Abiquo 6.0

Skip to end of metadata
Go to start of metadata

 This document walks through the features that support resellers on the Abiquo multicloud platform and describes the easy steps to set up a reseller hierarchy in the platform.

Reseller features

This section describes the features of the Abiquo multicloud platform that support resellers and their customers in both private cloud and public cloud (Azure CSP and Amazon resellers in the APN).

Reseller hierarchy

A reseller hierarchy will usually be under the platform owner level. The two main levels are resellers and customers, and you can create a base reseller hierachy with just these two levels.

Customers may have further levels, for example, departments. So an example of a full reseller hierarchy could be:

  • Platform owner → resellers → customers → departments.

Diagram:  an example of a reseller hierarchy.

Abiquo resellers can work with all supported private and public cloud providers, and there are several features specifically designed for Amazon and Azure partners.

Cloud reseller white labelling

You can brand the Abiquo user interface for each reseller, and you can also give them their own login theme and URL, using Apache configuration.

The Abiquo UI is HTML5 and you can easily brand it with CSS themes. There are two main branding elements: the login pages and the tenant themes.

You can brand the login page to replace the logo and background image.

For each tenant, you can add a logo, main menu icons, a custom color scheme, and more.

And for the browser tabs, you can brand the favicon.

For more details, see Abiquo branding guide

Managed services with VDC roles

To provide managed services, such as read only access to resources in a public cloud provider, you can use virtual datacenter roles. Virtual datacenters contain user resources, in AWS they are VPCs, in Azure, they are Virtual networks. Roles are the set of privileges assigned to a user.

So for example, you can give users full access to resources in private cloud and read-only access to resources in public cloud. By default users have full access to all of their virtual datacenters. A VDC role replaces the user’s role within one or more virtual datacenters.

The administrator can set a default virtual datacenter role for a tenant in a provider, or a region, and they can update specific virtual datacenters with custom roles. For example, AWS virtual datacenters could always be read only, if the administrator sets a VIEWER role to replace a USER role.

The role restriction applies to cloud users only, not administrators, and it is also possible to create exceptions for specific users.

See also:

Outsource cloud services with restricted VApps

This feature enables users to outsource the management of their VMs to the provider or enable the provider to supply datacenter services within the tenant's virtual datacenter.

Abiquo supports provider services at the VM configuration level with restricted virtual appliances (VApps). Abiquo VApps contain groups of VMs that can be related. You can perform actions on all the VMs in a VApp, for example, you can deploy them together.  Any user with the privilege to Restrict a VM can move a VM to a restricted VApp, even if they cannot manage or view the restricted VApp. This feature works with the Move VM functionality.

A cloud user could simply mark a checkbox to outsource a VM. Whereas the administrator can select or create a new restricted VApp.

A restricted VApp is invisible to the cloud user but it is still part of the VDC with access to VDC resources, the administrator can manage it as usual, and it is accounted in the platform as part of the tenant's resources.

See Move a VM to a restricted virtual appliance.

Dashboard billing widgets

The dashboard widgets import billing data from public cloud, for Amazon, Azure and Google, and it also supports the addition of custom billing data via API. It displays the latest bills and the estimated bills. The administrator can configure the dashboard to display data for reseller and partner accounts and their customers, as well as for customers who wish to use accounts that were obtained directly from the provider. The platform controls the display of the hybrid billing dashboard with privileges. This feature requires the reseller or tenant to configure programmatic billing in the provider. 

Screenshot: Details of the latest bills

Screenshot: Estimated bill

 Click here to show/hide more screenshots

Screenshot: Latest bills with breakdown by service

Generate public cloud billing data

Administrators can request an update of public cloud billing on demand if they have the privilege to Generate billing. The administrator edits an enterprise and goes to the Credentials tab, and then clicks the play arrow Generate billing button beside the Create account button.

On the Generate billing dialog, the administrator can enter the dates to generate bills for, and select the enterprises, including enterprises in their reseller hierarchy.

Import public cloud price lists

Administrators can create pricing models for their resellers and their customers. Users can request an estimate of the price for deploying a VApp. And the platform incorporates prices into billing data. 

To enable you to easily manage public cloud pricing, the platform can retrieve price lists from public cloud providers (such as Amazon and Azure). These prices are for Linux VMs without any applications installed. You can later manually edit these prices or use the default to update them every 24 hours. This feature synchronizes price lists for customers of resellers (with markup) and standard customers.

