Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Abiquo Documentation

Skip to end of metadata
Go to start of metadata


The Tenant Administrator Guide describes the main administrative tasks of the enterprise administrator.

  • Manage your users
  • Manage templates
  • Manage virtual datacenters
    • networks

This guide does not explain working with virtual appliances and VMs, which are covered in the Cloud Platform User Manual.

1. Configure your user account

To edit your user account to change your details or password:

  1. Click the user icon or username in the top right corner of the screen. The user menu will open. Select Edit user.
  2. Edit your details, for example, your name and password
    • (warning) If you change your password, you will be logged out as soon as you save your changes
  3. Optional: add your public key for access to virtual machines
  4. Click Save

    MultiExcerpt named '2fa' was not found
The page: Configure your user account was found, but the multiexcerpt named '2fa' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.

 

2. Manage public cloud credentials

If you have the privilege to Manage provider credentials, the credentials option for cloud provider accounts will display in the username menu.

Privilege: Manage provider credentials

Screenshot: Manage cloud provider accounts for your enterprise from the username menu. 

Select Edit credentials from username menu

2.1.1. Add a cloud provider account

To work with a public cloud provider, you must obtain credentials to access the cloud provider's API. Always check your cloud provider's documentation before working with a public cloud on the platform. If you are not sure about which credentials to enter, check with your system administrator. Although your cloud provider's documentation is the definitive reference, Abiquo provides the following basic guides: Obtain public cloud credentials

To add public cloud credentials:

  1. Click on the username or icon in the top right-hand corner of the screen and select Edit credentials from the username menu
  2. On the Edit credentials dialog, select the provider
  3. Enter your credentials to access the cloud provider's API

    For DigitalOcean v2, Abiquo ignores the Access key ID field (or "identity" attribute). Enter the token in the Secret access key field.

    1. Access key ID: for example, this may be a Username, API access key ID or Subscription ID or another account identifier
    2. Secret access key: for example, this may be an API key or other API credential.
  4. Click Add account. Abiquo will validate your credentials with the cloud provider before saving them.

The cloud provider credentials should display under Current credentials and you should be able to use this account on the platform.

Screenshot: add cloud provider

Edit credentials for cloud providers

3. Manage templates

VM templates are the packages from which you can build VMs. First, in the column on the left, click on the datacenter or public cloud region and optionally select a template category. On the right, the platform will display all the templates available for the selected datacenter or public cloud region. The templates can be displayed in icon view or in list view.

Privilege: Manage VM templates from Apps library

Icon view

Select a VM template to activate the VM template operations menu. This menu will vary, depending on the context.

List view

Select a template to display the template option buttons on the top right-hand side of the list.


3.1. Upload Templates from the Local Filesystem

You can upload VM templates from a local filesystem in OVA format (multiple disks) or as a single disk.

Privilege: Upload virtual machine template


Before you begin:

  1. Check that your template disks are in a compatible format for the platform.
  2. Check that you have the template details ready to enter, or that your file meets the requirements, depending on your upload:
    1. Local file: number of CPUs, RAM and the Capacity, which is the deployed size of the VM hard disk. See Determine the size of a VM Disk File.
    2. ISO file: number of CPUs and RAM for the VM
    3. OVA file: Abiquo reads OVA files such as those created with VMware. The name of the OVA file must end in the extension ".ova". You can upload a multi-disk template for a single VM. The OVA file must contain an OVF description file for the template. The platform uses the Name tag in the VirtualSystem as the template name. If the Name is not set, Abiquo falls back to the ID. See OVF Reference.  
  3. You can upload a template with a multi-part upload over an HTTP connection from your browser to the Apps library. The platform supports browser upload of files larger than 2 GB but for very large files, it may be convenient to use another method.
  4. If you do not have any hypervisors, the platform will convert the template into ALL possible hypervisor formats. So before you add templates to your Apps library, add one physical machine of each hypervisor type that you will require conversions for, in order to reduce unnecessary use of the NFS repository space. See V2V Conversion.

