Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Abiquo Documentation

Skip to end of metadata
Go to start of metadata

1. Introduction to public cloud integrations

This section introduces the key concepts of the integrations with vCloud Director, AWS, and Azure.

1.1. Virtual datacenters

The platform offers user access to virtual datacenters (VDCs) that are separate groups of virtual resources. A VDC has equivalents in each cloud provider, so it gives you a common interface and API to all the providers - see the table below. For example, the platform’s concept of the VDC is equivalent to  the VPC in AWS (Amazon). In vCloud Director (vCloud), the VDC is equivalent to a vApp. In ARM Compute (Azure), the VDC is equivalent to a Virtual Network and its associated resources. 


1.2. Virtual appliances

Within its VDCs, the platform groups VMs into virtual appliances (VApps). The purpose of the VApp is to enable you to manage a group of VMs together, which means that you can deploy them in one click, or view their metrics together, or create custom metrics for the VApp, for example. You can move VMs from one VApp to another within the same VDC. A VApp is not equivalent to any specific concept in vCloud or public cloud.

1.3. Networks

In vCloud, the platform supports the onboarding of the following networks:

  • External networks outside the OrgVDC but connected to the Edge are external networks in the platform, for use by load balancers but not VM vNICs
  • External networks outside the OrgVDC with a direct connection to OrgVDC as OrgVDCNetwork are external networks
  • Org networks inside the Org VDC and routed through the Edge are external networks
  • Isolated Org networks are external networks, for use by VM vNICs but not load balancers
  • vApp networks are private networks.

2. Configure your user account

All users should configure their user accounts before starting work with the cloud platform.

2.1. Edit user details

To edit your user account, click on the user name or icon in the top right-hand corner of the screen, and select the Edit user option from the pull-down menu.

Select Edit user from the username menu

Abiquo recommends that you change your password and edit your user details. 

Edit user popup to configure your user accountYou can also add your public key for access to deployed virtual machines.

Edit user to add SSH public key on Advanced tab

2.2. Enable two-factor authentication

Your platform may offer or require two-factor authentication to improve user login security. For platform configuration instructions, see Configure two factor authentication.

If two-factor authentication is available, users can enable it for their accounts. If it is required, users will only be able to select the authentication method.


  • To use Google Authenticator, first install the Google Authenticator app on your cell phone. 
  • To use email authentication, first check that you have a valid email address in your user account on the platform.

To enable two-factor authentication for your user account, do these steps:

  1. Click on the name or icon in the top right-hand corner of the screen, and in the username menu, select Two-factor authentication.
    From the username menu, select enable two-factor authentication
  2. Select the authentication method and click Enable
  3. Copy the backup codes from the bottom left-hand corner of the configuration window to a secure place. You can use these codes to log in to the platform if the authentication cycle fails
    • The platform will display backup codes ONCE only
  4. Authenticate according to your selected method
    • For Google Authenticator, use the Google Authenticator app on your cell phone to scan the QR code. Google will supply a verification code in the app. During login, the platform will request the authentication code from the app. Enter the code in the field below the password
    • For email, during login, every time you enter your user name and password to log in, a code will be sent to the email address registered in your Abiquo user account. Enter the code on the login dialog

Screenshot: Enabling two factor authentication

Two-factor authentication popup to select authentication method

Screenshot: Two factor authentication with backup codes (left) and QR code (middle)

Example of backup codes and QR code for two-factor authentication

Screenshot: Login with two-factor authenticationLogin with two-factor authentication

3. Create public cloud regions

 

To create a public cloud region for a public or private OpenStack cloud or vCloud Director, see Generic OpenStack Integration and VMware vCloud Director.

To create a new public cloud region:

  1. In Infrastructure view click on the Public tab.
  2. Then click the add button at the top of the public cloud regions list. 

     Click here to show/hide the screenshot

    The Create public cloud region popup will open.

     Click here to expand...

  3. Enter the base name of the public cloud region. Note that you can change this later
  4. Select the provider

  5. Select the region(s)
    1. Abiquo will create the first region with the name you enter and the others with a suffix of "_1", "_2", and so on. Abiquo creates the regions in order and if a region cannot be created, then Abiquo will try to create the next region on the list
  6. Click Next
  7. Enter the connection details of each remote service
    1. Protocol: the protocol used to connect to the remote service
    2. Address: the address of the remote service
    3. Port: the port used to connect to the remote service. The default port for HTTP is 8009
    4. Context: the context where the remote service is published

      • Copy the first address to the other boxes by clicking on the Duplicate IP addresses link
      • To share (reuse) remote services already created for another datacenter, type the first number of the IP address to open a selection list
        • To share a Virtualization manager (virtual factory) or Monitor manager (VSM), you must use a shared Redis instance
  8. Click Check for each remote service or Check all to ensure that the Abiquo orchestrator can connect to the remote service
  9. Click Save

The platform will create your public cloud region.

  • Edit your enterprises to add credentials and add the new region to the Allowed datacenters list so users can deploy in the region
    • You will require one separate AWS account for each enterprise using an AWS public cloud region, i.e. one account per enterprise
  • Edit your administration scopes to allow administrators to manage the public cloud region


4. Create tenants

4.1. Introduction to enterprise tenants

In the platform, enterprises are cloud tenants, meaning they are groups of cloud users with their own logical resources. For information about the concepts of tenants and users, see Users (in the Walkthrough). For each tenant, you can assign access to infrastructure and resources. For each user you can assign scopes with access lists and roles with privileges.  

Privilege: Manage enterprises, Manage users of all enterprises

Before you begin managing enterprises, we recommend that you do these steps:





4.2. Create an Enterprise

To create a cloud tenant enterprise, do the following steps:

  1. Open User's view and at the top of the Enterprise's list, click the + Add button

  2. Enter tenant details and options as described below
    • To enable the tenant's users to deploy, allow the tenant to access at least one datacenter or public cloud region
  3. Define the resources the enterprise can use
  4. Click Accept to save

Abiquo will create the enterprise and filter to display only this enterprise. To display other enterprises, click the X beside the enterprise name in the filter box at the top of the Enterprises list. 

After you have created the enterprise:

  1. Abiquo will add this enterprise to the scope of the administrator who created the enterprise
    1. Optionally move this enterprise to a scope with related enterprises and assign the scope to the appropriate cloud and/or tenant administrators
  2. Optionally edit the tenant to set the default scope for users created in this tenant
  3. Create enterprise users with appropriate roles and scopes, for example a tenant administrator and users. Note that the tenant administrator can be allowed to create their own users




4.3. Configure a tenant with general information


Field

Description

Name

The name of the Enterprise

Default scopeThe default scope to assign to future users that administrators create in this tenant. When creating users, an administrator can assign the enterprise’s default scope, even if it is above their scope in a hierarchy. Generally you should set this to a low scope.
Require two factor authenticationTo make two-factor authentication mandatory for all users of this enterprise, select this checkbox. Note that an administrator must configure it in the platform first. See Configure two factor authentication
Enable workflowTo enable workflow for this enterprise, mark this checkbox. Note that an administrator must configure it in the platform first. See Abiquo Workflow Feature
ResellerSelect this flag to mark the enterprise as a reseller
Key nodeSelect this flag to mark the enterprise as the key node of its default scope, for example, as the headquarters of an organization
Enterprise logoA logo file for the enterprise in web format (PNG, JPEG, GIF). The size of the default logo is 150 x 37 pixels. This will override the default logo, which is set in Configuration View.
Default themeA branding theme created for the enterprise. See Abiquo Branding Guide


4.4. Control tenant resources

You can control the resources that an enterprise may consume. This will help prevent resource over allocation, enterprises using resources from other enterprises, and even DoS attacks. Allocation limits will also help system administrators to anticipate user needs and forecast resource demand. Hard and soft limits are used by the resource scheduler to decide if a user can deploy a virtual appliance or not.

  • Hard Limit: the maximum amount of resources (CPU, RAM, Hard Disk, etc.) that an enterprise may consume.
  • Soft Limit: triggers a warning for users that they nearing the hard limits for their enterprise.

