate with the device's management interface to detect the pools already created on the storage. For generic iSCSI storage, volumes must be created outside Abiquo in the storage device and then manually entered into Abiquo in the Virtual Datacenters view. For more information please see Manage Virtual Storage.

Adding Storage Pools

Storage Pools can be added directly after creating the managed storage device or later.

To add Storage Pools to your infrastructure, click on the display list and select the option "storage pool"

Select the storage device, and you will see the list of available storage pools. Those already selected are disabled, which means that they are already added to your Infrastructure and it is not possible to add them again.

Each Managed Storage Pool must be associated with a tier, according to its service level. When users create a volume and select a Tier (Service level) for the volume, it will be created in a pool belonging to that tier.

After you create the storage pool, you can check its details by selecting it in the list of devices.

Modifying a Storage Pool

To modify a Storage Pool, select it and click the button to open the Edit form. You cannot modify the name of the Storage Pool because it is already defined. You can change the tier of both managed storage and generic iSCSI storage.

Removing a Storage Pool

To remove a storage pool, first remove all of the volumes inside it. Select the pool in the list and click the button to remove it.

Volumes Created You will not be able to remove a storage pool if it contains volumes.

3.6.5. Tier Management

Different service levels can be configured for external managed storage. These service levels are also known as tiers, and they can be configured to give end users a way to choose the service level they want for the volumes they create under Storage as a Service.

In the Tiers tab, you can see the default tiers in Abiquo. You may not add or remove Tiers, but you can change the tier name and enable/disable the required tiers. Select a Tier and click the button to edit it.

Disabling a Tier You cannot disable a Tier if it contains Volumes

3.6.6. The Volume List

The Volume list contains all the volumes created in the pool with detailed information such as the internal volume ID or IQN used to identify the volume in the target storage technology, the volume size, etc.

• In managed storage, volumes are created by users under Storage as a Service in Virtual Datacenters view. For more information see Manage Virtual Storage
• In generic iSCSI storage, volumes must be created outside Abiquo in the storage device itself and manually added by an administrator in the Infrastructure view. For more information see Managing Generic iSCSI Storage Volumes.

The details panel of each volume contains a table of the Initiator mappings. Each storage technology will have its own access policies for each volume, so the different clients (hypervisors) may access the volume using different IQNs or LUN numbers. The Initiator mapping table shows, for each Initiator IQN (representing a single client), the IQN and LUN number that will be used to connect to the volume.

3.6.7. Managing Generic iSCSI Volumes

Volumes that have been already created on generic iSCSI storage can be added and deleted from Abiquo.
However, some features are not be available without a specific hardware plugin because there is no communication with the management interface of the generic iSCSI storage device. The features that are not available in generic iSCSI storage are: volume modification, creation or space information.

Example of Generic iSCSI limitation: Volume Pool Total Size

Adding a Generic iSCSI Volume

To add a pre-existing generic iSCSI volume, open your datacenter and generic iSCSI storage device. Then click the button below the Volume list and complete the form below.

3.7. Manage Allocation Rules

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

API feature This feature is available in the API. See Allocation Rules Resource.

To manage datacenters' allocation rules, click the Infrastructure button at the top of the main screen, select a datacenter in the list, and click the button to see the datacenter detail. Inside the datacenter window, click the Allocation Rules tab.

You can configure allocation rules for load balance, enterprise exclusion and fit policies, to ensure that virtual machines will be allocated in the desired physical machines. For details of the allocation algorithm, see the Virtual Machine Allocation page. The allocation rule screen is divided into two sections:

• Global rules: Rules that apply to all datacenters.
• Datacenter rules: Rules that apply to a single datacenter.

Rules can be added and removed by clicking the and buttons. When you have entered all the rules, click the Save button to apply the changes.

3.7.1. Global Rules Management

Global rules affect the allocation in all datacenters. There are two kinds of global rules: load balance, and shared server restriction. The following sections explain these:

Load Balance Rules

Load balance rules can be used to customize which physical machine a virtual machine will be allocated to. The allocation algorithm consists of two steps:

1. Find a group of candidate machines where the virtual machine can be deployed.
2. Select a single machine in that group to hold the virtual machine.

Load balance rules apply to the second step. Once a subset of candidate physical machines have been chosen, the load balance rules are applied to decide which machine in that group will be selected to hold the virtual machine.

There are two types of load balance rules:

• PERFORMANCE: This rule makes the allocator choose a different physical machine for each virtual machine to allocate. It is a round-robin algorithm that allocates each virtual machine in a different physical machine.
• PROGRESSIVE: This rule means that all virtual machines will be allocated in the same physical machine, until it is full. This rule makes the allocator fill a physical machine, then change to another one.

Number of load balance rules Only one load balance rule can be defined in the global rule set.

Restrict Shared Server Rules

These rules allow you to customize enterprise exclusion rules because many enterprises may want to ensure that their appliances will not be deployed in the same physical machine as the appliances of another enterprise. The Restrict shared server rules allow you to configure these enterprise exclusion rules, to guarantee that all appliances of each of the enterprises will be properly isolated.

To add a new Restrict shared server rule, select the two enterprises that must not share a physical server and add the rule.

Number of restrict shared server rules There is no limit on the amount of rules that can be created. The cloud admin must configure the rules properly to customize virtual machine deployments.

3.7.2. Datacenter Rules Management

Datacenter rules affect only the datacenter being edited. Rules are applied from more restrictive to more general, so if the same kind of rule is present in the global rule set and in the datacenter rule set, the datacenter rule will take priority.

Load Balance Rules

Load balance rules for specific datacenters are defined in the same way as global load balance rules, but will apply only to the current datacenter.
If no load balance rule is defined for the datacenter, the global load balance rule will be applied; otherwise, the load balance rule for the current datacenter will be used.

Number of load balance rules Only one load balance rule can be defined in the datacenter rule set.

Load Level Rules

Load level rules allow you to configure allocation parameters based on machine load. The amount of CPU and RAM used is taken into account to decide if the physical machine is a candidate to hold the virtual machine being allocated.

You can use load level rules to set up CPU oversubscription.

There are three levels where load level rules apply:

• All racks: If selected, the load level rule will apply to all machines from all racks of the selected datacenter.
• All servers: The rule will apply to all machines from the selected rack of the datacenter.
• Specific server: The rule will only apply to the selected machine.

The example above shows a load level rule that applies only to a specific server, and defines that a virtual machine may be allocated to that server only if the RAM load is less than 90% and the CPU load of the server is less than 85%.

Number of load level rules There is no limit to the amount of load level rules that can be created. It is up to the cloud administrator to configure the rules properly to customize virtual machine deployments.

4. Virtual Datacenters View

The Virtual Datacenters view allows enterprise administrators and enterprise users to manage their own virtual infrastructure.

From this view, users with the appropriate permissions can create their own Virtual Datacenters, create and configure Virtual Appliances and deploy them to the underlying physical infrastructure.

4.1. Manage Virtual Datacenters

4.1.1. What is a Virtual Datacenter

A virtual datacenter is an abstraction of a physical datacenter that offers the same capabilities (such as computing power, network infrastructure, external storage system, backup, security, etc) with the advantages of cloud computing technology:

• Virtualization
• Pay-as-you-go billing
• Quickly scalability
• Technology and hardware abstraction.

This allows cloud users to run their applications in a more economical and flexible way. A virtual datacenter offers the classical datacenter infrastructure as a service.

With Abiquo, it is easy to create, manage and configure virtual datacenters from the Virtual Datacenters view.

If you have permission to manage virtual datacenters, from the virtual datacenter view you can:

Button	Action
	Create a new Virtual Datacenter
	Remove an existing Virtual Datacenter
	Edit the selected Virtual Datacenter

4.1.2. Creating a Virtual Datacenter

API feature This feature is available in the API. See Virtual Datacenter Resource.

To create a new virtual datacenter, click the button and complete the form:

Creating Virtual Datacenter Networks

New Feature External networks were introduced in version 1.8.5

Abiquo offers three types of virtual datacenter networks:

• public networks with Internet addressable public IP addresses.
• external networks that are assigned to an enterprise and can be accessed by more than one virtual datacenter.
• private networks with private IP addresses that are restricted to a single virtual datacenter.

External and private networks can be made the default for a virtual datacenter. When you create a virtual datacenter, its default VLAN will be your enterprise's default network. This can be either the automatically created private VLAN, named "default_network", or an external VLAN, set as the default in Users view.

If you wish to override the default network, you will need to create a new custom private network to be the default; see below. After you create the virtual datacenter, you can change the default network; see Manage Networks.

Creating a Virtual Datacenter with a Custom Private Network

If you select the Custom option for the Private Network configuration, the form will expand and to show the following network configuration options:

After you have created a virtual datacenter, VLANs can be managed in the Network tab as explained in the Manage Networks section.

Allocation Limits Management

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

The allocation limits tab allows the cloud administrator to limit the amount of physical and virtual resources a virtual datacenter may consume. This is very useful in preventing common problems in cloud platforms, including resource over allocation, virtual datacenters allocating resources from other virtual datacenters and DoS attacks. Allocation limits also help system administrators to anticipate user needs and to forecast resource demands.