To add a new template:

  1. In the Apps library view, select the datacenter and click the add button
  2. Select one of the upload or download options and enter the appropriate data

3.2. Upload an OVA file

To upload an OVA file: 

  1. Select Create from OVA file, and select the file.
  2. Abiquo will display the filename. Click Save. Abiquo will upload the file and create the template.

When the template has been uploaded, Abiquo will open the Edit template dialog. Check the template details and click Save.

 Click here to expand...


3.3. Upload from local or ISO file

Complete this form to create a new VM template in the appliance library.

Field

Value

Name

A short name to identify the VM template.

Description

A description of the services and applications installed on the VM template

Category

A logical group for organizing the templates. There is a default category ('Other') that cannot be deleted. See Manage VM Templates#OrganizeVMtemplatesintocategories.

CPU

Number of CPUs to assign to this template. It is important to enter a correct value, or a sensible best-guess value.

RAM

RAM assigned for this template in MB, GB, or TB. It is important to enter a correct value, or a sensible best-guess value.

Min/MaxMinimum and maximum CPU and RAM that users can assign to this template in MB, GB or TB

Icon

Enter the URL for the template's icon in PNG, JPG or GIF format. It must be a complete URL with an IP address that is not localhost or 127.0.0.1. It may be a URL on the platform server. Recommendation: use square images with a size of 128x128 pixels. A transparent background looks nice. If the template is shared, the same icon will display for all users.

3.3.1. Disk from local file

When you upload a disk you can enter these disk options.

 

Field

Value

Type

The disk type of the template. You must enter the correct type (not Unknown) to be able to use the template in the platform. See Disk Format Information. The V2V conversion process will generate the different conversions for each hypervisor installed or for all hypervisors if you have not added any hypervisors yet.

Capacity

The hard disk size required for the deployed disk in MB, GB, or TB. It is important to enter a correct value. See Determine the size of a VM Disk File. This is a required field.

File nameClick Select file and use your browser to choose the file to upload.
Controller typeDepending on the hypervisor, the platform supports IDE, SCSI, and on KVM, it also supports VIRTIO.
ControllerOn ESXi you can enter a SCSI controller type. The default value is the lsilogic controller.
NameDisk name in the platform
BootableSelect this checkbox to indicate that this is a system disk that can be used to boot the VM

* Capacity of the Hard Disk

You must enter a correct value for the Capacity of the hard disk, otherwise, when your deploy may fail with a message such as "is not a virtual disk". The hard disk size of a deployed VM is the physical size of the template disk for fixed formats, and the provisioning size for sparse formats and compressed formats, e.g. stream-optimized. The Hard disk size entered in this field is recorded in the template definition (a short version of an OVF description) and used to create the disk on deployment.

3.3.2.
Disk from ISO file

 

Field

Value

Type

ISO

File name

Click Select file and use your browser to choose the file to upload

BootableSelect this checkbox to indicate that this is a system disk that can be used to boot the VM
Create extra empty diskIf you enter a disk size, the platform will create this hard disk and use it to install the ISO

3.3.3. Disks tab

The disk you upload is saved as the 0 disk in the boot sequence. Abiquo will send this disk to the hypervisor as the boot disk. If your disk is not a bootable system disk, then move the disk to a different position in the boot sequence when you add a bootable system disk.

You can edit the uploaded disk but you cannot delete it before you save the template.

You cannot resize the disk before you deploy the VM.

3.3.4. Variables tab

To add variables to a VM template, enter the Key and Value, then click Add. To edit an existing value, click the pencil icon, enter the new value, then click ok. To save your changes to the template, click Save.

The variables will be added automatically to new VMs. Users can edit the variables when configuring the VM.

3.3.5. Advanced tab

Field

Value

Operating System

Sets the VMware guest operating system type for the platform. See Extended OVF Support and Template Definition for further details.

OS version

Enter an OS version, which can be an OS not included in the above list of codes. If you do not enter a value, the latest version is used.