 

 

 

LimitChecked atDescription

Memory

Deployment

Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs

Virtual CPUs

Deployment

Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs

Local hard disk

Deployment

Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers

External storage

Configuration

Total size of external storage that may be assigned to VMs

VLANs

Configuration

Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create

Public /floating/NAT IPs

Configuration

Total number of public IPs, floating IPs (in public cloud), and NAT IPs that may be used

RepositoryOperationsTotal size of NFS Repository space that maybe used for the Apps Library including templates and instances (but not conversions). See Manage the Datacenter Apps Library#HowmuchspacecanatenantuseintheAppsLibrary?
Virtual machinesDeploymentTotal number of VMs that users can deploy in the location using their allowed resources

In public cloud regions, the platform does not support External storage and Repository (Apps library storage) features or limits 

Enterprise allocation limits are checked during configuration or deploy, or before operations as described in the above table.

When creating allocation limits, you cannot have a hard limit only.  And soft limits must always be less than or equal to hard limits. In addition, if the limits are equal to 0, then this means there is  no limit to resource usage at this level.  See  Allocation limit rules

4.5. Allow the tenant to access regions

To set the public cloud regions and datacenters that an enterprise is allowed to access, edit the Enterprise and click the Datacenters tab.

Drag and drop one or more public cloud regions or providers, or datacenters from the left pane into the "Allowed Datacenters" pane on the right.

An enterprise needs access to at least one public cloud region or datacenter so that its users can deploy VMs.

Note: when you create a public cloud region or a datacenter, the platform allows it for your own enterprise automatically. For all other enterprise, the platform adds it to the list in the left pane, which contains "Prohibited datacenters".

Allowed datacenters are working datacenters where users can deploy. This is different to an admin user having administration Scope to administer the infrastructure of datacenter. 

4.6. Limit tenant resources in the region

You can set resource allocation limits for this enterprise in each allowed datacenter or public cloud region. To set allocation limits, select one of the Allowed Datacenters in the right pane and click the edit button. Set these limit values in the pop-up that opens.

Field

Checked at

Description

RAM

Deployment

Total amount of RAM memory that may be used by Amazon hardware profiles assigned to VMs

Virtual CPUs

Deployment

Total amount of Virtual CPU cores that may be used by Amazon hardware profiles assigned to VMs

Local Hard Disk

Deployment

Total size of hard disk that may be used by VM templates (e.g. Amazon AMIs) deployed as VMs

External Storage

-

-

VLANs

Configuration

Total number of private VLANs that maybe deployed

Public IPs

Configuration

Total amount of Elastic IPs that may be used

Repository--

5. Manage cloud provider credentials

Each tenant should have its own set of API credentials for each provider.

5.1. Obtain cloud provider credentials

If the tenant does not have cloud provider credentials, they should follow their cloud provider's instructions on how to obtain access to the provider's API.

Abiquo provides basic guides to obtaining credentials, but the tenant should always consult the cloud provider for the most up-to-date information.

5.2. Add tenant credentials for each provider

Before you enter public cloud credentials, there must be an existing public cloud region for the provider.

To add credentials for a public cloud provider

  1. Check in Infrastructure view or with your Administrator, that the public cloud region is already created
  2. Edit the enterprise and select the Credentials tab
  3. From the Provider pull down list, select the public cloud provider
  4. Enter your Access key ID, which may be a Username, a specific API access key ID or other account identifier
  5. Enter your Secret access key, which may be an API key or other API credential
  6. Click Validate account
  7. After the account has been validated, click Save




6. Prepare foundation template library

In the Abiquo Apps Library you can compile a selection of certified public cloud templates for your users to deploy by self-service.

Abiquo will store the details of these templates but not their disks.

Public cloud libraries can have many thousands of VM templates (e.g. AWS has 19,000 AMIs) that are difficult to find and manage. In addition, administrators cannot control the content of public cloud templates. In the Apps library, you can define a cache of details of your approved or certified public cloud templates. And you can customize the templates' representation to make it even easier for cloud users to find the right template. 

Public cloud templates belong only to the region they were created in. Templates in one region usually cannot be accessed from another region and this rule also applies to the Abiquo Apps library. Public cloud templates that are effectively the same will usually have different IDs and names in each region.
The Apps library is a collection of VM templates that enables users to quickly and easily deploy VMs. 

To display public cloud templates:

  1. Click the Apps library icon   in the main menu bar to go to Apps library.
  2. Click on the Public radio button. 
  3. In the public list, click on the name of the public cloud region. By default you will see any templates you can deploy within this region in icon view. 
    1. To change to the list view, click on the List view tab symbol in the top right-hand corner.

To display the details of a template, move the mouse over the template. A tooltip will display the template information.

 Click here to show/hide the screenshot


The VM templates in the Apps library may be marked with the symbols described in the following table.

Template typeSymbolDescription
Shared template

A template that may be used by all enterprises in the template's scope. See Modify a VM Template#ScopestabforsharingVMtemplates

Deleted templateAlso called an Unavailable template. The template has one or more disks missing in the Apps library filesystem.
Failed templateThe template disk file was not properly created


6.1. Filter local public cloud templates

The public cloud template search and filter is used for all public clouds and private clouds that use their own registry, such as OpenStack and vCloud Director, and Docker

Filter

Type

Comments

ID

Free text

For example, ami-0354b96a

Name

Free text

Search for this text in each template Name and Description. The search is not case sensitive

OS type

Selector

Any, Windows or Other

32 bits

Checkbox

32-bit images

64 bits

Checkbox

64-bit images

You can filter to find the templates you want to work with in the Apps library. To open the filter, click the funnel Filter button. Enter filter values, including wildcards, and click Accept.


To reset filter values to defaults, click Clear. This will display all local templates. 

6.2. Add VM Templates to Public Cloud Apps Library

To import a template from a public cloud region into the platform's template cache, do the following steps:

  1. Open the Apps library at the Public cloud tab. In the column on the left, select the public cloud region.
  2. Then click the Import template button on the upper right-hand side of the screen.
  3. The Import template popup will open.
  4. Enter the search criteria for your template.

    Filter

    Type

    Comments

    ID

    Free text

    For example, ami-0354b96a

    Name

    Free text

    Search for this text in each template Name and Description. The search is not case sensitive

    OS type

    Selector

    Any, Windows or Other. The default value is Any

    PublisherSelectorFilter by publisher names, as available in some providers, e.g. Azure. Type a publisher name to open a drop-down selection list.

    Private

    Checkbox

    Private images that are only available to your user account in the public cloud provider

    vCloud Director: display templates in the same organization

    Public

    Checkbox

    Public images that are available to all users in the public cloud provider

    vCloud Director: display templates in other organizations

    32 bits

    Checkbox

    32-bit images

    64 bits

    Checkbox

    64-bit images

    Then click Search to perform the search. The search can take some time and return several pages of templates.

  5. To see more details of a template, move the mouse over it to display a tooltip with template details.

     Click here to show/hide the screenshot

  6. To import a template, click the Import symbol in the top right-hand corner of the template.

     Click here to show/hide the screenshot

  7. When a template has been imported, the color of the Import symbol will change to gray. You can import many templates in one session.

     Click here to show/hide the screenshot

  8. When you have finished importing templates click Close.




7. Onboard from public cloud

If the cloud provider supports virtual datacenters, such as AWS VPCs, you can onboard them. After you onboard the virtual datacenters, you can synchronize them and the virtual resources. If the cloud provider does not support virtual datacenters, then you can onboard the resources from the public cloud regions, such as RackSpace and OpenStack regions. 