Hard and Soft Limits

• Hard Limit: The maximum amount of virtual resources (RAM, virtual CPU, local hard disk, external storage, VLANs and public IPs) that a virtual datacenter will be allowed to consume.
• Soft Limit: This limit is always lower than the hard limit and it is used to alert users. When a virtual datacenter reaches the soft limit, users will see a warning that they are reaching the resource allocation limits for their virtual datacenter.

To manage the virtual datacenter allocation limits click the allocation limits tab when creating your virtual datacenter and you will see the following panel:

Hard and Soft Limits Remember that soft limits must be always lower than hard limits. Limits equal to 0 means that there is no limit to resource usage.

After you complete the form, Abiquo will create the virtual datacenter and the associated VLAN and display it in the Virtual Datacenters View.

4.1.3. Viewing DHCP Information

The DHCP information for assigning IPs to the virtual machines of the virtual datacenter can be viewed by selecting the virtual datacenter, clicking the button and selecting the Show DHCP info option.

• In Community Edition you must copy this configuration manually to your DHCP server.
• In Enterprise Edition the DHCP Remote Service automatically configures DHCP.

4.2. Manage Virtual Appliances

A virtual appliance is a pre-configured software stack comprising one or more virtual machines. Each virtual machine is an independently installable run-time entity comprising an operating system, applications and other application-specific data.

Virtual appliances are changing the software distribution paradigm because they allow application builders to optimize the software stack for their application and deliver a turnkey software service to the end user. Virtual appliances offer an opportunity to dramatically simplify the software management lifecycle through the adoption of a standardized, automated, and efficient set of processes that replace operating system and application specific management tasks.

For example, consider a typical web application that is divided into three tiers. A web tier that implements the presentation logic, an application server tier that implements the business logic, and a back-end database tier. A straightforward implementation would divide this into 3 virtual machines, one for each tier.

In the next section, you will learn how to create a simple virtual appliance using the virtual appliance editor.

4.2.1. Basic Operations

Virtual appliances are managed in the Virtual Appliances tab of a virtual datacenter.

The operations available for managing virtual appliances are:

Button	Action
	Create a new Virtual Appliance
	Remove an existing Virtual Appliance
	Edit the selected Virtual Appliance

Creating a New Virtual Appliance

To create a new virtual appliance, select the virtual datacenter where the virtual appliance will be deployed, click the button, and complete the form:

If the checkbox is marked, the user will be able to edit the virtual appliance after clicking Accept.

The new virtual appliance will appear in the list in the Virtual Appliances tab.

Deleting a Virtual Appliance

To delete an existing virtual appliance, first you must undeploy it. Then select it and click the button.

Virtual Appliance deletion Only virtual appliances that are not deployed can be deleted.

Deploying and Undeploying a Virtual Appliance

Virtual appliances can be easily deployed and undeployed using the controls that appear at the bottom of the screen when a virtual appliance is selected.
A table containing information related to the virtual appliance is also displayed.

4.2.2. Configure a Virtual Appliance

To configure a virtual appliance, open it from the Virtual Appliance list in the Virtual Appliances tab of the virtual datacenter. To add images to the virtual appliance, drag and drop them from the appliance library. Then save the virtual appliance by clicking the floppy disk icon and you can now configure the virtual machines before or after deploying the virtual appliance

Available images On the left side, the image list contains only the compatible images, according to the Hypervisor Compatibility table.

If the image added has instances, the following pop-up is shown so you can select an instance or the master image.

You can now Configure Virtual Machines before or after you deploy the virtual appliance.

Virtual Appliance Deployment

After you have saved the virtual appliance, you can deploy it by clicking the button. When the deploy process finishes, the virtual appliance will be powered on, and you will be able to power on and off all the virtual machines in the virtual appliance using the Power, Pause and Reset buttons at the bottom right of the screen:

For more detailed information about virtual appliances see Deploy a Virtual Appliance.

Create a Persistent Image

When the virtual appliance is not deployed, persistent images of the virtual machines can be made by clicking the button. For more detailed information about persistent virtual machines, see Create Persistent Virtual Machines.

Create an Instance

When you have deployed the virtual appliance, instances of the virtual machines can be made by clicking the button. For more detailed information about virtual machine instances, see Create Virtual Machine Instances.

4.2.3. Configure Virtual Machines

Prepare to Configure a Virtual Machine

After you configure your virtual appliance and add virtual machines, you can configure virtual machines before or after deployment. However, the network must always be configured with the virtual machine undeployed.

Imported Virtual Machines This section applies to virtual machines created in Abiquo, not imported virtual machines.

If the virtual appliance is not deployed:

• Click the floppy disk icon to save the virtual appliance.

If the virtual appliance is deployed:

• Power off the virtual machine by clicking the Power button on the right. The indicator on the left should turn red.

Virtual Machine Configuration Quick Reference

The following configurations are described in detail below:

• To rename a virtual machine, double-click the virtual machine image name within the virtual appliance.
• To configure the CPU, RAM and Description, click the pencil edit button.
• To configure the storage and remote access password, click the configuration button.
• To configure the network, (with the virtual appliance undeployed), click the configuration button.

After changing the configuration:

• Click the floppy disk icon to save the virtual appliance.
• If the virtual appliance is deployed, click "Update Running Appliance".

Rename a Virtual Machine

1. Double-click on the name underneath the icon within the virtual appliance to edit the VM name. Change the name and press Enter to save the new name.
2. Click the disk icon to save this change to the virtual machine and virtual appliance.

Power On Order

Virtual machines will be powered on in ascending alphanumerical order. Thus it may be helpful to number your virtual machines in front of the their names. As an example, 1_WebServer will power on before 2_Database. You should remember that although the virtual machines will be powered on in this order, there is no guarantee that the machines will finish powering on in the same order.

Configure Virtual Machine CPU, RAM and Description

If the virtual appliance is not deployed, save the virtual appliance.
If the virtual appliance is deployed, power off the virtual machine.

Click the pencil edit button.

Change the CPU and RAM, considering the virtual datacenter and enterprise limits.

Click the Description tab and change the description as required.

Click Accept, then click the disk icon to save the virtual appliance.
If the virtual appliance is deployed, click "Update Running Appliance".

Configure Network Resources

Abiquo offers three types of networks for virtual machines:

• public networks with Internet addressable public IP addresses.
• external networks that are assigned to an enterprise and can be accessed by more than one virtual datacenter.
• private networks with private IP addresses that are restricted to a single virtual datacenter.

You can add your virtual machines to the networks that have been configured for your datacenter and virtual datacenter.

If the virtual appliance is not deployed, save the virtual appliance.
If the virtual appliance is deployed, you must undeploy before editing the network.

Click the configuration button.

On the Virtual Machine Configuration screen, the Network tab lists all the network interfaces (NICs) that will be attached to the virtual machine:

To manage the network interfaces attached to a virtual machine, you can:

Button	Action
	Create a new NIC for the virtual machine
	Remove a NIC from the virtual machine

In the Default gateway box, select the default gateway address of the virtual machine. Or click the button to remove it.

Creating a New Network Interface

To add a NIC to the virtual machine, click the button. The following popup appears, showing all the available VLANs in the virtual datacenter.

Public IP tab The Public IP tab is only available in Enterprise Edition.

Assigning a Private or External IP Address

An IP address in a private network will only allow your virtual machine to communicate with others in the same virtual datacenter. An external network IP address can allow communication with other machines belonging to your enterprise.

To assign a private or external IP address, select the VLAN from the left panel of the Private/External tab, and then select the IP address.

Assigning a Public IP Address

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

To assign a public IP address, select the IP address from the IP address list of the Public tab.

When you add a public IP to the virtual machine, the gateway of the VLAN that the IP belongs to is automatically made the Default gateway of the virtual machine. You will see the following info message:

Public IP Addresses Purchased In the Public tab, you will only see the public IP addresses that have been configured in Infrastructure View as explained in Network Management.

Click the floppy disk icon to save the virtual appliance.

Configure External Storage Resources

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

New feature: Attach and detach volumes with power off Since version 1.8, you only need to power off the virtual machine to attach and detach volumes of virtual storage and it is no longer necessary to undeploy.

You can attach virtual volumes to a virtual machine to provide persistent storage in external storage devices. First volumes must be created in the virtual datacenter as explained in Manage Virtual Storage and Managing External Storage. Users must have the Assign volumes to virtual machines privilege in order to configure virtual storage.

If the virtual appliance is not deployed, save the virtual appliance.
If the virtual appliance is deployed, power off the virtual machine.

Click the configuration button.

Select the Storage tab from the virtual machine edition popup.

The left pane shows currently attached volumes and the right pane shows volumes that can be attached to the virtual machine. Use the and buttons of both panes to attach and detach volumes.

Click the floppy disk icon to save the virtual appliance.
If the virtual appliance is deployed, click "Update Running Appliance".

Configure a Remote Access Password

New Feature This feature has been available since version 1.8

If remote access to virtual machines is enabled for your datacenter (see Configuration View) and compatible with your hypervisor Compatibility Tables, you should set a remote access password for your virtual machine.