See Extended OVF Support and Template Definition for further details. 

User

Default user for a VM created from this template to access a deployed machine using SSH.

Password

Default password for a VM created from this template

NIC driver

The platform always supports E1000 drivers. On ESXi and vCloud, Abiquo also supports PCNet32 and VMXNET3. On KVM, Abiquo also supports VIRTIO drivers

Click Save to upload the template file. 

After you save the template, you can edit the template and add more disks, edit, reorder and delete disks. You can also add a cost code.

3.4. Troubleshooting VM template uploads

The GUI upload process is handled by the browser and there are some limitations. If a file is not compatible with GUI upload, you can upload it manually. Manual upload requires access to the filesystem, so it should be done by a system administrator. See Importing Templates into the Appliance Library#Manual Upload.

For more Information about VM Templates, see Virtual Machine Template Guide

Note that downloading templates to the client requires access to the Appliance Manager IP address configured for the current datacenter. 


3.5. Create from remote template repository

To create VM templates from a remote repository, do these steps:

Privilege: Download template from remote repository

  1. Select the repository in the left column; the platform will update the display of categories and template definitions available.
  2. Select a category or All categories. The right column will contain the template definitions available to you. An icon, title and brief description is provided for each.
  3. Optionally click on Show disks to see the disk information.
  4. For each template that you wish to download, mark the check box next to the template definition
  5. To start the download, click the Download button at the top of the dialog
    1. Abiquo will check that this template download will not exceed the repository limits for your enterprise or your enterprise in the datacenter.
    2. A status bar will appear next to the selected packages showing the download state.

If a template belongs to a category in the remote template repository and the category does not exist in the appliance library, this new global category will be created when it is downloaded.

 Click here to show/hide the screenshot

Screenshot: Remote template repository as seen by a user with privileges to Manage remote repositories

You can now work with the new VM template

3.6. Download templates from the Docker registry


 Click here to show/hide Docker information

To download template definitions from the Docker registry to the Appliance Library, the Docker registry should be configured by the System Administrator. Do the following steps:
  1. In the Apps library, select your datacenter in the Private cloud datacenters list.
  2. Click the Docker link to access Docker images. 

     Click here to expand...

  3. Click the Import template button to download a Docker image. The search dialog for Docker images will open. This dialog is similar to the public cloud image search dialog. 
  4. Optionally enter search terms, such as a template ID or Name and filter by OS type, etc. Or to retrieve all the images from the Docker repository, do not enter any search or filter criteria.
  5. Click Search

     Click here to expand...

  6. After you have found an image, click the import symbol in the top right-hand corner of the image icon to cache the image in the Apps library


3.7. Add VM Templates to Public Cloud Apps Library

To import a template from a public cloud region into the platform's template cache, do the following steps:

  1. Open the Apps library at the Public cloud tab. In the column on the left, select the public cloud region.
  2. Then click the Import template button on the upper right-hand side of the screen.
  3. The Import template popup will open.
  4. Enter the search criteria for your template.

    Filter

    Type

    Comments

    ID

    Free text

    For example, ami-0354b96a

    Name

    Free text

    Search for this text in each template Name and Description. The search is not case sensitive

    OS type

    Selector

    Any, Windows or Other. The default value is Any

    PublisherSelectorFilter by publisher names, as available in some providers, e.g. Azure. Type a publisher name to open a drop-down selection list.

    Private

    Checkbox

    Private images that are only available to your user account in the public cloud provider

    vCloud Director: display templates in the same organization

    Public

    Checkbox

    Public images that are available to all users in the public cloud provider

    vCloud Director: display templates in other organizations

    32 bits

    Checkbox

    32-bit images

    64 bits

    Checkbox

    64-bit images

    Then click Search to perform the search. The search can take some time and return several pages of templates.