Administrators will need to add pricing credentials with access to pricing for public cloud accounts for either resellers or standard customers.

See Synchronize public cloud price lists.

Cost usage reports by VM hours

This feature imports recent accounting data to allow access via the Abiquo API. The feature can also be customized to provide detailed reports for all levels of the hierarchy by VM usage in hours. The administrator can filter these reports by entities, e.g. reseller, customer of reseller, etc. So for example, a reseller can supply reports to their customers, and even the departments of the customer. The platform can also support bulk pricing for ranges of VMs per reseller.
 Click here to show/hide example report data

The following example shows the data for a sample report.

    "usageStartTime" : "2020/04/01 00:00:00 +0000",
    "usageEndTime" : "2020/04/30 23:59:59 +0000",
    "resellerCode" : "codeResellerA",
    "keyNodeName" : "keyNodeA1",
    "enterpriseId" : 2,
    "enterpriseName" : "Enterprise A12",
    "internalCustomerId" : "contractKeyNodeA1",
    "hours" : 144,
    "priceFirstInterval" : 3.00000,
    "costFirstIntervalPrice" : 432.00000,
    "weightedPrice" : 1.54545455,
    "cost" : 222.54545520,
    "currencyCode" : "USD",
    "conversionFactor" : 1.00000,
    "costApplyingConversionFactor" : 222.5454552000000,
    "startBillingPeriod" : "2020/04/01 00:00:00 +0000",
    "endBillingPeriod" : "2020/04/30 23:59:59 +0000",
    "links" : [ ]

Administer a hierarchy and delegate administration

The platform makes it easy to administer a hierarchy because usually an administrator will only manage their own tenant's users and those in their direct scope. And they will manage templates and blueprints for their own tenant. The administrator can then delegate administration to scopes beneath their scope. And share VM templates and configuration blueprints with them. So, for example, a resellers' customers could manage their own users, local VM templates, and so on. And these customers can even have their own hierarchies and delegate administration to their departments.

Tenant metadata

Administrators can store metadata for each tenant, for example, an account ID, as well as values of provider pricing markups, currencies, and so on.  To store metadata, administrators create enterprise properties, which have a key and a value. Cloud administrators can create hidden, read-only, read-write properties

Tenant administrators can usually display read-only properties and create and update read-write properties.

Creating a reseller hierarchy

In Abiquo administrators create an organization hierarchy using Scopes. First of all, the cloud administrator should define the tenants (enterprises) that a user will administer (users, templates, etc), and create an access list, which is the User scope. Then they should define the related enterprises, for which they will delegate administration. These access lists will also be scopes, but below the user's scope in the hierarchy, as child scopes of the parent scope. The cloud administrator can create a tree structure with as many levels as necessary. 

For billing and reporting, the cloud administrator can define the "top of the branch" enterprises, which could be the customer headquarters or similar.

Create scopes to define a reseller hierarchy

An Abiquo scope is an access list that you can assign to tenants and you can define the scope hierarchy by selecting a Parent scope of the scope.

First we create a scope for the reseller, which is below the Global scope.

We will select the locations that an administrator with this scope can manage. 

Then we will create a scope for a customer tenant of the reseller. The customer scope has the reseller scope as its parent scope. Select the cloud providers and datacenters and later add the enterprise to its own scope.

In this case, we create the scopes first and select the locations that the administrators can manage. Later we will add the enterprises to their scopes. This means that the administrators in these enterprises can manage the users, templates, and so on.

Create reseller enterprises

To create a reseller enterprise, you should mark the enterprise with the Reseller flag. You will also need to enter pricing credentials, the provider discount, and create a base pricing model. Remember that you can only have one reseller per scope (enterprise default scope). When you configure the billing dashboard, enter the reseller's credentials. The platform will then identify the reseller's customers using their compute credentials, for example, the AWS access ID. 

See Create a reseller enterprise

Create reseller pricing models

The platform provides a pricing estimate for deploying a virtual appliance when the user clicks the pricing button, usually marked with a currency symbol.

 Click here to expand...

Screenshot: The pricing estimate button may display the tenant's currency symbol.

Screenshot: The pricing estimate message includes the VMs and other virtual resources.

An administrator can assign the same pricing model to multiple enterprises and clone pricing models to create new ones. Administrators can set resource prices per location in multiple currencies. Administrators can use cost codes to set prices for templates and hardware profiles. The platform combines pricing models with usage data to generate billing data that is output in CSV files. 