Privilege: Manage virtual datacenters

Before onboarding virtual resources, administrators must do the following steps:

  • Create the public cloud region to import from
  • Allow the tenant access to the public cloud region (Enterprise → Datacenters → Allow datacenter)
  • Register the tenant's credentials for the public cloud provider (Enterprise → Credentials)


To onboard virtual resources from public cloud:

  1. Go to Virtual datacenters and the top of the V. Datacenters list
  2. Click the + Add button  select Synchronize public cloud from the pull-down menu
  3. The platform opens a dialog box with a pull-down list of public cloud regions. Select one of these regions.
  4. After you select the region, there are two possibilities:
    • If the provider supports virtual datacenters, Abiquo will display a list of virtual datacenters
    • If the provider does not support virtual datacenters, Abiquo will automatically onboard the virtual resources in the region


7.1. Onboard virtual datacenters from public cloud

To onboard a virtual datacenter:

  1. For the public cloud region, the platform will display a drop-down list of virtual datacenter entities. For example, VPCs in AWS or Virtual networks in Azure. Select an entity and click the Synchronize button. 
    For an AWS region, select a VPC to synchronize as an Abiquo virtual datacenter
  2. The platform will load all of the elements into a virtual datacenter so they can be managed. For example, from AWS, the platform will import the VPC, VMs, subnet with IP addresses, public IPs, firewalls and load balancers, which will be named with their provider identifiers. 
    • The platform will detect a public subnet by the presence of a custom route table and NAT gateway, and the platform will mark the public subnet with a globe symbol and set the Internet gateway flag for this subnet. Users with bespoke network configurations should check the results of the synchronization. The platform will synchronize private and public IP addresses even if they are not in use by VMs, and mark the IP addresses in use by provider entities with provider identifiers.

       Click here to show/hide the screenshot

    • The platform will import VM templates. If the VM template cannot be found, the VM will be created in the platform with no registered template. In this case, to save a copy of your VM disk as a template, so you can recreate the VM, make an Abiquo instance of the VM.

       Click here to show/hide the screenshot

If you delete a synchronized VDC, the platform will delete it in the provider. Always check which is the default VDC in your provider, e.g. AWS default VPC, because it may be inconvenient to delete this VPC

If your enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will still exist in the public cloud provider




7.2. View classic VMs

To view classic VMs, for example in AWS these are EC2 classic VMs, click the "See classic" link. 

 Click here to show/hide the screenshot

The platform will display classic VMs

 



7.3. Synchronize VDCs and resources

During VDC synchronization, the platform will ensure that the resources in the platform and the provider are the same.

  • It will delete entities in the platform that were deleted already in the provider
  • However, it will maintain resources attached to undeployed VMs in the platform
    • For example, if a user has an undeployed VM with IPs and a load balancer, then after the synchronization, these resources are attached to the VM in the platform only
    • Warning: These resources are "free" in the provider. Users working directly in the provider could assign these resources to other VMs. This will cause a conflict and error at deploy time

To update a virtual datacenter and onboard any changes made in the provider, synchronize the virtual datacenter:

  1. Go to Virtual datacenters → V. Datacenters list
  2. Beside the virtual datacenter name, click the double arrow Refresh button

You can also synchronize resources such as networks, public IPs, firewalls, and load balancers. To do this, go to the resource tab and click the straight double arrow Synchronize button. For more information, see the resource documentation.

 Click here to show/hide the screenshots

Screenshot: Synchronize firewalls

Synchronize firewalls that you onboarded or created in public cloud

Screenshot: Synchronize private networks in public cloud

Public cloud synchronization parameters

Note to System Administrators: For information about tuning public cloud synchronization, see Abiquo Configuration Properties#pcrsync.




7.4. Manage resources that were deleted directly in the provider

When administrators delete resources in the provider, the platform will display the resource name in light gray to indicate that the user cannot work with the resource. The resource types include:

  • External networks
  • Firewalls 
  • Classic firewalls 
  • Load balancers 
  • NAT network
  • NAT IPs

To delete these resources (if they are not in use), select the resource and click the delete button.

 Click here to show/hide the screenshot



7.5. Delete or release virtual resources in public cloud

The virtual resources that you onboarded or created in public cloud will be grouped with their associated virtual datacenters.

Before you begin:

  1. If you recently created virtual resources, such as load balancers, synchronize the virtual datacenter to ensure that the platform can find and delete all the dependencies of the virtual datacenter.

To delete onboarded resources in public cloud:

  1. Delete each virtual datacenter
    • You can choose to delete each virtual datacenter in the platform only, or in the platform and the provider. If you delete in the platform only, the platform will automatically remove VMs, virtual appliances, load balancers, public IPs, and firewalls. Remember to check which is the default VDC in your provider, e.g. AWS default VPC, because it may be inconvenient to delete this VPC


If the enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will continue to exist in the public cloud provider




7.6. Onboard from public cloud using the API


Abiquo API Feature

This feature is available in the Abiquo API. See VirtualDatacenterResource for synchronization and LocationsResource for retrieval of virtual datacenters and virtual machines.



7.7. Onboard from public cloud regions without VDCs

If your public cloud provider does not support virtual datacenter entities, Abiquo will automatically onboard when you select the public cloud region.

Abiquo synchronizes virtual resources in public cloud regions for providers that do use virtual datacenters or similar entities, for example, OpenStack clouds and Rackspace. You can only synchronize these providers at the public cloud region level. You cannot synchronize a VDC or an individual resource, for example, a load balancer. 

If Abiquo already has virtual resources on the platform for the provider, then these entities will already be part of a virtual datacenter. Abiquo will check if any new entities in the provider are related to the existing ones in Abiquo and place them in the existing virtual datacenter.

Abiquo will place all VMs and network resources that are not related to existing Abiquo virtual resources into a generic virtual datacenter. Abiquo names this virtual datacenter with the same name as the public cloud region, but the user can rename it. Abiquo will use this virtual datacenter for future synchronizations, adding or removing resources to match the cloud provider.

If the Abiquo integration with the provider supports entities that are not assigned to any virtual datacenter, such as firewalls, load balancers, or floating IPs, these may be loaded into Abiquo as unassigned entities.

If conflicts occur during synchronization, Abiquo will cancel the synchronization. This would occur if two VMs already exist in different VDCs but are related by a firewall or load balancer. Or if two firewall policies or load balancers exist in different virtual datacenters but are related by a VM.




8. Create virtual datacenters

You can work with virtual machines, networks and storage in Virtual datacenters view

8.1. Create a virtual datacenter

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource VirtualDatacenterResource.

To create a new virtual datacenter:

  1. Go to Virtual datacenters
  2. Above the V. datacenters list, click the  button
  3. Select Create a new virtual datacenter from the pull-down menu
  4. Complete the dialog as described here
  5. Click Save

8.1.1. General information

The basic information to enter when creating a virtual datacenter is described in this section. Further configuration is described in the following sections.

Create a virtual datacenter with NAT. Select the NAT network and the IP address for the default SNAT rule

Field

Description

Name

The name of the virtual datacenter

Location

The datacenter or public cloud region where virtual appliances will be deployed

Hypervisor

The type of the hypervisor for the virtual datacenter. This option will not display if there is only one choice.

Network

  • Default: Create a VLAN (default private or external) in the pre-configured range
  • Custom Private: Create a custom private VLAN (see form below)

If your environment supports NAT you may also be able to select the IP address for the default SNAT rule

Field

Description

NAT networkOptionally select the NAT network to use for the default SNAT rule
Default NAT IPOptionally select the NAT IP address for the default SNAT rule for the virtual datacenter




8.2. Create a virtual datacenter with custom networks

When you create a virtual datacenter, the platform always creates a private network and it counts as part of your VLAN allocation limits, even if the default network is another type of network.

The private network can be the "Automatically-created private VLAN", which is called "default_private_network", or a custom private network, which will be set as the default network.

To create a Custom private network, complete the network section of this dialog.

 Click here to show/hide the screenshot

Field

Description

Network name

The name of the VLAN to create

NetmaskThe network mask

Network address

The network address

Gateway

The IP of the gateway of the VLAN

Availability zonePublic cloud, e.g. AWS: The availability zone where VMs attached to this network will deploy.

Primary DNS

The primary DNS of the network

Secondary DNS

The secondary DNS of the VLAN

DNS suffix

The DNS suffix for the VLAN

Static routesMark the checkbox to define static routes

To manage the VLANs of your virtual datacenter, go to Virtual datacenters → Network. See Manage Networks.