  5. To see more details of a template, move the mouse over it to display a tooltip with template details.

     Click here to show/hide the screenshot

  6. To import a template, click the Import symbol in the top right-hand corner of the template.

     Click here to show/hide the screenshot

  7. When a template has been imported, the color of the Import symbol will change to gray. You can import many templates in one session.

     Click here to show/hide the screenshot

  8. When you have finished importing templates click Close.

3.7.1. Modify VM templates

To modify a VM template, select the template and click on the control menu button in the top-right corner and select Edit.

3.8. Modify a virtual machine template

Before you begin:

  1. Log in or switch enterprises to the tenant that owns the template. 

To modify a VM template:

  1. Select the template and click on the control menu button in the top-right corner and select Edit. 

Privilege: Manage VM templates from Apps library


In private cloud datacenters, standard templates have disks that will deploy to the hypervisor datastore, in contrast to persistent templates that have disks on external storage volumes. This documentation describes standard templates.

3.8.1. General information

The General information tab contains the basic template details.

Field

Value

Name

A short name to identify the VM template. This will be the default name of a VM created from this template.

Description

A description of the services and applications installed on the VM template

Category

Logical grouping of VM templates to enable you to organize them. "Others" is a default category that cannot be deleted

Icon

Enter the URL for the template's icon. This must be a URL with a public IP address, not localhost or 127.0.0.1. It may be the URL of the Abiquo Server. A default icon is assigned if the template does not have one.  Abiquo recommends that you use square icon images with a size of 128x128 pixels. A transparent background also makes icons look better. The compatible image formats are PNG, JPG and GIF.

If the template is a shared template, then all users will see the icon. Changing the icon of a master template will not change the icon of instances you created earlier. However, new instances will be created with the new icon.

 It also contains the CPU and RAM, or hardware profile selection.

Set CPU and RAM

Field

Value

CPU

Number of CPUs assigned to this template.

RAM

RAM memory size assigned for this template in MB or GB.

Min CPU
Min RAM

In private cloud, minimum value of CPU or RAM. If 0 or empty, then there is no constraint. The platform stores 0 as an empty value, so if you enter "0", it will disappear! You cannot set a minimum below the current template value. Changes apply to new VMs, they are not retroactive. However, if users edit existing VMs that already had out-of-range values, the platform displays a warning but does not enforce the range. Changes can affect recommended hardware profiles on the Advanced tab, so you may need to review them. Users with the Override VM constraints privilege can enter values outside this range

Max CPU
Max RAM 

In private cloud, maximum value of CPU or RAM. If 0 or empty, then there is no constraint. The platform stores 0 as an empty value, so if you enter "0", it will disappear! Changes apply to new VMs, they are not retroactive. However, if users edit existing VMs that already had out-of-range values, the platform displays a warning but does not enforce the range. Changes can affect recommended hardware profiles on the Advanced tab, so you may need to review them. Users with the Override VM constraints privilege can enter values outside this range

Cores per socketThe number of cores per socket. The number of CPUs must be divisible by the number of cores per socket. The maximum value is 32

Set hardware profile

Field

Value

Hardware profileSelect a hardware profile

CPU

Number of CPUs assigned to this template.

RAM

RAM memory size assigned for this template in MB or GB.




3.9. VM template disks

The Disks tab displays the disks currently attached to the VM.

In private cloud, the user may edit, delete, and add new disks, as well as download disks to their local file system. 

3.9.1. States of disks in private cloud

Template disks and their conversions can be in the following states:

  • The platform uses the state of the disks to determine the template's state. 

    • DONE: the disk is ready, but conversions may still be in progress
    • IN PROGRESS
    • UNAVAILABLE: the disk is defined in the template but not present in the Apps library
    • FAILED: the disk was not properly created because of an issue during its creation
  • The state of a disk conversion can be as follows
    • ENQUEUED 
    • FINISHED
    • FAILED

3.9.2. Manage VM template disks in private cloud

To edit VM template disks in private cloud, edit a template and go to Disks

To change the boot order of a disk

  1. Click the pencil icon near the sequence number and enter a new number. There must always be a boot disk in the 0 position, and the boot disk cannot be an empty disk.