You can add a remote access password for the virtual machine for all hypervisors except Hyper-V. This password will be required to enter the shell window through the icon on the left-hand side of the virtual machine pane.

If the virtual appliance is deployed, power off the virtual machine.
If the virtual appliance is not deployed, save the virtual appliance.

Click the configuration button.

Click the Remote Access Password tab and enter the password. You can mark the Show password checkbox to display the password.

You can delete the password and the screen requesting the password will not appear.

Deleting the remote access password in ESX hypervisors In ESX hypervisors, if you set a password and later delete it, the password will be blank, not null. The screen requesting the password will always appear, even if the password is blank, and you should press <Enter> to continue.

4.2.4. Deploy a Virtual Appliance

Deploying and Undeploying Virtual Appliances

Virtual appliances can be deployed or undeployed from two different places:

• From the Virtual Datacenters View as explained in Basic Operations.
• From Virtual Appliance Configuration Screen using the button.

When the virtual appliance is deployed, the button changes to a green color.

Virtual Appliance Notifications

When an error occurs during virtual appliance deployment, the user and cloud administrator are notified and the error appears in the notification area:

Click on the notifications link to read all pending notifications.
Notifications can also be viewed in the virtual appliance details in the Virtual Appliances tab in the Virtual Datacenters View:

Modifying a Running Virtual Appliance

When a running virtual appliance is modified (by adding or removing virtual machines), the update machines button appears near the deployment button.

When you click the update machines button, the changes in the virtual appliance will be applied to the hypervisor; until this time the virtual appliance will not be synchronized with the target hypervisor.

Updating a Running Appliance We strongly recommend you keep all virtual appliances updated and synchronized with the Hypervisor to avoid errors.

Allocation Strategy

This section describes the internal logic of the Abiquo platform when a virtual appliance is being deployed.

Cloud logic Under most circumstances users should not need to know how the allocation system works, but this information may be of interest to advanced users or helpful when dealing with not enough resources and limit exceeded errors.

The allocation strategy manages how the physical infrastructure is used to create virtual resources.

Virtual Machine Allocation

When a virtual machine is started for the first time, Abiquo selects the most suitable physical machine to hold the new virtual image instance.

General Considerations

• The allocation operation takes virtual machines one by one.
  • When a virtual appliance is started, all its virtual machines are deployed in ascending alphanumerical order.
• If the virtual machine is in the power off state, the hypervisor is already assigned, so when you power on again, it will not be allocated again (the same machine is used).
• The allocation can fail after a 3 minute timeout if there are problems checking the target machine state (machine state check is only available in Enterprise Edition).

Candidate Machines

Candidate machines are all the available machines in the infrastructure that are capable of running a certain virtual image. The following rules discard some machines to define the candidate set. The machines considered are:

• machines located in the physical datacenter where the virtual datacenter contains the virtual appliance.
• machines with the same hypervisor technology as the virtual datacenter containing the virtual appliance.
• machines with a datastore enabled with enough free space to hold the virtual image disk file.

Rack Selection

Network isolation at rack level Virtual datacenters use a single rack, so all the virtual machines of all virtual appliances on the same rack are deployed on the same rack. Read more about Rack Isolation

If there aren't any virtual machines deployed for the current datacenter then the most suitable rack is used.

Machine Resource Limitations.

Only machines with enough free resources can be used:

• enough free CPU resources.
• enough free RAM resources.
• enabled datastore with enough free space to hold the virtual image.

CPU ratio

The cpuRatio allows CPU oversubscription of a machine. It affects the real CPU usage.

The cpuRatio is set to 1 by default and we recommend that you use the Workload Level Rule to specify the oversubscription.

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

• When editing a machine you can oversubscribe the resources (discovery manager sets CPU to 1 but you can change it to 2).
• See Workload Level Rule for information on how to modify the oversubscription parameters.

Additional Enterprise Edition Functionality

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

• Machines in State MANAGED
  Disabled Machines are not used and the health of a machine is checked before selecting it, only MANAGED machines are considered. The physical machine and Hypervisor are ready to deploy virtual machines.

• Enterprise Reservation

  Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

The cloud administrator can reserve machines for use by a single enterprise. If a machine is reserved it will only be a candidate if the current virtual datacenter belongs to the same enterprise.

See the Reservations section for more information about configuring reservations.

• Enterprise Exclusion Rule (Affinity)

  Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Enterprises can be explicitly prevented from using physical infrastructure of other enterprises. Defining an enterprise exclusion rule will cause an enterprise to use the same machine for all its virtual machines.

• exclusion rule is associative (if enterprise 'a' excludes 'b', 'b' also excludes 'a').

If the current enterprise is covered by an exclusion rule, all the machines with virtual machines owned by the excluded enterprise will not be candidates.

• See Restrict shared server rules for more information about configuring these rules.

Workload Level Rule

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

See Workload Level Rule for more information about configuring these rules.

Resource Allocation Limits

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Target Machine Selection

Fit Policy Rule

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Community Fit rule Using the Community edition forces the use of Progressive fit rule.

See Load balance for more information about configuring these rules.

Progressive

Performance

• Check total allocated resources on infrastructure for the Resource Allocation Limits.
•  Only select physical machines in the datacenter associated with the virtual datacenter of the virtual appliance.
  • These only include physical machines with the appropriate virtualization technology for the given virtual image.
• Filter the physical machines with enough free resources to fit the virtual machine requirements.
• If more than one physical machine can be selected the one with less capacity is used, so as to fully utilize each physical machine.
• Finally there is a check process to ensure that the selected physical machine is running, if not, the machine's state is changed and the allocation process starts again.

Common Deployment Errors

When deploying a virtual appliance or a single virtual machine the user may see the following errors related to the scheduler logic.

Virtual Machine Allocation Errors

New Error Messages These error messages were introduced in version 1.75.

Error in Rack Selection

The first virtual machine in a virtual appliance selects the rack to be used for all the virtual images in this appliance.

• No rack can be selected: all exceed the max VLAN allowed. All racks are full of VLANs.

• No rack can be selected: Not enough physical machine capacity to instantiate the required virtual appliance. The system tried to select machines on all the racks based on network utilization and none fulfilled the requirements. Also logs "The rack is already selected" error message for each candidate rack.

The Rack is Already Selected

After the first virtual machine is allocated the rack is determined for all the other virtual machines in the appliance.

Ordering Constraints These errors are ordered: that is, if the last one is reached this means none of the previous conditions is violated.

• Not enough VLAN resources on rack rackname to instantiate the required virtual appliance. VLAN per switch is exceeded on the current rack.

• There are no machines on the required rack idrack and in virtual datacenter idVirtualDatacenter. Please check the racks and hypervisor technology in the infrastructure. The current rack does not have any machines with the target hypervisor technology required by the current virtual datacenter.

• There are no MANAGED machines on the required rack idrack and in virtual datacenter idrack. Please check the machine health status in the infrastructure. There are machines on the rack with the required hypervisor technology but none of them are managed by Abiquo.

• There are no MANAGED machines on the required rack idrack and in virtual datacenter idVirtualDatacenter available for the current enterprise enterpriseName. Please check the machine reservation policies. The managed machines on the rack are reserved for another enterprise.

• There are no machines with the required datastore capacity hardDriveRequirementsOnBytes. No machine has an enabled datastore with the required free capacity.

• All the candidate machines are excluded by virtual machines deployed on them by other enterprises. Please check the enterprise affinity rules. The enterprise affinity rules (an enterprise cannot deploy on the same machine that another enterprise has deployed on) discard all the machines.

• There are numCandidates candidate machines but all are discarded by the current workload rules (RAM and CPU over-subscription) and name - ip of all the candidate machines). There are candidate machines but they cannot be used because of RAM and CPU utilization/over-subscription. If no rules are defined the default rule specifies 100% utilization for both CPU and RAM.

• The target physical machine has no datastores enabled with the required free size. The datastore cannot hold the virtual image disk files.

VirtualMachine All the errors include the name, UUID and id of the current virtual machine.

VLAN Scheduler Algorithm

When a user deploys a virtual appliance with Abiquo, the scheduler module will decide which is the most suitable physical machine in the physical infrastructure according to the User's enterprise limits and the availability of the candidate machine in terms of computing, network and storage resources.

Only for private networks The VLAN Scheduler algorithm only works for private networks. Public networks and their tags and IPs are managed manually by cloud administrators.

Brief Introduction

Network Resources
As an Abiquo user, you can define your own private network configuration in your virtual datacenters. You can configure your virtual machines' networks in the Virtual Machine Configuration. All of these networks will coexist with other users' networks in the physical infrastructure. In order to provide this network management without security issues and packet collisions, Abiquo uses VLANs. The number of VLANs an enterprise can use are defined in the Enterprise Limits.

Rack Isolation Restriction
Abiquo infrastructure requirements specify that each rack must be connected to a switch to manage the internal VLANs. The switch attached to this rack will not allow the user-created networks to go outside the switch. (If you require Internet access for all your machines, create a VM gateway). In short, in order for all the user's virtual machines to see each other, all the virtual machines in a virtual datacenter must be deployed in the same rack.