8.3. Manage resource allocation limits for a virtual datacenter

The allocation limits tab allows the administrator to limit the amount of physical and virtual resources a virtual datacenter may consume. A Hard limit is the maximum amount of a virtual resource (e.g. RAM) that a virtual datacenter will be allowed to consume. A Soft limit warns users and administrators that the virtual datacenter is running out of a resource.

To manage the virtual datacenter allocation limits, when creating your virtual datacenter, click the Allocation Limits tab.

There are some rules for creating Allocation limits:

  • You cannot have a hard limit only
  • Soft limits must always be less than or equal to hard limits
  • Limits equal to 0 means that there is no limit to resource usage at this level
  • When editing limits, you cannot set the hard limits below the existing resource usage.


 

LimitChecked atDescription

Memory

Deployment

Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs

Virtual CPUs

Deployment

Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs

Local hard disk

Deployment

Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers

External storage

Configuration

Total size of external storage that may be assigned to VMs in private cloud

VLANs

Configuration

Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create

Public /floating/NAT IPs

Configuration

Total number of public IPs, floating IPs (in public cloud), and NAT IPs that may be used

Virtual machinesDeploymentTotal number of VMs that users can deploy in the location using their allowed resources

In public cloud regions, the platform does not support External storage and Repository (Apps library storage) features or limits. 


 Click here to show/hide allocation limit message details

Here is an example of resource limits for a very small virtual datacenter with a soft limit of just one virtual CPU and the hard limit is 4 virtual CPUs, as shown in this screenshot.


You will exceed the soft limits if you try to deploy a virtual appliance with more than one CPU in the virtual datacenter. You will see a pop-up that will allow you to to acknowledge the message and continue with the operation. There are two types of soft limit messages, depending on the soft limit details message option on the General page of Configuration View

If the soft limit details message option is selected on the General page of Configuration View, you will see this type of message.

If the soft limit details option is not selected, you will see a general message.

It is also possible to receive this message when enterprise soft limits have been reached or exceeded but virtual datacenter soft limits have not.

You will exceed the hard limits if you try to deploy a virtual appliance with more than four CPUs in this virtual datacenter. You will see a pop-up that will allow you to to acknowledge the message and terminate the operation.

There are two types of hard limit messages, depending on the hard limit details message option on the General page of Configuration View

If the hard limit details message option is selected on the General page of Configuration View, you will see this type of message.

If the soft limit details option is not selected, you will see a general message

It is also possible to receive this message when enterprise hard limits have been exceeded but virtual datacenter hard limits have not been exceeded.




8.4. Set virtual datacenter defaults

Field

Description

Default datastore tier

Select the default disk service level for your non-persistent virtual machine disks on the hypervisor. This is the default datastore tier for the virtual datacenter.

  • To use your cloud provider's default tier, select "Configured by location"
  • Or select a default tier, according to the available service levels

To clear the current tier, click the black x symbol beside the tier name




8.5. Limit user access to the virtual datacenter

If you are able to manage user roles, you can limit user access to the datacenter for users that are subject to VDC restriction.

Privilege: Manage roles, No VDC restriction

Unable to render {include} The included page could not be found.

After you have entered allocation limits, defaults, and role, click Save.

The platform will create the virtual datacenter and the default private VLAN and display it in the Virtual Datacenters view. 




9. Manage Networks

This section describes how to manage networks in private datacenters and public cloud providers. 

9.1. View virtual datacenter networks

To view the networks available to a virtual datacenter, go to Virtual datacenters → select virtual datacenter → Network.

  • The default network is highlighted with a star symbol
  • A network with an internet gateway is highlighted with a globe symbol.

API Features

Virtual datacenter networks are available in the Abiquo API. For example, see VirtualDatacenterResource and PrivateNetworksResource.


Network tab in virtual datacenter highlighting default network and internet gateway

In the Networks list, to view the pool and allocation of IPs:

  • To see all the IPs in the virtual datacenter, click the All button on the top of the list
  • To see the IPs in a VLAN, click the VLAN name

You can then:

  • use the slider at the bottom of the list to move through the pages 
  • filter the list by entering text in the search box. The filter works with all the columns of the table:
    • IP Address
    • MAC address
    • VLAN name
    • Virtual appliance using the IP
    • VM using the IP
    • Provider ID of the entity using the IP (for example, a load balancer)




9.2. Create a private network

Private networks are only available within a virtual datacenter. However, your cloud provider may configure an external gateway for your virtual datacenter.

To create a private network in your virtual datacenter, click the  button  and complete the form below.

Create a private network

Button

Action

Name

Name of the network (VLAN). The name can contain up to 128 characters

IPv6Select checkbox for IPv6 network
NetmaskNetwork mask with an integer value of between 16 and 30

Network Address

Private address range of the network

Gateway

Gateway of the VLAN. Must be an IP within the range of the network address and mask

Primary DNS

The primary DNS

Secondary DNS

The secondary DNS

DNS suffix

The DNS suffix

Excluded from firewallSelect Excluded from firewall to define a network where VM firewalls will not apply

Static Routes

Select Define to create static routes. See Configure Static Routes

Default network

Make this network the default network, replacing the existing default network.

You can configure static routes when you create or edit a VLAN. However, you should check with your systems administrator about when changes to static routes may be received by your VM.

Field

Description

Example

Netmask

Destination network mask

255.255.255.0

Network ID

Destination network or host

1.1.1.0

Gateway IP

Next hop (on your network)

10.10.10.100

 Click here to show/hide IPv6 networks

Strict network

 

Non-strict network

FieldDescription

Name

Name of the VLAN. The name can contain up to 128 characters

IPv6Select checkbox for IPv6 network
StrictIPv6 only. If you select Strict, Abiquo will automatically generate the network address (ULA) and also the IP addresses. If you do not select strict, you can enter the network address and IP addresses.
NetmaskNetwork mask of 48, 56 or 64.

Network Address

Private address range of the network. Only for non-strict networks

Primary DNS

The primary DNS

Secondary DNS

The secondary DNS

DNS suffix

The DNS suffix

Default network

Make this network the default network. In a datacenter, this will override the existing default network




9.3. Private networks in public cloud

When you onboard from public cloud, if the provider supports networks, then the platform will onboard private networks, including details of IP addresses not used by VMs. You can synchronize these networks.

When working in Abiquo, DO NOT DELETE networks directly in the provider because this may cause inconsistency. The synchronization process is designed to onboard public cloud elements, especially when you begin to work with a public cloud provider

When creating a custom private network in AWS, you can choose the Availability Zone. Availability Zones enable users to deploy VMs separately, with high availability. You can deploy in an availability zone by assigning a private IP address in the network belonging to that Availability Zone.




9.4. Add IPs to private networks

To create new IP addresses in your private network, click the Add button in the top right-hand corner of the Private IPs page. You can also create IPs automatically, directly in the Edit VM popup.

  • Enter the number of IPs and the first IP address in the range. The first IP address must be a new address that does not already exist in the network. After creating the first IP address, the platform will try to create the other IPs and it will skip any existing IP addresses. 

    For example, if you have IP addresses in network 30.30.30.30, which are 30, 33, and 34 and then you request 3 new IPs from 30.30.30.31. The new IPs created should be as follows: 31, 32, 35. 
IP Addresses
30.30.30.30
30.30.30.31
30.30.30.32
30.30.30.33
30.30.30.34
30.30.30.35
 Click here to show/hide IPv6 details

When you add IPv6 addresses on strict networks, you don't need to set the starting address.

On non-strict IPv6 networks, Abiquo recommends that you create an automatic IP address, or you can enter an IP address manually as shown here.




9.5. Delete IPs

The platform will delete only the IP addresses that are not in use, which means not attached to a VM, or not purchased by the enterprise.

To delete IP addresses:

  1. Select the network, then select the IP addresses, and click the delete button. 




9.6. Edit a private network

To edit a private network

  1. Select the network
  2. Click the Edit button  above the Networks list:
  3. You can change the network name, gateway, DNS settings, and make the network the new default for this virtual datacenter.
  4. Click Save

The new settings will apply to all VMs deployed after you save the network.