To download a disk

  1. Select the disk
  2. Click the download symbol on the right-hand side of the disk details

To manually launch conversions to new template formats if you have added any new hypervisor types after the initial conversion process ended

  1. Click Generate missing conversions.

To display and manage disk conversions

  1. Select the disk and check the conversion details in the lower panel

To restart a failed conversion:

  1. Click the Restart conversion link beside the conversion

To add a disk:

  1. Click the + button in the top right of the disk dialog
  2. Select one of the options: Disk from local file, Disk from iso file, Empty disk or Template disk.

     Click here to show/hide the screenshot

  3. Enter the details of the disk

    • Disk from local file

       Click here to display details of Disk from local file

      When you upload a disk you can enter these disk options.

       

      Field

      Value

      Type

      The disk type of the template. You must enter the correct type (not Unknown) to be able to use the template in the platform. See Disk Format Information. The V2V conversion process will generate the different conversions for each hypervisor installed or for all hypervisors if you have not added any hypervisors yet.

      Capacity

      The hard disk size required for the deployed disk in MB, GB, or TB. It is important to enter a correct value. See Determine the size of a VM Disk File. This is a required field.

      File nameClick Select file and use your browser to choose the file to upload.
      Controller typeDepending on the hypervisor, the platform supports IDE, SCSI, and on KVM, it also supports VIRTIO.
      ControllerOn ESXi you can enter a SCSI controller type. The default value is the lsilogic controller.
      NameDisk name in the platform
      BootableSelect this checkbox to indicate that this is a system disk that can be used to boot the VM

    • Disk from ISO file

       Click here to display details of Disk from ISO file

       

      Field

      Value

      Type

      ISO

      File name

      Click Select file and use your browser to choose the file to upload

      BootableSelect this checkbox to indicate that this is a system disk that can be used to boot the VM
      Create extra empty diskIf you enter a disk size, the platform will create this hard disk and use it to install the ISO

    • Empty disk

       Click here to show/hide the details of an empty disk

      Enter the size of the disk and the disk controller type and controller information.

      The platform will store the disk definition in the VM template and when you deploy a VM based on this template, the platform will create the disk on the hypervisor datastore.


    • Template disk

      Select a template from the Apps library and then select a disk from the template. 

       Click here to show/hide the screenshot

      Abiquo will select the original disk, not the conversions. If you require other formats, generate conversions for these formats. 

3.9.3. Edit a template disk

 To edit a disk:

  1. Select the disk
  2. Click the pencil edit button and make changes as described below

When you edit a disk you can modify the following values. To reset a value to the default, click the x beside the value.

Field

Value

Type

The disk type of the template. You must enter the correct type (not Unknown) to be able to use the template in Abiquo. See Disk Format Information.

Capacity

Hard disk size required for this template in MB, GB or TB. It is important to enter a correct value. See Determining the size of a VM Disk File.

File nameTo download the disk, click Download beside the virtual disk file name
Datastore tierSet the storage service level for the template disk by selecting a datastore tier. The user can modify this value after a VM is created and before it is deployed.
Allocation typeThe user with appropriate privileges can modify this value after a VM is created and before it is deployed.
Controller typeIf you change the controller type your VM may not boot. The user can modify this value after they create a VM and before they deploy it.
Controller

On ESXi

  • You can select multiple controllers on a VM and the controller can be changed, even after deploy
  • If no value is entered, the platform will use the default value of lsilogic or the value set by the system administrator

See table of values below

NameHard disk name in Abiquo
BootableSelect this checkbox to indicate that this is a system disk that can be used to boot the VM

 You can enter a disk controller value, according to the following table.

 Click here to show/hide the disk controller table

ResourceSubType value

diskController saved in template and created on VMware

contains "paravirtual"ParaVirtualSCSIController
contains "bus"VirtualBusLogicController
contains "sas"VirtualLsiLogicSASController
other (default value)VirtualLsiLogicController


3.9.4. Delete a template disk

Before you begin, check that the template is not in use. A template is in use if it has deployed VMs or dependent instances. 