How the VLAN Scheduler Algorithm Works

The VLAN Scheduler Algorithm is used to decide which rack is the most suitable from all the racks defined in the enterprise allowed datacenters, and to decide which VLAN tag will be assigned to a network. This is where the Rack Network Parameters are very important.

The VLAN Scheduler Algorithm is always executed when a virtual appliance is deployed. However, it only makes decisions when the first virtual machine of a virtual datacenter is deployed to determine which rack is the most suitable (then the rest of the virtual machines will be deployed in the same rack) and when the first IP from a VLAN will be used by a virtual machine to determine which VLAN tag the VLAN will use (then the rest of IPs in the same network will use the same tag, also allocated by the scheduler).

Now we introduce a basic scenario with some improvements in order to explain the VLAN Scheduler Algorithm:

Which Rack Is the Most Suitable

To decide which rack is the most suitable, the scheduler filters racks to obtain those that can manage all the VLANs of the virtual datacenter and chooses the one with the most available resources for the VDC.

Basic equation

The number of VLANs per virtual datacenter is a system property used for the whole platform (8 by default), and you can set it in the Abiquo Properties file. In order to calculate how many virtual datacenters could be initially hosted by the rack, the algorithm could use the following function:

This could result in resource squandering because there will be a minimum number of virtual datacenters deployed per rack. However, it will guarantee that the maximum number of VLANs is available for each virtual datacenter.

Example scenario:

1. We create a rack with 32 tags in its switch and there are 4 virtual datacenters deployed using 50% of the physical machine's computing resources.

2. Another virtual datacenter wishes to deploy and the VLAN Scheduler algorithm calculates how many virtual datacenters would be able to deploy in the rack.

According to this calculation NO VIRTUAL DATACENTERS ARE ABLE TO DEPLOY but only 50% of computing resources are used and 16 VLAN tags are available in the switch! This is not an efficient use of resources and so the scenario is refined below.

Use the 'Estimated VLANs per VDC' Parameter

The Estimated VLANs per VDC provides a more flexible way to manage the VLAN tags in a rack. This parameter allows the cloud administrator to estimate the average number of VLANs per VDC, which should be a lower number than the maximum or limit values. Now we can consider what happens if the VLAN Scheduler Algorithm uses this field instead of the Number of VLANs per Virtual Datacenter system property in its algorithm.

Using the Estimated VLANs per VDC, the equation can be improved as follows.

1. Consider the above scenario and setting the Estimated VLANs per VDC to 5 in rack creation/edition.

2. As you can see here, another virtual datacenter can deploy in the rack now.

And a further virtual datacenter can deploy in the rack.

The current situation is as follows.

We now have 75% of the computer resources allocated with 24 of 32 VLAN tags used. As you can see below, we could deploy another virtual datacenter now.

However, this is not a good idea. There are 7 virtual datacenters using 87.5% of the computing resources and 28 of 32 VLAN tags. Consider what may happen if a user reserves 2 more VLANs or another user deploys 2 more virtual appliances. Can we guarantee the quality of service and the resource allocation without adding more hardware? The answer to this question is no, we cannot. For this reason, the cloud administrator should reserve a percentage of VLAN tags and computer resources for future expansion of datacenters that have already deployed in the rack. This is where we use the 'VLAN pool size for VDCs that exceed estimation'.

Use the 'VLAN pool size for VDCs that exceed estimation' Parameter

The 'VLAN pool size for VDCs that exceed estimation' (VLANPS) is the percentage of VLANs you want to reserve for the future expansion of virtual datacenters that have already been deployed but have not yet used all of their VLANs. These VLANs will not be considered when deciding if a new virtual datacenter can deploy. The VLAN Scheduler will only allocate these tags to existing datacenters. However, they are not reserved for any specific virtual datacenter or group of datacenters. Thus the cloud administrator should control how many VLANs a VDC can use by setting appropriate allocation limits and system properties.

The VLAN Scheduler algorithm uses the following formula:

1. Considering the previous situation with a reasonable VLANPS percentage: 15%

Now you will not be able to deploy another virtual datacenter in the rack.

The remainder of the resources (25% of the computer resources and 25% of the VLAN tags) of this rack have been kept for future needs of the virtual datacenters that have already been deployed.

Conclusion

The VLAN scheduler algorithm is designed to balance quality of service and the advantages and flexibility of the cloud philosophy. Any user with the Manage infrastructure elements privilege can use the Estimated VLANs per VDC and the VLAN pool size for VDCs that exceed estimation fields to implement an appropriate service policy.

Which VLAN Tag Will the VLAN Use

To decide which VLAN Tag will be assigned to the VLAN, the scheduler returns the next free available tag in the switch range tags defined by the fields VLAN ID min, VLAN ID max and Excluded VLANs ID in the Network Parameters form for the rack.

VLAN Allocation Scenarios

The following scenarios are examples of the configuration of VLAN parameters. The default balanced scenario is recommended.

Default Balanced Scenario

• Estimated VLANs per VDC = low number (default = 1)
• VLAN pool size for VDCs that exceed estimation = 10%
  • balances VLAN allowance with number of VDCs per rack
  • allows low average number of VLANS for each VDC
  • small pool of VLANs for VDCs that require more than estimated VLANs
  • if you wish to control the maximum number of VLANs per VDC, set appropriate allocation limits

Guaranteed Maximum Number of VLANs for Each Virtual Datacenter

• Estimated VLANs per VDC = Highest maximum VLANs per VDC (maximum allocation limits)
• VLAN pool size for VDCs that exceed estimation = 0
  • using the highest maximum value of the allocation units
  • guarantees all VDCs can use the maximum number of VLANs
  • low number of VDCs deployed per rack
  • can result in a large number of unused VLANs
  • will result in very inefficient use of physical machine resources unless the switch has a relatively high number of VLAN tags

Minimum Number of VLANs for Each Virtual Datacenter

• Estimated VLANs per VDC = 1
• VLAN pool size for VDCs that exceed estimation = 0
  • large number of VDC deployments per rack
  • no pool for VDCs that require more than estimated VLANs
  • no guarantee of VLANs if maximum VLANs per VDC > 1
  • if you wish to control the maximum VLANs per VDC, set appropriate allocation limits

4.2.5. States in Virtual Appliances and Virtual Machines

It is important that users clearly understand the different states that virtual appliances and virtual machines can have in the Abiquo platform and the differences between them. In order to change the state of virtual machines, users will require the Perform virtual machine actions privilege.

Virtual Machine States

• Undeployed: The virtual machine does not exist in the cloud node; it is just a template of the virtual machine to be deployed. Resources are not allocated in the cloud node and it is not consuming resources.

• Power On: The virtual machine exists in the cloud node and is running. Resources are allocated in the cloud node.

• Power Off: The virtual machine exists in the cloud node but it is not running. Resources are allocated in the cloud node.

• Paused: The virtual machine exists in the cloud node and it is in paused state. Resources are allocated in the cloud node.

• In Progress: The virtual machine is changing state.

• Crashed: The virtual machine is crashed. It no longer exists in the hypervisor.

• Unknown: The virtual machine state is unknown.

Virtual Appliance States

• Undeployed: All the virtual machines are in the Undeployed state. The virtual appliance can be understood as a template. Resources are not allocated in the cloud node.

• Deployed: Some or all of the virtual machines are not in the Undeployed state. Resources are allocated in the cloud node.

• Update Running Appliance: This state occurs when a virtual appliance which is in Deployed state is modified. This state indicates that the configuration of the virtual appliance in the cloud node is different than the configuration of the virtual appliance in Abiquo Server. To update the cloud node with the changes, click the button.

• Crashed: Some or all of the virtual machines are in a crashed state. The crashed virtual machines can be erased in the virtual appliance editor, and the user can continue working with the virtual appliance. A virtual machine marked as crashed cannot be recovered.

• Unknown: Some or all of the virtual machines are in an unknown state. The virtual appliance state is unknown when the virtual machine states cannot be recovered from the hypervisor. To continue working with this virtual appliance, the system administrator must take action.

Deployed State and Powered Off Virtual Machines The fact that all the virtual machines in a virtual appliance are powered off does not imply that the virtual appliance is undeployed. In the first case, the virtual appliance is consuming resources because the virtual machines exist in the cloud nodes. In the second case, the virtual appliance is not consuming resources.

4.2.6. Create Virtual Machine Instances

What are Instances

By default, the Abiquo platform deploys the images from the Appliance Library that are available to the datacenter on the target physical infrastructure. This deploy process involves copying the image from the Appliance Library to the target hypervisor with the specific virtual appliance configuration.

This means that when a virtual appliance is undeployed, all changes made to the virtual machines are lost, because the next time they are deployed, the image files will be copied again from the Appliance Library to the target hypervisor.

To avoid this problem, Abiquo uses an Instance of a Virtual Image. An instance is a snapshot of a virtual machine at a given time, which is stored in the Appliance Library so the modified virtual machine is ready to be deployed.