For resellers, the platform can import prices for hardware profiles from public cloud. The pricing model from a reseller is the base for a pricing model for the customers created by the reseller. The reseller can set markup for customers, on top of the base pricing model. Customers can only display their own prices.

Create a reseller pricing model and assign it to your resellers.  For more details, see Create a new pricing model and  Create reseller pricing models.

Create reseller administrators

To create a reseller administrator, you will first need to define their role, with the privileges they will have to perform actions on the platform.

A reseller role with minimum restrictions could grant the administrator the following privileges:

  • All dashboard privileges
  • No infrastructure privileges
  • Most virtual datacenter privileges (except those for infrastructure or system administrator features)
  • Most virtual appliance privileges (except those for infrastructure or system administrator features)
  • Most Apps library privileges (except those for global and infrastructure features)
  • Most user privileges (except those to manage roles, and reseller enterprises) 
  • No system configuration privileges, except access to reports
  • Event privileges for the current enterprise
  • All control privileges.

The cloud administrator can create reseller customer enterprises centrally or delegate this work to the reseller, in which case the reseller administrator will require the Manage enterprises privilege. Note that this will mean that reseller administrator can also edit their own enterprise if it is in their scope.

Screenshot: Create the user and assign the reseller administrator role.

Create a customer pricing model

To ensure that the appropriate base pricing model is available, the reseller administrator with pricing privileges should log in to create the customer pricing model.  

Create a reseller customer 

You can create a customer with one or more tenant enterprises. The main customer enterprise is the "key node" of each customer organization, for example, it would represent the headquarters of an organization.

When you create the main customer enterprise, mark the Key node flag. If this enterprise is the customer of a public cloud reseller, then you do not need to enter pricing credentials. You should create tenant properties for markup, and a customer ID. The platform will automatically propagate pricing models and price lists to this tenant, with markup. Remember that you can only have one key node per scope (Enterprise default scope). In scopes below the key node enterprise, you should then create any other enterprises to represent other parts of the customer organization, for example, departments of a business, stores in a retail chain.

 Click here to expand...

Steps to create a key node enterprise

This is very similar to creating a reseller enterprise, so these steps will only highlight the differences from the reseller enterprise.

  1. On the General tab, select the key node scope, and select Key node
  2. On the Properties tab, enter tenant properties to identify the customer and set the markup for customers of resellers
  3. On the Pricing tab, select the customer pricing model

After you create the key node enterprise, edit the key node scope and add the customer to its scope

Add a customer for billing only

As an AWS or Azure partner with a reseller hierarchy in Abiquo, you can now enter partner customer credentials as "only for billing" to display their public cloud billing data on their Abiquo dashboards. This functionality was previously available in Abiquo for Azure, and it is now available for AWS too.

In AWS in version 6.0 this functionality only supports accounts that are customers of an AWS partner account.

If your customer has their own AWS account, please see Add a customer AWS account to Abiquo for billing only

In 6.0.0, in the AWS billing dashboard configuration for resellers and standard accounts, you must enter the new amazon_bucket_region enterprise property

To use this functionality, you must have a reseller enterprise with pricing credentials in the same scope or a parent scope.

You can enter the following public cloud credentials:

For both types of accounts, for the Secret access key, enter a random password.

When you enter the credentials, mark the Only for billing checkbox. For customers with these credentials, there will be no compute access using Abiquo.

If users will not use the compute feature, you do not need to create an IAM user or an application, as for compute accounts.

Create customer accounts

The Create accounts feature for public cloud is for resellers with AWS partner and Azure CSP accounts.

To create accounts for a reseller customer:

  1. Edit the enterprise, go to Credentials 
    • The enterprise must have the Azure CSP or AWS partner credentials
      • For Azure, the account must have the User Administrator role to create users and the Owner role to assign roles.
      • For AWS, for the policies to assign to an account, see AWS account policies
      • For vCloud, the user must be an Organization Administrator
  2. Click the building Create account button
  3. Enter the customer details for the provider.

    For more details see GUI Create account AWS


    For more details see GUI Create account Azure

Abiquo will automatically create the account in the cloud provider and add the credentials to the reseller customer's enterprise.

Display public cloud price lists

A tenant administrator with pricing access can display the pricing model for the tenant. 

To display the prices for your tenant:

  1. Go to Pricing view
  2. Select and edit the pricing model
  3. Go to Resource prices and select the cloud locations
  4. Click Cancel to close the pricing model

  • No labels