To delete a template disk:

  1. Select the disk to delete
  2. Click the Delete trash can icon.

3.10. Edit VM template variables

To add variables to a VM template

  1. Enter the Key and Value, then click Add. The maximum length for VM template variables is a key of 255 characters and a value of 255 characters.

To edit an existing value

  1. Click the pencil icon on the right side beside the variable value, enter the new value, then click ok.

To save your changes to the template, click Save.

The variables will be added automatically to new VMs. Users can edit the variables when configuring the VM.

3.11. Advanced tab

The Administrator can edit advanced template elements. These values can also be specified through the OVF and the API. See Extended OVF Support and Template Definition

Field

Value

Guest setupSelect guest setup option of Cloud-init or Hypervisor tools.
Guest initial passwordIf guest setup is selected, select this option to request an initial password
Cost codePricing cost code for this template. Requires the "Add a cost code in VM Template edition" privilege. See Pricing View
Operating system

Sets the VMware guest operating system type. Select from the pull-down list. For more details, see VM template operating systems and Extended OVF Support and Template Definition. This attribute also enables users to search for templates in public cloud (e.g. Ubuntu 64-bit template). To use the latest version of an operating system, select a generic type, e.g. WINDOWS, and do not enter the version. 

Os Version

OS version is used to:

  • add operating systems not included in the list of codes
  • provide details of operating systems
  • set the VMware guest operating system type

See VM template operating systems and Extended OVF Support and Template Definition for further details. 

User

Default user for a VM created from this template for SSH access.

PasswordDefault password for the default User of a VM created from this template.

NIC driver

  • Abiquo always supports E1000 drivers
  • On ESXi, Abiquo also supports PCNet32 and VMXNET3
  • On KVM, Abiquo supports VIRTIO drivers
Enable hot-add/reconfigure in VM

Supported providers only with supported guest operating systems.
Check that the Operating system and OS version are correctly set for your system
ESXi: See VMware documentation: https://www.vmware.com/resources/compatibility/search.php?deviceCategory=software

After you hot-add or hot-reconfigure, remember to update your guest system as required

CPU hot-add

Enable users to add CPUs in the platform while the VM is powered on

RAM hot-add

Enable users to add RAM in the platform while the VM is powered on

Disks hot-reconfigure

Enable users to remove SCSI disks from the boot sequence and add SCSI disks to the end of the boot sequence while the VM is powered on

  • IDE disks are not supported
  • The platform will save other changes to the boot sequence but it will not implement them in the hypervisor. To implement these changes, power off the VM and make another configuration change that will trigger a reconfigure
NICs hot-reconfigureEnable users to add and remove NICs in the platform while the VM is powered on
Remote access hot-reconfigureEnable users to reset remote access in the platform while the VM is powered on

Creation user

SYSTEM - the platform created the template, for example, from an OVF file in the NFS repository.

Creation date

Date and time when the template was created.

Enable only recommended HPsMark this checkbox to allow the user to select from recommended hardware profiles only.
Hardware profiles - RecommendedSelect the hardware profiles to recommend for this template. The platform will display these profiles in the selection list with "(Recommended)" beside them.

3.11.1. Enable hot add and hot reconfigure for VM templates

To allow users to reconfigure their VMs without powering off, set these values as described under Enable hot-add/reconfigure in VM in the above table. 

4. Manage virtual datacenters

4.1. Create a virtual datacenter

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource VirtualDatacenterResource.

To create a new virtual datacenter:

  1. Go to Virtual datacenters
  2. Above the V. datacenters list, click the  button
  3. Select Create a new virtual datacenter from the pull-down menu
  4. Complete the dialog as described here
  5. Click Save

4.1.1. General information

The basic information to enter when creating a virtual datacenter is described in this section. Further configuration is described in the following sections.