This is not a solution that saves the state of a virtual machine. This is only a way of creating more complex virtual machine configurations and preparing a set of virtual machines to meet user needs. Saving the state of virtual machines is covered in the Create Persistent Virtual Machines section.

Creating Virtual Machine Instances

Prerequisites You must deploy virtual machines before you can create an instance. The machines may be running or stopped, but they must be deployed.

No Instances of Imported VMs on KVM or Xen It is not possible to create an instance of an imported machine running on KVM or Xen hypervisors.

To create an instance of a virtual machine, open the virtual appliance where the virtual machine is located, and click the button. A popup will appear with a list of all the virtual machines that can be selected to create an instance.

The options are:

1. Select all virtual images of the current virtual appliance.
2. Select specific virtual images to bundle.

Select the desired images and start the create instance process:

1. The virtual appliance is blocked.
2. The selected virtual machines are powered off (not the virtual appliance).
3. The disk files are copied from the hypervisor to the repository.
4. The selected virtual machines are powered on
5. The virtual appliance is unblocked.

The new instance images will appear in the Appliance Library

Deploy Virtual Machine Instances

When you add images to the virtual appliance (just drag & drop them), if the image to add has instances the following pop-up is shown so you can select an instance or the master image.

Instances of Shared Virtual Machine Images

Improvement in version 1.8.5-HF2

In versions 1.8.5-HF2 and above, instances created from shared virtual images can be deleted.

4.2.7. Create Persistent Virtual Machines

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

New terminology: Persistent Virtual Machines Since version 1.8, the term persistent has replaced stateful.

Introduction to Persistent Machines

By default, the Abiquo platform deploys the images from the Appliance Library that are available to the datacenter to the target physical infrastructure. This deploy process involves copying the image from the Appliance Library to the target hypervisor with the specific virtual appliance configuration.

This means that, by default, when a virtual appliance is undeployed, all changes made to the system volumes of the virtual machines are lost, because the next time a virtual machine is deployed, the image files will be copied again from the Appliance Library to the target hypervisor.

The Persistent approach solves this problem by storing the virtual machine on an external volume, so all information will be persistent in the target storage device. Persistent virtual machines will boot directly from the external volume.

Prerequisites Before you can create persistent virtual machines, you must configure a storage pool as explained in the Managing External Storage section of Infrastructure View.

The Persistent and the Non-Persistent Approach

There are two provisioning approaches supported in the Abiquo platform:

• Non-persistent approach. This is the default process in the Abiquo platform. Abiquo provisions the virtual machine and copies the disk in the cloud node. The main characteristic is that when the user undeploys the virtual appliance, the data on the system disk will be overwritten.
• Persistent approach. Persistence is the typical approach in a virtualization environment in a datacenter. Abiquo provisions the virtual machine and stores the disk in an external storage system. The main characteristic is that when the user undeploys the virtual appliance, the virtual machine data stored on the system disk is kept.

Managing Persistent Virtual Machines

Creating Persistent Virtual Machines

ESX/ESXi Datastore Must Be VMFS Persistent virtual machines must be created on hypervisors using VMFS datastores. For example, if you are using an ESX datastore mounted using NFS, you will not be able to create persistent virtual machines from your virtual machines.

Persistent Machines Use iSCSI Persistent virtual machine disks are accessed using direct iSCSI. Other configurations, such as iSCSI over fibre channel are not tested or supported.

To create a persistent virtual machine, first undeploy the virtual appliance where the virtual machine is located.
Then open the virtual appliance and click the button.
A pop-up will appear with a list of all virtual machines that can be selected to create a persistent virtual machine.
To change the name of the persistent image, click the pencil edit button.

Choose the storage type:

• For managed storage, mark the tier radio box and choose the Tier (storage service level) for the persistent volume that will be created.
• If there is generic iSCSI storage available, the volume radio button will also appear, so you can mark it to choose a Volume. You will see generic iSCSI volumes in the volume combo box, but not managed storage volumes. The size of your virtual machine when converted to raw format must be smaller than the size of the generic iSCSI volume entered by the cloud administrator.

Mark the checkbox for you virtual machine, or the convert all checkbox, and click Start Conversion.

When the persistent image process finishes, the virtual machine will be marked with the persistent icon:

No Persistent Virtual Machine Sharing

Persistent virtual machines can only be used in ONE virtual appliance to avoid concurrent modifications to the virtual machine.

Deleting and Reusing Persistent Virtual Machines

When a persistent virtual machine is deleted from the virtual appliance, it is not deleted from the target storage technology. Persistent virtual images must be deleted from the Virtual Datacenters View as explained in the Manage Virtual Storage page.

When a persistent virtual machine is removed from the virtual appliance it will appear in the left panel in the Saved Persistent Images tab and it may be re-used in other virtual appliances:

Persistent Images and Appliance Library Persistent virtual machines cannot be used in more than one virtual appliance at the same time, so they do not appear in the Appliance Library View. To make a persistent virtual machine available from the Appliance Library View, an instance of the Virtual Machine must be created.

4.2.8. Copy or Move a Virtual Appliance

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Abiquo is a hypervisor-independent cloud platform because its V2V conversion process allows users to move or copy any virtual appliance between virtual datacenters in the same physical datacenter, regardless of whether they use the same or different hypervisors.

Move or copy operations can be executed with a simple drag and drop as explained below:

• To Move, simply drag and drop the virtual appliance from one virtual datacenter to another.
• To Copy, click the SHIFT button on the keyboard and drag and drop from one virtual datacenter to another.

Attention: Undeploy Before You Copy or Move You must undeploy a virtual appliance before you copy or move it.

The configuration of the virtual appliance (network, etc.) is not moved or copied.

Before the process begins, the following confirmation pop-up displays the process information:

Prerequisites for Move and Copy Operations

Before the copy or move process can be started, there are a set of prerequisites that must be met:

• The virtual appliance and its virtual machines must be in state and substate NOT_DEPLOYED.
• These actions can only be performed between virtual datacenters within the same physical datacenter.
• Each virtual machine in the virtual appliance is evaluated as described in the following diagram:

4.3. Manage Networks

Abiquo uses VLANs to isolate different networks. Addresses on the same IP network but on different VLANs do not see each other, which guarantees a significant level of network isolation and security. In Abiquo, by default you can define 8 VLANs for each virtual datacenter, but the cloud administrator may change this number.

Abiquo offers three types of virtual datacenter VLAN networks:

• public networks with Internet addressable public IP addresses.
• external networks that are assigned to an enterprise and can be accessed by more than one virtual datacenter.
• private networks with private IP addresses that are restricted to a single virtual datacenter.

See the Virtual Datacenter Networks section of Networking in the Introduction to the Abiquo Platform.

New feature External networks were introduced in version 1.8.5.

When you create a virtual datacenter, the default VLAN can be either the auto-created private VLAN, named default_network, or another private VLAN or an external VLAN set as the default. An external VLAN is created in Infrastructure view. It can be set as the default for an enterprise's datacenters (in Users view) or for a specific virtual datacenter.

When you create virtual machines in your virtual appliances, they will be automatically assigned the next available IP address from the default VLAN. This is helpful if you do not want to define complex network dependencies or if the network configuration is not important to you. You can change the default network or assign IP addresses from other available networks.

4.3.1. Private and External Networks

API feature This feature is available in the API. See Private Network Resource.

API feature This feature is available in the API. See Virtual Datacenter Resource.

The network administrator of an enterprise is usually responsible for the private network configuration. You can create, edit and delete private VLANs for your virtual datacenters. You can also override the enterprise-datacenter default network for your virtual datacenter.

Private/External Network Screen for Managing Private and External Networks

To manage the IPs of the private and external VLANs, select your Virtual Datacenter and click the Networking tab, then click the Private/External tab. The default VLAN for a virtual datacenter can be either the auto-created private VLAN, named default_network, or another private VLAN or an external VLAN set as the default, and highlighted in bold and italic.

To view the pool and allocation of IPs, click the All button on the top of the VLANs screen to see all the IPs of the virtual datacenter or select a VLAN. You can move through the pages or filter the list by entering text in the box beside the search button  . The filter works with all the columns of the grid:

• IP Address
• MAC address
• VLAN name
• Virtual appliance using the IP
• Virtual machine using the IP

Create a Private VLAN

There will always be at least one VLAN, which is either the default external VLAN or an auto-created private VLAN. Click the button to add more private VLANs to your virtual datacenter. Complete the form below.

You may repeat the same IP addresses and other values in all your VLANs because each VLAN tag will be different at deploy time, so there will be no collisions between the networks; however, Abiquo does not recommend this configuration.

External VLANs are created and managed in Infrastructure view on the datacenter's network screen.

Edit a Private VLAN or Make an External VLAN the Default

In the list of VLANs, when you select a VLAN, you will see the configuration button. Click to change the configuration:

Private networks: you may change the name of the network and its gateway, and you may select the Default checkbox to make the network the new default network for this virtual datacenter.
External VLANs: you may only select the Default checkbox.

After making changes, click Accept.

Delete a Private VLAN

Click the remove button to delete a private VLAN. However, you may not delete a private VLAN if:

• A virtual machine is using an IP from the VLAN pool.
• The VLAN is marked as the default.