9.7. Delete a private network

You can delete a private VLAN if no VMs are using its IPs and it is not the default network. To delete a private VLAN, select it and click the Delete button  above the Networks list. 




9.8. Manage onboarded external networks

The platform automatically onboards external networks when you onboard virtual datacenters from vCloud Director.

To manage External networks, go to Virtual datacenters → Network → Select vCloud VDC → External.

9.8.1. Manage networks that have been deleted in the provider

If an onboarded network has been deleted in the provider, its name will display in light gray text.

If a VM is using an IP from this network, then you cannot deploy the VM.

If there are no VMs using the IPs of an external network that was already deleted in the provider, then you can delete the network, by clicking the Delete button.




9.9. Set default virtual datacenter networks

If you deploy a VM without assigning a NIC, Abiquo will add one in the virtual datacenter's default network.

To set a new or existing network as the default:

  1. Create or editing the network, select the Default network checkbox. The new default network will apply to all VMs deployed after you set it.  

In private cloud, if you set a public network as the default, obtain IP addresses for your VMs before you deploy!


9.10. Introduction to Firewalls

The platform provides a unified interface to firewalls in varied cloud environments. 

This section describes firewall policies, which are similar to security groups. The platform supports firewall policies in private cloud with network managers (NSX, Neutron) and in public cloud (AWS, Azure). In Oracle Cloud, the platform enables users to onboard classic firewalls and assign them to VMs.

In vCloud Director, the platform supports classic firewalls, which are Edge firewalls at level of the public cloud region (orgVDC). The platform does not support security groups for VMs in vCloud Director. See Manage classic firewalls




9.11. Firewall provider documentation

See the following provider documentation for more information about firewall functionality.

Provider

Documentation

AWS

AWS security groups:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html .

Information about SDK and security groups included in this tutorial:
http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/prog-services-ec2.html 

Azure ARMAzure ARM security groups:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg 

OpenStack Neutron
(KVM, OpenStack)

Complete OpenStack Neutron guide: http://docs.openstack.org/

VMware NSXVMware NSX Documentation Center
vCloud Director

In vCloud Director, the platform supports classic firewalls, which are Edge firewalls at the orgVDC level. See Manage classic firewalls



9.12. Synchronize firewalls

The synchronize process will onboard firewalls and it will update the platform's information about firewalls that already exist in the cloud provider. The platform synchronizes automatically when you onboard virtual resources from public cloud. Depending on the provider, the platform may support synchronization at the level of the location (public cloud region) or virtual datacenter.

To synchronize firewalls do these steps:

  1. Select All virtual datacenters and the location, or a single virtual datacenter
  2. Click the synchronize button  

To synchronize a firewall before you add new firewall rules:

  1. Select the firewall and click the synchronize button  .




9.13. Create a firewall

Depending on provider support, the platform can create firewalls in virtual datacenters in the provider, or in the platform only, for later use in providers.

Privilege: Manage firewall

To create a new firewall, do these steps:

  1. Go to Virtual datacenters → Network → Firewalls
  2. Click the add button
  3. Enter the firewall details
    1. Name
    2. Location (selected from the pulldown list)
    3. Virtual datacenter: To create the firewall in the provider, select the virtual datacenter. OR To create the firewall in the platform only, select No virtual datacenter 
    4. Description 
  4. Click Save to create the firewall
  5. Add firewall rules as described below

If you entered a virtual datacenter, the platform created your firewall in the provider. The platform will display a provider-ID and a virtual datacenter ID for the firewall. 

If you selected No virtual datacenter, the firewall will be created in the platform in the public cloud region for your enterprise. The synchronize process will not update this firewall. The platform will not create it in the provider until you select a virtual datacenter.




9.14. Edit firewall rules

You can define firewall rules for inbound and outbound traffic.

To add a new firewall rule:

  1. Select the virtual datacenter or location
  2. Select the firewall
  3. On the firewall rules panel, click the pencil Edit button
  4. Select the Inbound or Outbound tab for the traffic direction you wish to control
  5. Enter the details of a rule
    1. Protocol
      • Select from Common protocols, OR
      • Enter a custom protocol
    1. Port range with the start and end ports that this rule will apply to. You can enter the same value twice, for one port, or you can optionally apply the rule to a number of ports at the same time
    2. Source or Target IP address (network address/netmask).
  6. Click Add. The firewall rule will be added to the rule list. 
  7. Enter more rules as required, then click Save

Edit firewall rules




9.15. Delete firewall rules

To delete firewall rules, do these steps.

  1. Edit the firewall
  2. Select the Inbound or Outbound tab
  3. On the left-hand side of each rule you wish to delete, click the trash/garbage Delete button
  4. Click Save




9.16. Display firewalls

To manage firewalls go to Virtual datacenters → Network → Firewalls.

You can display and manage firewalls in the platforms at the level of the virtual datacenter or the location (public cloud region or datacenter).

To display firewalls that exist in a virtual datacenter in the provider, do these steps:

  1. Go to Virtual datacenters → Network → Firewalls
  2. In the Virtual datacenters list, select the virtual datacenter

Virtual datacenters view with Network tab on Firewalls page

To display all firewalls in a location (public cloud region or datacenter), including those that only exist in the platform and not in the provider, do these steps:

  1. In the Virtual datacenters list, select All
  2. On the Firewalls tab, select the location (public cloud region or datacenter)
 Click here to expand...

Virtual datacenters view with Network tab displaying all firewalls in a region of the cloud provider

9.16.1. Filter firewalls

Enter text in the search box to search by the name, description, and provider ID in the firewall list.




9.17. Assign a firewall to a VM

See Configure VMs (or VM firewalls)




9.18. Move a firewall to another VDC

To move a firewall to another virtual datacenter:

  • In Neutron, edit the firewall in Abiquo and change the VDC

  • In Azure ARM, edit the firewall and change or remove the virtual datacenter
  • In AWS, delete the firewall directly in the provider, then synchronize so the provider ID will be removed from the firewall in Abiquo. Now you can edit the firewall and change the virtual datacenter. This is because you are not allowed to edit firewalls or move them from one VPC to another in AWS but you can do this in Abiquo. The following screenshot shows a firewall after the AWS security group was deleted. The firewall rules are preserved for you to edit or apply to another virtual datacenter. 




9.19. Reuse a firewall after deleting a virtual datacenter

If you delete a virtual datacenter, the firewalls will be deleted in the cloud provider but they will still be present in the platform. The details of the firewalls may vary, for example, in AWS they will not have a Provider ID but in Neutron they will have a provider ID. You can edit these firewalls as required and assign them to another virtual datacenter.

To assign a firewall with no virtual datacenter to a virtual datacenter, do these steps

  1. Go to Virtual datacenters → Network → Firewalls

  2. Go to V. Datacenters All → Firewalls location

     Click here to expand...

    Reuse a firewall after deleting a virtual datacenter

  3. Select and edit the firewall
  4. Select the virtual datacenter to assign it to
  5. Click Save
 Click here to show/hide the screenshot

Edit a firewall to assign it to a new virtual datacenter

 



9.20. Delete a firewall

To delete a firewall, do these steps

  1. Edit the VMs that are using the firewall and remove the firewall from these VMs
  2. Select the firewall
  3. Click the Delete button




9.21. Troubleshooting firewalls

Q: Does my firewall exist in the provider? Which VDC does it belong to?

A: In the Abiquo API, the firewall object contains a link to the virtual datacenter it belongs to.

  • In AWS or Azure ARM, if a firewall has a provider ID, then it exists in the cloud provider. The provider ID is the AWS security group ID or the Azure firewall name.
  • Neutron assigns a provider ID to the firewall and it remains the same. In Neutron, the provider ID does not indicate if the firewall is assigned to a VDC or not. This means that the firewall can have a provider ID even when it does not exist in the provider.


Q: How can I edit a firewall in AWS?