Create a virtual datacenter with NAT. Select the NAT network and the IP address for the default SNAT rule

Field

Description

Name

The name of the virtual datacenter

Location

The datacenter or public cloud region where virtual appliances will be deployed

Hypervisor

The type of the hypervisor for the virtual datacenter. This option will not display if there is only one choice.

Network

  • Default: Create a VLAN (default private or external) in the pre-configured range
  • Custom Private: Create a custom private VLAN (see form below)

If your environment supports NAT you may also be able to select the IP address for the default SNAT rule

Field

Description

NAT networkOptionally select the NAT network to use for the default SNAT rule
Default NAT IPOptionally select the NAT IP address for the default SNAT rule for the virtual datacenter




4.2. Create a virtual datacenter with custom networks

When you create a virtual datacenter, the platform always creates a private network and it counts as part of your VLAN allocation limits, even if the default network is another type of network.

The private network can be the "Automatically-created private VLAN", which is called "default_private_network", or a custom private network, which will be set as the default network.

To create a Custom private network, complete the network section of this dialog.

 Click here to show/hide the screenshot

Field

Description

Network name

The name of the VLAN to create

NetmaskThe network mask

Network address

The network address

Gateway

The IP of the gateway of the VLAN

Availability zonePublic cloud, e.g. AWS: The availability zone where VMs attached to this network will deploy.

Primary DNS

The primary DNS of the network

Secondary DNS

The secondary DNS of the VLAN

DNS suffix

The DNS suffix for the VLAN

Static routesMark the checkbox to define static routes

To manage the VLANs of your virtual datacenter, go to Virtual datacenters → Network. See Manage Networks.




4.3. Manage resource allocation limits for a virtual datacenter

The allocation limits tab allows the administrator to limit the amount of physical and virtual resources a virtual datacenter may consume. A Hard limit is the maximum amount of a virtual resource (e.g. RAM) that a virtual datacenter will be allowed to consume. A Soft limit warns users and administrators that the virtual datacenter is running out of a resource.

To manage the virtual datacenter allocation limits, when creating your virtual datacenter, click the Allocation Limits tab.

There are some rules for creating Allocation limits:

  • You cannot have a hard limit only
  • Soft limits must always be less than or equal to hard limits
  • Limits equal to 0 means that there is no limit to resource usage at this level
  • When editing limits, you cannot set the hard limits below the existing resource usage.


 

LimitChecked atDescription

Memory

Deployment

Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs

Virtual CPUs

Deployment

Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs

Local hard disk

Deployment

Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers

External storage

Configuration

Total size of external storage that may be assigned to VMs in private cloud

VLANs

Configuration

Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create

Public /floating/NAT IPs

Configuration

Total number of public IPs, floating IPs (in public cloud), and NAT IPs that may be used

Virtual machinesDeploymentTotal number of VMs that users can deploy in the location using their allowed resources

In public cloud regions, the platform does not support External storage and Repository (Apps library storage) features or limits. 


 Click here to show/hide allocation limit message details

Here is an example of resource limits for a very small virtual datacenter with a soft limit of just one virtual CPU and the hard limit is 4 virtual CPUs, as shown in this screenshot.


You will exceed the soft limits if you try to deploy a virtual appliance with more than one CPU in the virtual datacenter. You will see a pop-up that will allow you to to acknowledge the message and continue with the operation. There are two types of soft limit messages, depending on the soft limit details message option on the General page of Configuration View

If the soft limit details message option is selected on the General page of Configuration View, you will see this type of message.

If the soft limit details option is not selected, you will see a general message.

It is also possible to receive this message when enterprise soft limits have been reached or exceeded but virtual datacenter soft limits have not.

You will exceed the hard limits if you try to deploy a virtual appliance with more than four CPUs in this virtual datacenter. You will see a pop-up that will allow you to to acknowledge the message and terminate the operation.