External VLANs cannot be deleted from this screen; they must be deleted in the network screen of Infrastructure view.

4.3.2. Public IP Reservation

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

The network administrator of an enterprise usually creates VLANs with private IP addresses and the cloud administrator will usually create public and external networks, which are managed in the datacenter infrastructure. The enterprise network administrator can reserve public IP addresses for the enterprise's virtual machines. External networks are already assigned to an enterprise and you cannot reserve IP addresses of these networks.

Public Network Screen

To manage access to public IPs, select your virtual datacenter and click the Networking tab. Then click the Public tab to display the list of public IPs reserved for your virtual datacenter.

Public IP addresses Available in a Datacenter The Public IP list contains the IP addresses configured in Infrastructure view as explained in the Manage network configuration page.

To view the pool of IPs and its assignments, you can filter the search by entering text in the box beside the search button. The filter works with all the columns:

• The IP Address.
• The MAC Address.
• The VLAN name.
• The Virtual Appliance that uses the IP.
• The Virtual Machine that uses the IP.

Purchase a New Public IP

To purchase a new public IP, click the button in the bottom left corner of the List pane. You will see a list of all the Public IPs available in the datacenter that houses your virtual datacenter:

Move up or down pages, and filter your search by IP Address and VLAN name. To purchase a new IP, click it and click Accept.

Release a Reserved Public IP

To release a public IP that you do not need any more, select the IP in the list and click the remove button.

Restrictions You cannot release a Public IP that is assigned to a virtual machine.

4.4. Manage Virtual Storage

4.4.1. The Virtual Storage Concept

Storage virtualization refers to the process of abstracting local storage from physical storage. In the Abiquo platform this means that virtual machine users can use a storage volume that is physically located on a remote storage array as if it were a local disk. Virtual storage offers a persistence layer for user data. For further information, please see Virtual Storage.

Abiquo offers two types of external storage: managed storage and generic iSCSI storage.

Managed Storage enables Storage as a Service, where users can create volumes in external storage Pools and with different service levels (Tiers).
Generic iSCSI Storage enables pre-existing volumes to be added to Abiquo in the Volume list in the Infrastructure View

Prerequisites Before using external managed storage features in a virtual datacenter, a Storage Device and a Storage Pool must be configured as explained in the Managing External Storage page under Infrastructure view.

4.4.2. Managing Volumes

Volumes of managed storage are managed in the Storage tab of a virtual datacenter.

The operations for managed storage volume management are:

Button	Action
	Create a new External Volume
	Remove an existing External Volume
	Edit the selected External Volume

Creating a Volume of Managed Storage

API feature This feature is available in the API. See Volume Resource.

To create a new volume of managed storage, select the virtual datacenter, click the button and complete the form:

For information about creating generic iSCSI volumes, see Creating a Generic iSCSI Volume

Modifying an Existing Volume

In managed storage all volume fields (name, description and size) can be modified by clicking the button.

In generic iSCSI storage all fields can be modified except the size, because these volumes cannot be resized.

Resizing Managed Storage Volumes

Managed storage volumes can be resized. Volumes can only be resized to increase their size. Abiquo does not allow you to make a volume smaller, so as to prevent data loss.

New feature: Resize virtual storage volumes without VM undeploy Since version 1.8, you only need to power off the virtual machine to resize volumes of virtual storage and it is no longer necessary to undeploy. With this feature you will be able to apply changes to the configuration without losing the VM data.

To resize a volume, first power off the virtual machine the volume is attached to, then change the size.

Filesystem resize After resizing a volume, you need to resize the partitions and filesystems. For example, with the Linux ext3 filesystem, you can execute the following commands when logged into a shell on the virtual machine: $ umount /dev/xxx (/dev/xxx is the partition of the resized volume, inside the VM) $ parted /dev/xxx # resize Y start end (Y is the partition number, and start/end of the partition varies in each case) $ resize2fs /dev/sdx

Moving Volumes Between Virtual Datacenters

Both managed storage and generic iSCSI volumes can be moved between virtual datacenters. To move a volume, edit it and change the virtual datacenter.

Target virtual datacenters Volumes can only be moved between virtual datacenters that belong to the same physical datacenter.

Deleting a Volume

To delete a managed storage volume or remove a generic iSCSI volume from Abiquo (without deleting it in the disk cabinet), select the volume and click the button.

Volume deletion Only volumes that are not attached to a virtual machine can be deleted or removed. Persistent volumes cannot be deleted if they are used in a virtual appliance.

4.4.3. Persistent Volumes

Persistent volumes are a special kind of external volume. They cannot be created or edited from the Storage tab. They are created from a virtual appliance as explained in the Create Persistent Virtual Machines page.

5. Appliance Library View

API feature This feature is available in the API. See Appliance Library (NFS repository).

The Appliance Library view contains all the functionality required to manage virtual appliances templates sources, download, install or make available virtual images to be used on the cloud infrastructure. This view is contextualized by the selected datacenter, which means that you will see the virtual appliances available in your datacenter.

The appliance library is stored in the datacenter's NFS repository.

Datacenter ready To use this feature you need the Appliance Manager remote service properly configured for your datacenter. For more information see Creating a Datacenter. You must also have the NFS repository correctly mounted on your remote services server and hypervisor host and configured in the Abiquo properties.

5.1. Appliance Library Concepts

The Appliance Library view represents the virtual appliance templates available for the selected datacenter.

The Appliance Library is stored in the NFS/CIFS repository referred to here as the NFS repository.

Each datacenter works with the NFS repository configured for its Appliance Manager remote service.

Datacenters Cannot Share an Appliance Library or NFS Repository Multiple Datacenters cannot work with the same repository export location (NFS address), so you cannot create a datacenter using the same Appliance Manager or a different Appliance Manager configured with the same abiquo.appliancemanager.repositoryLocation

Users can see the appliance library for their enterprise, which is the Enterprise Appliance Library.

Appliance Library An enterprise repository contains all OVF Packages available for the selected datacenter, organized by categories and defined for public or private access.

5.1.1. Remote Repository

Organize lists of virtual appliance template sources.

A remote repository is an external virtual image provider holding public virtual images definitions and disk files according to the OVF standard and available from another physical location. The idea is that ISV and appliance providers can offer their own remote repositories so users can download their virtual appliances. These will be stored and configured to be used directly in the Abiquo infrastructure.

Create your own sources How to create a Remote Repository

Sources available to all datacenter users Remote repository spaces are managed by each enterprise, and anyone using the datacenter can use any of them.

5.1.2. OVF Package

Virtual appliance templates is a summary of each template's OVF descriptor file.

An OVF Package is a virtual image description including:

• product: description of the software installed.
• format: see Image Compatibility Table.
• diskSize: size of the attached virtual disk file.
• category: can be created and used to organize packages.
• icon: the image to be displayed.

API feature This feature is available in the API. See OVF Package Resource.

5.1.3. Virtual Image

When an OVF package is available in a datacenter's repository it is logically represented as a single Virtual Image or Virtual Machine Template.

In the API it is denoted by OVF Package Instance.

Virtual images also include:

• Instances of running virtual machines
• Captured virtual images from an imported machine

5.2. Managing the Appliance Library

5.2.1. Showing Capacity and Remaining Capacity

When you click on a datacenter in the Appliance Library view, you will see the total space and the remaining space.

5.2.2. Refresh the Repository Content

Every time a user opens the datacenter's Appliance Library after (repository usage refresh) the Appliance Library view is synchronized with the virtual images present in the file system but not yet logically added. This functionality allows you to add exported OVF packages to the repository.

• If a virtual image is externally deleted from the repository file system it will cause an error (virtual image not present in the repository) during the deploy of a virtual machine. But the virtual image is not logically deleted from this view because this should be done manually.

Repository is not responding As the repository is usually an NFS/CIFS shared folder, network problems can cause repository problems, so there is a timeout of 15 seconds for access to the repository file system.

• The repository file system must have the .abiquo_repository file in its root folder.

5.2.3. Managing Virtual Images

This section describes how to manage the virtual images available through the Appliance Library screens.

As mentioned above, an enterprise repository is defined for each datacenter, so the first step is to select which Datacenter you want to manage. On the right side of the screen you can see all the packages available to build virtual images for the selected datacenters, classified by their type:

From here you can use the following buttons to perform operations on the virtual images: download if you have the download virtual machine privilege, modification and delete buttons:

5.2.4. Modifying an Existing Virtual Image

* Hard Disk size The hard disk size is determined by the physical size of the virtual image. However, it is also recorded in the OVF description of the image. If these two sizes are not the same, deployment may fail with a message such as "is not a virtual disk". Abiquo allows you to edit the hard disk size of the virtual image in the OVF description to avoid this deployment error, but you cannot change the physical size of the disk.

5.2.5. Adding and Viewing a Cost Code for a Virtual Image

If you have the Add a cost code in Virtual Image edition privilege, then you will be able to add a cost code (a combination of numbers and letters) to a virtual image when editing the image. The cost code field only appears when editing, not when creating, the virtual image. Users without the privilege will not see the cost code field.