A: Amazon allows you to edit firewall rules and you can do this through the platform. First synchronize the firewall to update the rules because AWS will not allow you to create a rule that already exists in the security group. Remember that it may take some time for firewall rules to propagate throughout AWS. Until the rules have propagated, Abiquo will not be able to detect them. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/query-api-troubleshooting.html#eventual-consistency

To edit an AWS firewall in Abiquo, you can delete the firewall directly in the provider, then synchronize so the provider ID will be removed from the firewall in Abiquo. You can now edit the firewall and the firewall rules, and you can even assign the firewall to another virtual datacenter. The following screenshot shows the default firewall for several different VDCs. The "webDB" firewall currently exists in AWS. The other firewalls have been created in Abiquo but are not assigned to a virtual datacenter and do not currently exist in AWS.

 Click here to show/hide the screenshot

Editing a firewall in AWS




9.22. Manage firewalls with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource FirewallResource.


9.23. Introduction to load balancers

The Abiquo load balancer feature is designed to streamline the creation of load balancers in both public and private cloud with the unified Abiquo interface.

Privilege: Manage load balancers, Assign load balancers

Abiquo supports load balancers using public cloud providers, including AWS and Rackspace, and network managers, including OpenStack Neutron and VMware NSX. In some providers, Abiquo also offers the following functionality:

  • Create a load balancer in Abiquo that is not assigned to a provider, at the cloud location level
  • Remove a load balancer configuration from the provider and reuse it

In public cloud, to synchronize load balancers, the platform will retrieve public cloud entities and create or update the corresponding Abiquo entities. In private cloud, the platform may retrieve Abiquo private cloud entities only and update the corresponding Abiquo entities. Warning: Do not modify Abiquo entities directly in the network manager.

Load balancers in a provider usually belong to a virtual datacenter but in vCloud Director they belong to a public cloud region. This means that in vCloud Director, you can attach VMs from more than one virtual datacenter to the same load balancer, and these load balancers do not work with private networks, which belong to only one virtual datacenter.



9.24. Support for load balancers by provider

The following tables summarize the load balancer functionality in each provider.

Please refer to cloud provider documentation or network manager documentation as the definitive guide to the load balancer feature.




9.25. Create a load balancer

Before you begin:

  • Synchronize your virtual datacenters (including VMs, networks, firewalls, firewall rules, and load balancers)
  • If required by your provider, create firewalls for your VMs to allow your load balancers to access the VMs

To create a load balancer:

  1. Select a virtual datacenter → Network → Load balancers. 
    For vCloud, select All virtual datacenters → Network → Load balancers → Region
  2. Click the + Add button and complete the following dialogs according to your cloud provider's documentation
    Screenshot: Creating a load balancer in AWS

    Screenshot: Creating a load balancer in vCloud Director

     Click here to show/hide the screenshot

9.25.1. Load balancer general information

The following screenshots are from AWS.

Create a load balancer entering general information


Field

Value

Name

The name of the load balancer.

  • Amazon will only accept the following characters: A-Z, a-z, 0-9 and "-", and you cannot modify the name
  • Azure will not accept names with white space

Subnets

In providers that support subnets, the subnets that the load balancer is connected to.

Algorithm

See cloud provider documentation for more information

Addresses

  • AWS: private or public IP
    Rackspace: private or public IP
    Azure ARM: private or public IP
    Neutron: private IP, or private and public IPs
    NSX: private IP, or private and public IPs
    vCloud Director: private or public IP (IPs on external networks)

  • You may be able to change the address to another one in the same VDC by editing the load balancer


9.25.2. Load balancer routing rules

Create a load balancer entering a routing rule

Field

Value

Common protocols

Select one of the common protocols to load presets

Protocol in

The incoming protocol to the load balancer. See cloud provider documentation for accepted values.

Port in

The incoming port to the load balancer. See cloud provider documentation for accepted values.

Protocol out

The outgoing protocol from the load balancer.

Port outThe outgoing port from the load balancer
SSL CerftificateFor secure connections (e.g. HTTPS), you can add an SSL certificate.
  • The platform will never store or validate the SSL certificate 
  • The platform will pass the certificate directly to the provider
Select an existing certificate or add a new one. Cannot be used in platform-only load balancers
AddClick Add to save a routing rule for the load balancer

To delete a routing rule, click the Delete button beside the name of the routing rule in the list

9.25.3. Load balancer SSL certificate

Create a load balancer entering a certificate

Field

Value

Name

Name of the certificate

Certificate

The certificate contents

Intermediate certificate

An intermediate certificate can be issued by a provider to support older browsers that may not have all of the trusted root certificates for that provider, so that users will not receive invalid SSL warnings. If you have an intermediate certificate, add it at the same time as the certificate to ensure that a trusted-chain certificate is configured.

Private key

The RSA private key for the certificate

9.25.4. Load balancer health check

Create a load balancer entering a health check

 

Field

Value

Common protocols

Select one of the most common protocols to load presets

Name

Name of the health check

Protocol

The protocol with which the health check will be performed

Port

The port to which the health check will be performed

PathThe server path to ping (for supported protocols)
Interval (sec)The interval in seconds between health checks
Timeout (sec)The timeout in seconds after which an attempted health check will be considered unsuccessful
AttemptsThe number of attempts before the health check will be considered unsuccessful
AddAdd the current health check to the load balancer

9.25.5. Load balancer firewalls

If your provider supports firewalls, to add a firewall to your load balancer, select your firewall from the list of firewalls that were created in your provider. Rackspace does not display a firewall selection list.

If a firewall is not on the list, it may not have been properly synchronized. In this case, you will need to click Cancel, synchronize firewalls and start again to create a new load balancer.

Create a load balancer selecting firewall policies to assign to the load balancer

9.25.6. Assign load balancer nodes

To assign your load balancer to VMs, drag and drop the VMs them from the Available Nodes list into the Attached Nodes list.

Privilege: Manage load balancers, Assign load balancers


  • The VMs to be load balanced can be in the same or different virtual appliances in the same virtual datacenter
  • You can also attach VMs by selecting load balancers when configuring the VM.

The following screenshot is from OpenStack Neutron. 

Create a load balancer assigning nodes

9.25.6.1. Load balancer node status

Abiquo will display the status of the load balancer nodes on the Nodes tab, if the status is available from the provider.

You can also check this status using the Abiquo API.




9.26. Manage load balancers with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource LoadbalancerResource.




9.27. Edit load balancers

The cloud provider determines which elements of a load balancer that you can modify. It may be possible to make modifications in Abiquo that will later be rejected by the cloud provider, triggering an error. Check your cloud provider documentation for supported modifications.




9.28. Edit VMs to assign or unassign load balancers

When creating or editing a VM, if the user has the privilege to Assign load balancers, the platform will display the Load balancers tab.


Privilege: Assign load balancers

To assign a virtual machine to a load balancer, select the load balancer from the list.

Edit VM to assign a load balancer




9.29. Onboard and synchronize load balancers from public cloud

When you onboard a VDC from a public cloud provider, the load balancers associated with the VDC and its VMs will be onboarded into the platform.

Remember: to access vCloud load balancers, and provider-only load balancers, go to All virtual datacenters and select the region.

To synchronize all load balancers in a VDC or region:

  1. Select the VDC or region
  2. Click the straight double arrow synchronize button.

Load balancers that have been deleted directly in the provider are displayed in light gray text. You can edit these load balancers to recreate them in the provider, or delete them.




9.30. Delete or release load balancers

To delete a load balancer, select the load balancer and click the delete button.

If your enterprise does not have credentials in the provider, then the load balancer will be released (it will be deleted in the platform but it will remain in cloud provider).




10. Manage virtual machines

This section describes the tasks that may be performed by the cloud user. 

10.1. Edit your user account details

After you log in, you may need to edit your user account to update your details:

  1. Click on the user icon in top right-hand corner of the screen and select Edit user from the pull-down menu
  2. Change your password and edit your user details. Check you have the correct email and phone number to receive passwords and authentication
  3. Add your public key that that the platform will use to launch VMs so that you can access them with SSH

     Click here to expand...