5.2.6. Generate Missing Conversions

Click this button to relaunch the FAILED virtual image conversions or create new virtual image formats (if you add new hypervisor types after the initial conversion process ends).
For further information, see best practices.

5.2.7. Downloading a Virtual Image

The download button opens a browser dialog to confirm the download of the virtual image disk file (e.g .vmdk , .vhd the image content not its metadata) to the local file system of the client machine.

5.2.8. Managing Categories

If you have the Manage virtual image categories privilege, use the basic category management buttons to create or delete a category

In this popup:

• Specify the category name
• Click OK/cancel to confirm the information entered or return to the previous page.

Others is the default category and it cannot be deleted.

• Deleting a category will set all its images to category ''Others''.

5.2.9. Managing Icons

Go to the virtual image edit pop-up and use the button to enter the details of new icons:

• The name of the icon
• URL where the icon is stored. You can add icons in a folder called "icons" on the web server or any image stored on the Internet. We recommend icons of 96x96 pixels. The validate button assures that the icon to be updated is okay.

Click OK/cancel to confirm the information entered or return to the previous page.

5.3. Adding Virtual Images to the Appliance Library

Changes to Privileges in version 1.8.5-HF2 Downloading images to the local hard drive is now governed by the Download virtual machine privilege. Downloading images from a remote repository is now governed by the Manage repository privilege.

To make new images available in Abiquo, you must load them onto your system. You can download from a remote repository or upload from a local filesystem.

These options are available by clicking the button in the Appliance Library view.

5.3.1. Downloading from a Remote Repository

If you have the Manage repository privilege then you can download virtual images from the remote repository to the Appliance Library.

Select the download from remote repository option to open the following screen.

If you select the datacenter in the first column on the left, categories and packages available will be updated. After that, you can select a category or all available categories in the second row. The third row will show the packages available to be downloaded to our Datacenter for deployment. An icon, title and brief description is provided for each.

• Download: you can start downloading images by marking the check box next to the desired image and clicking the button at the bottom of the screen. A status bar will appear next to the selected packages showing the download state.

Manage Remote Repositories

The user interface provides some other operations on this screen.

• Add/Remove Remote Repositories: at the bottom of the first column there are two buttons and for managing the remote repositories available. Click on the and enter a URL for a remote repository to download OVF images from.

Default repository space When an enterprise repository is created, a default remote repository is provided with this URL http://abiquo-repository.abiquo.com/ovfindex.xml

• Refresh: click this button at the bottom of the screen to refresh the screen with current packages available, downloaded, etc.
• Order: use the combo box in the upper left part of the screen to sort the packages shown by download status, type, etc.

5.3.2. Uploading and Downloading from the Local Filesystem

You can upload a custom virtual image with your own configuration of resources, disk file, etc. Complete this form to create a new virtual image.

Click 'Next' to upload the image file:

Downloading virtual images Downloading to client requires access to the Appliance Manager IP address configured for the current datacenter.

2 GB limitation The upload process is handled by the browser and there are some limitations because browsers fetch the whole file into memory before posting to the server. Files for uploading must be smaller than 2 GB.

No spaces in virtual image name In versions up to and including 1.8.5, Abiquo cannot load a virtual image with a name containing spaces.

5.3.3. Adding OVF Packages to the Repository Filesystem

Adding OVF packages requires access to the NFS repository file system, so a system administrator should be responsible for adding these packages.

This feature allows you to generate an OVF Package to import into Abiquo with external tools including VirtualBox 4.0 (OVF 1.0) and VMware vShpere 4.1 (OVF 1.1).

Current restrictions are:

• Only supports single disk based OVF descriptions.
• Only supports single system based OVF descriptions.
• In versions up to and including 1.8.5, the virtual image name may not contain spaces.

To import OVF packages:

• add the disk file (e.g. .vmdk, .vdi ...) and the OVF descriptor document (.ovf) on the repository file system.
  • the first level of directories on the repository match the Enterprise id, so look for your current enterprise id to add the new OVF package correctly.
  • all OVF packages should be in separate folders.

    /opt/vm_repository/{idEnterprise}/{myFolder}/myVirtualImage.ovf  and  myVirtualImage.vmdk
    

• Open the appliance library view to perform a repository refresh .

Images exported from VirtualBox using command line export VirtualBox export from the command line does not generate an OVF document compliant to the OVF xsd. The ''size'' attribute of all the File elements in the References section is missing, so you should add it to virtual images exported with VBoxManage command line utility. (Virtual box GUI does generate the ''size'' attribute).

5.4. Image Compatibility Table

Abiquo is a hypervisor-independent cloud solution that can manage multiple virtualization technologies. It is able to deploy virtual appliances to any hypervisor, and manage them from a rich web interface. The following sections describe the supported disk image formats by the Abiquo platform, and the formats supported by the hypervisors Abiquo manages.

5.4.1. Supported Disk Format Types

5.4.2. Hypervisor Compatibility Table

The following table shows the different formats supported by the hypervisors. In Community Edition the images downloaded from the Appliance Library view must be in a format compatible with the target hypervisor in order to be able to deploy it.

Format___________	VirtualBox	KVM__	Xen__	ESX/ESXi_	Hyper-V_	XenServer
Disk from device
VMDK fixed disk
VMDK sparse disk
VHD fixed disk
VHD sparse disk
VDI fixed disk
VDI sparse disk
QCOW2 fixed disk
QCOW2 sparse disk

VMDK Sparse Disk Support for ESX/ESXi VMDK Sparse Disk Support for ESX/ESXi is part of a hot fix for Abiquo 1.8.

Hypervisor Default Format In the above table, marks the default format. The Abiquo V2V conversion will convert into the default format for each hypervisor. For example, the default format for ESX/ESXi is VMDK Fixed Disk, so images downloaded in formats not supported for ESX/ESXi will be converted to VMDK fixed disk. Images downloaded in VMDK Sparse Disk will not be converted.

5.4.3. Virtual-to-Virtual (V2V) Conversion

Enterprise Edition Functionality This feature is available in Abiquo Enterprise Edition

Every time a user downloads an image from a remote repository, a background process is started to convert it to all the other default formats so the image can be used in all hypervisors. Also, when a user creates an instance of a virtual machine, the same V2V process is started, to ensure that the instance will be ready for deployment in any hypervisor.

About VMDK Stream Optimized The default format for images in a repository space should be VMDK Stream Optimized. This format is not compatible with any hypervisor, but it is the most compressed format and the best one for transferring images over the Internet. Using Abiquo V2V process, VMDK Stream Optimized images can be downloaded and prepared for deployment in any hypervisor.

Best Practices

From a user perspective the V2V process has the following steps:

• When creating a datacenter, the cloud administrator should add at least one machine with the desired hypervisor type. For example, to offer VMware and XenServer capabilities in a datacenter, the cloud administrator should add at least two machines, one with XenServer and one with VMware.
• When a user downloads an image to the local repository of a datacenter (Appliance Library) the process will automatically convert it to run on all hypervisors in the datacenter. By default, the process will convert to all hypervisor types if there is no physical machine in the datacenter.
• Finally, when adding a new hypervisor type to the datacenter, the administrator will be able to update the conversions to include the new hypervisor type.

Best Practice Add your physical machines with your hypervisors before downloading images in order to optimize your repository space.

6. Users View

The Users view allows the cloud and enterprise administrators to manage the users of Abiquo and their enterprises. User access to the system is controlled by a system of Roles and Privileges, which are also managed from the Users view.

Click the Users button at the top of the screen to access Users view.

If the system is configured to allow users to edit their own user details, click your username in the top right corner of all views to edit your details. From version 1.8.5-HF4, this option can be set in Configuration View.

6.1. The Enterprise Concept and Multitenancy

The Abiquo platform is designed to offer an IaaS cloud service to multiple enterprises. Multitenancy is provided in Abiquo by isolating the different components of the platform for each enterprise, ensuring that the resources allocated by an enterprise will not affect other enterprises' allocated resources, and that each enterprise will be free to manage its cloud.

The following components are isolated at enterprise level:

• Virtual datacenters
• Virtual appliances
• Appliance library
• Hard and soft limits
• Events

6.2. Manage Enterprises

API feature This feature is available in the API. See Enterprise Resource.

6.2.1. Basic Enterprise Management

Enterprises are managed in the Users View. In the left part of the screen, the list of all existing enterprises is displayed. To add, edit, or remove an existing enterprise, use the control buttons at the bottom of the left pane.

The operations for managing enterprises are:

Button	Action
	Create a new Enterprise
	Remove an existing Enterprise
	Edit the selected Enterprise

Creating or Editing an Enterprise

To create a new enterprise, click the button or if you want to edit an existing one, click the button. Then complete the details.

Enterprise Details

Resource Allocation Limits

Hard and soft limits allow the cloud administrator to limit the amount of resources that an enterprise may consume. This is very useful in preventing common problems with cloud platforms, such as resource over allocation, enterprises allocating resources from other enterprises, and even DoS attacks. These limits will also help system administrators to anticipate user needs and forecast resource demand. Hard and soft limits are used by the Best Fit Resource Scheduler to decide if a user can or cannot deploy a virtual appliance.