    Edit user general information

    Edit user advanced

10.2. Create a virtual machine

To create a virtual machine (VM) do the following steps:

  1. Open the Virtual datacenters view by clicking on its icon in the top menu
  2. Open a virtual appliance that will hold a group of VMs by clicking on its name
  3. To create the VM, drag and drop a VM template from the Templates tab into the Virtual machines pane. You can also double-click the VM template

    1. If there is more than one version of the VM template, you can select another version
    2. If your cloud provider uses hardware profiles, select one

The platform will create your VM. The status bar on the VM icon says it is NOT_ALLOCATED, which means that the VM has not been launched into the cloud.



10.3. Filter VM templates for creating VMs

The template tab contains compatible templates only. If you cannot see an expected template, contact your system administrator. If there are a lot of templates, you may wish to filter the templates first.

To filter templates in the left-hand Template library tab:

  • Click the filter button and select a category from the pull-down list
    • To display only ISOs, select the checkbox
  • Enter text (including * wildcards) in the search box and press enter

To clear the search

  • Click the Clear link on the Category filter popup, which will clear both category and text search box
  • Click the grey X button beside the Search box
 Click here to expand...




10.4. Configure a VM before you deploy it

To configure your VM before you launch it, do the following steps:

  1. Move the mouse over the VM icon and form the options menu, select Edit
  2. Change the configuration options as described in this section
  3. Click Save

10.4.1. General configuration

To configure the basic general VM settings:

  1. Optionally change the VM's friendly name. By default the platform deploys VMs in name order
  2. In private cloud, optionally enable guest setup
    1. Optionally request a Guest initial password that will be sent by SMS or email
  3. Optionally enter a fully qualified domain name that the platform will set at deploy time
  4. To Enable remote access
    1. Select the check-box
    2. Display and optionally change the password to open the remote access connection
    3. In public cloud you will need to:

      1. Edit your user account to add an SSH public key. See Configure your user account. You will need the SSH private key to log in to your VM 

      2. Assign a public IP to your VM. See VM Network

      3. Assign a firewall policy that allows access to the appropriate SSH or RDP port. See VM Firewall
  5. Optionally enter a description

You can now continue with further configuration or Save and deploy your VM.

10.4.2. VM Network

If you don't add an IP, the platform will automatically add one on the default network.

To configure IP addresses on your VM

  1. Select the Private, External, or Public tab
  2. Create NICs as required:
    • To request an automatically created NIC and IP, drag and drop "Automatically generated IP" to your VM
    • To create a new IP address and NIC, click the + button
    • To use an existing address, drag and drop the IP address into the Network interfaces list
  3. Continue configuring your VM or click Save to finish

10.4.3. Firewall policies

Select the firewall policies to add. You can add as many firewall policies as necessary, up to the cloud provider's limit. If you can't see the expected policies, you may need to synchronize with your provider or wait for the platform to update provider data

10.4.4. Load balancers

Select the load balancers to use for the VM.

10.4.5. Monitoring

To enable monitoring and metrics

  1. Select the Fetch metrics checkbox.
  2. Select from the available options for your provider, for example, for AWS, you can select basic or advanced monitoring
  3. Select the metrics you would like to display for your VM


10.5. Deploy to launch into the cloud

To launch your VMs, click the Deploy virtual appliance button on the right-hand side of the screen.

The platform will launch the VMs and power them on. The status bar below each VM icon will be coloured green. And the Deploy button changes to become the Undeploy button, which you can use to destroy the VMs.




10.6. Display VM details

To display VM details, select a VM icon. The platform will display the control panel below the VMs with different tabs, such as General and NICs.


 Click here to show/hide the screenshots

Here are some examples of VM control panel tabs

  • The General tab contains the CPU and RAM and other information such as the remote access password for connecting to the VM.

General tab of VM control panel

  • The NICs tab contains the details of the IP addresses of the VM.

NICs tab of VM control panel

  • The Storage tab contains the details of the hard disks and volumes attached to the VM

Storage tab of VM control panel




10.7. View VM metrics

To display VM metrics, click the metrics symbol on the VM icon.

To refresh metrics data, click the arrow refresh button on the right-hand side. To toggle the display of metrics, click the selection list symbol on the left-hand side, and select the desired metrics.

To filter metrics, click the funnel symbol. Enter the granularity, statistics, period, and dimensions.

Privilege: Access virtual machine metrics

To configure the display of metrics at the virtual appliance level, do these steps.

  1. Select Virtual appliance → Monitoring
  2. Optionally configure the refresh interval: Select the "Refresh data every" checkbox and enter a number of minutes. 
  3. Choose the metrics you wish to display and filter by metric statistics.

 Click here to show/hide the screenshot

Screenshot: filtering metric statistics




10.8. VM power actions

To stop a VM that is deployed and powered on:
  1. Select the VM icon
  2. Click the power off button, which is square shape.
  3. Select from the following two options:
    1. Shutdown: The platform will try to gracefully shut down the VM. This option may require hypervisor and guest VM configuration

    2. Power off: The platform will perform a hard power off on the virtualization technology. Warning: Using this option may cause loss of data

Remember that stopping a VM does not destroy it in the cloud provider and the VM is still consuming resources.

To power on a VM, click the play arrow start button.

Depending on the cloud provider, you may also be perform the following actions:

  • pause a VM to suspend it using the double vertical bar button
  • reset a VM to restart it using the circular arrows button.

The platform displays the appropriate buttons for the provider and the current state of the VM.

 Click here to show/hide walkthrough screenshots

The following screenshots show two VMs: the VM on the left is selected to perform an operation; the VM on the right shows how the result of the operation will look.

Power on:

Pause

Reset

Stop




10.9. Connect to a VM

The platform enables you to connect to a console of a VM that is deployed and powered on.

  • It make take up to 15 minutes after deploy for the initial guest password to propagate to a VM, especially for Windows systems
  • To obtain the remote access password, go to the VM control panel → General
  • To obtain VM credentials check your email or SMS, or you may click the Key button for guest initial password or the default credentials button

To connect to your VM from the user interface:

  1. Select the VM and on the control panel, click the eye icon
  2. On the remote access tab, enter:
    1. The remote access password
    2. The SSH private key in the Decryption password box 
  3. Log in to the VM with the appropriate credentials

The remote access connection to the VM will open and you can log in and work with the VM. Remember to change your administrator password as soon as possible.





10.10. Add more VMs to a deployed virtual appliance

When you add another VM to a deployed virtual appliance, it is not allocated to the provider directly. You can deploy new VMs individually or click the Deploy all VMs button in the top right-hand corner of the screen.




10.11. Reconfigure a VM after you deploy it

After you deploy a VM, the changes you can make will depend on your cloud provider. To change the configuration of a deployed VM

  1. Select the VM
  2. If your provider or operating system does not support using hot add and hot reconfigure, power off the VM, using the Stop button on the control panel
  3. Move the mouse over the VM and from the options menu, select Edit.
  4. On the Edit VM dialog, go to General, make changes to the following as required:
    1. VM friendly name
    2. CPU and RAM if hardware profiles are not in use
    3. Remote access
      1. If you disable remote access, hypervisor configuration will remain but you cannot access it through the Eye icon
      2. If you change the password, the change will be applied when you save the VM. Remember that it can be a maximum of 8 alphanumeric characters, i.e.. a to z, A to Z, 0 to 9. If you delete the password, the screen requesting the password will not appear. On ESXi hypervisors, if you set a password and later delete it, the password will be blank, not null. The screen requesting the password will appear, and you should press <Enter> to continue.
    4. Description of the VM
    5. Hardware profiles
  5. Make changes to Networks and Storage, Firewalls, and Load balancers as required
  6. Click Save

The changes will be applied in the cloud provider directly.

To change a VM's fully qualified domain name (FQDN), make the change in the VM's operating system and the platform will detect the new value

Do NOT change the Abiquo tag in public cloud

Do not change the Abiquo platform's tag on a VM in public cloud provider (e.g. on an AWS instance) because you could break the link between Abiquo and the VM. If the link is broken, you will not be able to manage the VM with Abiquo.




10.12. Save VM disks to create an instance template

An Abiquo instance is a new template that you create from VM disks.

Privilege: Create instance

Before you begin:

  1. In Azure, to create a VM snapshot (instance) you must first log in to the VM and generalize it using Sysprep. See https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource. Then you should power it off and create the snapshot in the usual way. Note: after you generalize the VM, you cannot power it on again

To create an Abiquo instance, do these steps:

  1. Select and shut down each VM that you want to copy, then click Create instance


  2. Select a VM from the dialog
  3. Enter a name that will enable you to identify the new template
  4. In private cloud, optionally select the VM disks to save to a new template in the template library. If no disks are selected, the instance will copy all disks
  5. If you want to create more instances, select Keep window open
  6. Click Create instance. The platform will lock the VM to create the instance
    Select disks to clone for VM instance template
  7. If you kept the dialog open, click Back to list and create more instances as required, then close the dialog

Your new templates will be stored in the Template library.


10.13. Display all VMs


To display all VMs of your enterprise, go to Virtual datacenters → All virtual datacenters → Virtual machines tab.

To display all the VMs in a specific virtual datacenter, select the virtual datacenter.

To select icon or grid view, click the icon symbol or the grid symbol in the top right hand corner.

To jump directly to the virtual appliance or virtual datacenter of the VM, go to Grid view and use the shortcut links by clicking on the name fields.

To filter the VMs, enter text from the VM details with wildcards as required. See Search and filter VMs




10.14. Move a VM to another virtual appliance

To move a VM to another VApp in the same virtual datacenter:

  1. Select the VM

  2. On the VM control panel, click the VM move button

  3. Select the virtual appliance or create a new one, and click Accept

If you have the privilege to restrict VMs, you may also be able to move the VM to a restricted VApp in the same virtual datacenter. 




10.15. Restrict a VM

To restrict a VM by moving it to a restricted VApp:

  1. Click the VM move button on the VM control panel

  2. Select the option to move the VM to a restricted VApp OR select a restricted VApp from the list, or create a new one

     Click here to show/hide the screenshots



10.16. Delete a VM

To delete a VM, move the mouse over the VM and from the VM options menu, select Delete.

If the virtual appliance or VM is deployed, you do not need to undeploy it. You can directly delete a VM that is deployed. 

 Click here to expand...

Select Delete from virtual machine options menu



11. Alarms



11.1. Create an alarm

You can create alarms for built-in VM metrics or scaling group metrics, as well as custom metrics created using the API for VMs, scaling groups, virtual appliances, and virtual datacenters.

Privilege: Access alarms section, Manage alarms

Before you begin:

  1. Configure the metrics you will use in the alarm. See VM monitoring and metrics and Custom Metrics Resources.

To create an alarm:

  1. Go to Virtual datacenter → Alarms
  2. Select virtual datacenter, virtual appliance, scaling group, or VM
  3. Click the Add + button in the top right hand corner
  4. Enter the alarm details as described below
  5. Click Save

The platform will create the alarm for the metric. If you would like the platform to notify you when an alarm is triggered, create an Alert.

Field

Description

Entity typeSelect an entity with metrics from the list on the left.
Entity nameThe name of the entity
Entity labelThe label of the entity, which for VMs is shown in the list on the left
Entity iconThe icon that the platform displays in the UI for VMs and virtual appliances

Name

Name of the alarm with up to 128 characters. Alarm names must be unique for each metric

DescriptionDescription of the alarm. Used together with the alarm name and VM name to identify the alarm, for example, when creating an alert
MetricSelect one of the metrics available for the VM
Metric unitThe unit of the metric. Read only
Metric descriptionThe description of the metric. Read only
DimensionWhen the metric has multiple dimensions, optionally select one or more dimensions. For example, if a VM has multiple hard disks, then the disk read bytes metric may have a dimension for each disk

Last datapoints in period

The number of datapoints that the platform will evaluate the metric during the elapsed time. The default value is All data points and the minimum value of the time period is 1 minute

Statistic

Statistic that the platform will use for evaluating the alarm, which can be: average, maximum, minimum, sum, count, dev

Formula

Operator that the platform will use for evaluation of the alarm, for example, greater than. Values can be: notequal, greaterthan, greaterthanorequalto, lessthan, lessthanorequalto, trendup, trenddown

Threshold

Value that the platform will evaluate the alarm against, if appropriate

For a scaling group, an alarm on a metric of the VM in the base workload will receive input from the metrics of all VMs in the scaling group. This means the base workload and/or the clone VMs. So an alarm for a scaling group can activate, even if the base workload is not deployed.



11.2. Edit an alarm

When you edit an alarm, you cannot modify the metric or the entity.

When you edit an alarm, there is an extra field, "Active", that shows if the alarm is activated or not.

After you save the alarm, the platform will start to evaluate it again with new data when it receives the next set of metrics datapoints.




11.3. Delete an alarm

You can delete any alarm at any time, even if it is part of one or more alerts.

Privilege: Access alarms section, Manage alarms

The platform will not warn you that the alarm is used in an alert. However, you can check this in Control view.

After you delete an alarm, you cannot recover it.

If you delete a VM, the platform will delete any alarms associated with its metrics.




12. Alerts

12.1. Create Alerts and Alarms

Before you begin:

  1. Retrieve VM built-in metrics, by editing VMs and enabling monitoring (see VM monitoring and metrics) or create custom metrics
  2. Optionally create metric alarms (see Manage cloud alarms and Infrastructure Alarms)

To create an alert:

  1. Go to Control → Alerts
  2. Click the + add button
  3. Enter the alert details
  4. Select an existing alarm, or create a new alarm, and assign it to the alert. Repeat for the required alarms

  5. Click Save

If all alarms are activated, the alert will be activated. You can use the alert to trigger actions. See Manage Action Plans.

Privilege: Access alerts section



Field

Description

Name

Name of the alert. The name can contain up to 128 characters

DescriptionDescribe the alert
MutedSelect this checkbox to disable action when the alert is activated
EmailList of emails to notify when the alert activates
Alarms

You must assign at least one alarm to be able to save the alert




12.2. Remove alarms from alerts

Privilege: Access alerts section, Manage alarms, Manage alerts

To remove an alarm from an alert:

  1. Click the delete button, and confirm
    The platform will remove it from this alert, but it will remain in all other alerts that it is associated with

To delete alarms, go to Cloud --> Alarms; see Manage cloud alarms





13. Scaling groups




14. Automation

14.1. Introduction to action plans




14.2. Automate VM first boot with a configuration or script

To automate the configuration of your VM, edit the VM and on the Bootstrap tab, add a configuration or script that will run with cloud-init. Remember that your VM template must be compatible with cloud-init version 0.7.9 or above, and for Windows systems this will be a Cloudbase-Init template.

14.3. Add variables for the configuration of your VM

To add variables for use by cloud-init configurations or scripts, edit the VM and on the Variables tab, add the key and value for each variable that will be sent to the VM at deploy time. Remember that your VM template must be compatible with cloud-init version 0.7.9 or above, and for Windows system this will be a Cloudbase-Init template.

14.4. Configure Chef Recipes and Roles to automate VM configuration

Chef is an infrastructure automation product that uses configuration recipes. You can use Abiquo Chef Integration to deploy a VM that will then configure itself using Chef recipes and roles on Linux VMs.

The Chef tab will display if your tenant has a Chef configuration and your VM template is compatible with cloud-init.

To add Chef roles and recipes for your VM:

  1. Edit the VM and go to the Chef tab. 
  2. By default on this tab you can select roles. In order to select recipes too, select the Mark the "Select individual components" checkbox
  3. Select the appropriate roles and recipes in order to add to the VM's runlist. When the VM is deployed it will download the roles and recipes, and run them in order.
  4. Run a Chef-client recipe to keep your VM up to date with the Chef server.

To change the order of the runlist, click on the pencil button beside a role or recipe, then edit the order number, then click OK.

If you change the runlist after deploy, Abiquo will update the Chef server, and your Chef-client recipe can obtain these changes from the Chef server.

See also Configuring and Using Abiquo Chef Integration in the Abiquo HOWTOs and Troubleshooting Abiquo Chef Integration in the Administrator's Guide.