• Hard Limit: the maximum amount of resources (CPU, RAM, Hard Disk) that an enterprise may consume.
• Soft Limit: always lower than the hard limit. Triggers a warning for users that they nearing the hard limits for their enterprise.

Zero limits - no limits Limits equal to zero mean there will be no limits at all.

Advanced users may consult the Allocation Strategy to read about the application of limits.

Edit the Enterprise's Datacenters

When editing the Enterprise, click the Datacenters tab to access:

• Allowed and Prohibited Datacenters

Edit an Allowed Datacenter to set:

• Allocation Limits
• Default VLAN

Allowed and Prohibited Datacenters

Edit the Enterprise and click the Datacenters tab. Select one or more datacenters in the left pane and click the arrow buttons to move them to the "Allowed Datacenters" right pane.

Access to at least one datacenter is required in order to deploy virtual machines. The left pane contains datacenters, which are "Prohibited Datacenters" by default.

Datacenters Automatically Assigned to Current Enterprise on Creation By default, when a datacenter is created it is automatically assigned as Allowed for the current user's enterprise only.

Allocation Limits

You can set resource allocation limits for this enterprise in each allowed datacenter.

Unlimited Resources Limits equal to zero means unlimited resources.

To set allocation limits, select one of the Allowed Datacenters in the right pane and click the button. Set these limit values in the pop-up that opens, as explained in Resource Allocation Limits.

Application of Limits When using resources (deploying machines, reserving VLANs or IPs) these limits are applied as explained in the Virtual Machine Allocation section.

Setting the Default VLAN for an Enterprise and Datacenter

New feature Default VLAN control and External VLANs were introduced in version 1.8.5

You can set the default VLAN for the current enterprise in an allowed datacenter. Edit the Enterprise, click the Datacenters tab, edit the datacenter, and click the default VLAN tab. Select a VLAN from the list to make it the default for the enterprise and datacenter you are currently editing.

When you change the default network, the new default network will be assigned to all new virtual datacenters you create.

Abiquo offers three types of virtual datacenter networks:

• public networks with Internet addressable public IP addresses.
• external networks that are assigned to an enterprise and can be accessed by more than one virtual datacenter.
• private networks with private IP addresses that are restricted to a single virtual datacenter.

External networks and private networks can be set as the default networks for an enterprise's datacenter and/or virtual datacenter.

When you create a new enterprise and datacenter in Abiquo, the default network is the auto-created private VLAN, named the default network. To assign an external VLAN as the default, it must first be created in Infrastructure view in the datacenter's Public/External Network tab. You can override the enterprise's datacenter default network for a specific virtual datacenter in the virtual datacenter's network screen.

Reserving Physical Machines and Restricting Deployments

You can reserve a physical machine for a single enterprise. Click the "Reservations" tab, and you will see a list of Available Servers (Physical Machines).

Available Datacenters and Physical Machines Only the datacenters included in the "Allowed" list for this enterprise will be available in this section. You cannot reserve a Physical Machine that is already reserved or running virtual machines deployed by a different enterprise.

Select the Physical Machine(s) in their Datacenter/Rack. Move them to the "Reserved" pane by clicking on the arrow buttons.

When you reserve a physical machine for an enterprise, no other enterprise will be able to use this machine's resources or deploy virtual machines in it.

You can also restrict an enterprise so that it may only deploy virtual machines on the physical machines reserved for it and not on any others. To do this, mark the "Only use 'Reserved Servers'" checkbox.

Deleting an Enterprise

To delete an Enterprise, select the Enterprise to delete and click the button.

Preconditions The following preconditions are checked before deleting an Enterprise: It must not have associated Virtual Datacenters. It must not have associated shared Virtual Images.

6.3. Manage Users

Abiquo has a system of users with roles and privileges. When you create a user, you must assign a role to this new user. By default, there are three basic roles: Cloud Admin, Enterprise Admin and Enterprise User.

If the system is configured to allow users to edit their personal details, click your username in the top right corner of all views to edit your details, including your password. From version 1.8.5-HF4, this option can be set in Configuration View.

6.3.1. User Management Functions

API feature This feature is available in the API. See Users Resource.

If you have permission to manage users, you can manage the users that will be allowed to access the platform, using the bottom control buttons in the left pane.

The Cloud Administrator default role has permission to manage users of all enterprises privilege. This means they can also move users between enterprises. The Enterprise Administrator default role has permission to manage users of the enterprise only. If you have the Manage users of all enterprises privilege, the Enterprise list will display in Users view, otherwise, it will be hidden. The Cloud Administrator default role cannot be modified.

The operations for managing users are:

Button	Action
	Create a new User
	Remove an existing User
	Edit the selected User

Creating or Editing a User

Before you create a user, you should create a role with the appropriate privileges for that user.

To create or edit a user, select the Enterprise where the user will be created, then click the or the button and complete the form:

Restrict Access to Virtual Datacenters for Users

By default, all users have access to all virtual datacenters. However, when you create or edit an ordinary user, you can restrict access to certain virtual datacenters. Click the Restrict access button to open the list of available virtual datacenters. Select the VDCs where this user can deploy virtual machines. If no VDCs are selected, the user will have access to all VDCs. You can only restrict the VDC access of users without the No VDC restriction privilege.

6.3.2. Showing Users Who Are Logged In

To see the users who are currently logged in, activate the checkbox in the top right part of the screen. When this checkbox is activated, you cannot perform other actions on users.

6.3.3. Activate or Suspend Multiple Users

To quickly activate or suspend one or more users, select the users from the user list, then select Activate user or Suspend user from the More actions pull-down menu at the top left of the list. The cloud administrator is always activated.

6.4. Manage Roles and Privileges

New Feature This feature has been available since version 1.8

Abiquo user management now has a flexible concept of roles associated with privileges. Each user is assigned a role and that role is assigned a set of privileges to grant access to different cloud features.

Abiquo provides a set of default roles (Cloud Admin, Enterprise Admin and Enterprise User) and these can be used as the basis for creating new roles. The Cloud Admin role cannot be modified. You can also create roles and have them assigned to users in automatic user creation by matching them to LDAP groups.

6.4.1. Role Management

API feature This feature is available in the API. See Roles Resource.

From the Users View, if you have permission to access the Roles screen, you can manage the roles and privileges that will allow access to the platform, using the control buttons at the bottom of the left pane.

Default Profile Restrictions The Cloud Admin can manage users in all enterprises. Administrators assigned to an enterprise can only manage users in their enterprise.

If you have permission to manage roles, the operations to do this are:

Button	Action
	Create a new Role
	Remove an existing Role
	Edit the selected Role

Creating or Editing a Role

If you have permission to manage roles, create a role by clicking the or modify a role by clicking the button and complete the form:

A user can only have one role. You cannot have more than one role of the same name in the same enterprise. Roles in different enterprises can have the same names.

Enterprise Roles and Global Roles

Abiquo allows you to create enterprise roles and global roles. When you create a role, you can specify an enterprise or mark the checkbox to make the role global. A global role will be available in all enterprises.

In the Role list, generic roles will appear with the text (global) and enterprise roles will appear only if their enterprise is selected in the Enterprises list.

Feature Behavior A user whose role has the Create system role privilege can create generic roles. A user whose role has the Associate role with enterprise privilege can only create roles associated with an enterprise.

LDAP Groups

If you have the Specify LDAP group privilege, associate a role with an LDAP/AD group. When LDAP authentication is activated, a user's role will be determined by the group that they are a member of. In LDAP/AD users should be a member of one group only, because they may only have one role in Abiquo. Please see the Administrator's Guide for further information about LDAP and Active Directory Integration.

6.4.2. Privileges management

Roles are associated with privileges, and these privileges can also be managed in the Roles screen. See Privileges List for the complete list

Manage Privileges

A user whose role has permission to Manage privileges can modify a role's privileges. To modify a role's privileges, select a role from the list and add/remove privileges.

The privileges displayed and available for you to manage will be those assigned to your own role. If you do not have a privilege you cannot assign or modify that privilege for another role. You cannot modify the privileges of your own role. You cannot modify the privileges of the Cloud Admin role because they are locked.

Before you save changes with the save button, the changes will appear in different colors: green for added privileges and red for removed ones. After you have finished modifying a role's privileges, click Save to save changes or Discard changes to discard them.

Independent Privileges

All privileges are independent and there are no dependencies. For example, a user whose role does not have the Access Infrastructure view privilege will not be able to see the Infrastructure view icon. However, if this user's role has the privileges Manage datacenters and View datacenter details, the user will be able to access these functions through the API.

6.4.3. Privileges

This page lists the privileges set in the GUI and their corresponding values within the application. It also shows the privileges assigned to the default roles: Cloud Admin, Enterprise Admin and Enterprise User. Users cannot delete the Cloud Admin role or change the role's permissions.

Changes to Privileges in version 1.8.5-HF2 Downloading images to the local hard drive is now governed by the Download virtual machine privilege. Downloading images from a remote repository is now governed by the Manage repository privilege.