There are two types of hard limit messages, depending on the hard limit details message option on the General page of Configuration View

If the hard limit details message option is selected on the General page of Configuration View, you will see this type of message.

If the soft limit details option is not selected, you will see a general message

It is also possible to receive this message when enterprise hard limits have been exceeded but virtual datacenter hard limits have not been exceeded.




4.4. Set virtual datacenter defaults

Field

Description

Default datastore tier

Select the default disk service level for your non-persistent virtual machine disks on the hypervisor. This is the default datastore tier for the virtual datacenter.

  • To use your cloud provider's default tier, select "Configured by location"
  • Or select a default tier, according to the available service levels

To clear the current tier, click the black x symbol beside the tier name




4.5. Limit user access to the virtual datacenter

If you are able to manage user roles, you can limit user access to the datacenter for users that are subject to VDC restriction.

Privilege: Manage roles, No VDC restriction

Unable to render {include} The included page could not be found.

After you have entered allocation limits, defaults, and role, click Save.

The platform will create the virtual datacenter and the default private VLAN and display it in the Virtual Datacenters view. 

5. Manage users

5.1. Edit your user account details

By default, all users can edit their own account details with these steps:

  1. Click the user icon or username in the top right corner of the screen. The user menu will open
  2. Select Edit user and enter your details
    • If you change your password, you will be logged out as soon as you save your changes
  3. Click Save

For more details, see Configure your user account




5.2. Create a user

To create a user:

  1. If you manage users in multiple enterprises, optionally select an enterprise where the platform will create the user. Otherwise, it will use the enterprise you are logged into
  2. Click the add button or the edit button and complete the dialog

5.2.1. Enter general user details

Field

Description

Enterprise

The enterprise that the user will belong to.

Full Name

The user's first name and family name

Role

The Role of the user defining their set of privileges on the platform. Select a custom role or use one of the default user roles such as CLOUD_ADMIN, ENTERPRISE_ADMIN, USER.

ScopeThe Scope of a user defining the set of enterprise and datacenters that they can manage on the platform

Username

The username for login. After you create the user, you cannot change the username

Password

The user account password. Requirements are set by the options of Configuration → Security. See also Manually reset a user password

Repeat password

Re-enter the password

Email

The contact e-mail address of the user for platform messages, including password reset. The platform will display a Gravatar icon associated with this address on the Users's card

PhoneThe phone number of the user. The platform will not validate this field.

5.2.2. Restrict a user to a set of virtual datacenters

By default, all users can access all virtual datacenters. When you create a user, you can restrict them to a set of virtual datacenter if they do not have the No VDC restriction privilege.

To restrict a user to a set of virtual datacenters:

  1. While creating or editing a user, go to Restrict access to VDC
  2. Select the Restrict access to VDC checkbox to open the list of available virtual datacenters.
  3. Select list Select the virtual datacenters that the user is allowed to access. If none are selected, the user can access all VDCs


Privilege: No VDC restriction

5.2.3. Enter advanced user details

Field

Description

Description

Optional description of the user account, maximum 100 characters

Public keySSH key for secure access to VMs. Add this key before you create your VMs. See How to work with SSH keys.
Reset password on next loginIf this checkbox is selected, the user must reset their password the next time they log in.

Activated

If this checkbox is selected, the user account is active and the user can log in.





5.3. Suspend or enable a user account

If you need to stop a user from working with or logging in to the platform on a temporary basis, you can suspend the user account. 

To suspend a user account:

  1. Go to Users → Select user
  2. Click the edit button. The user dialog will open
  3. Go to Advanced, and unselect the Activated checkbox

The platform will suspend the account. When a user account is suspended, the platform will log the user out immediately. Be careful not to disable your own account! Fortunately, the main cloud administrator account cannot be disabled.

To enable the user account again, select the Activated checkbox.

If the user makes too many failed login attempts, the platform will automatically suspend their account for the account lock duration or until it is enabled by an administrator.




5.4. Manually reset a user password

If a user cannot automatically reset their password or if the user account is locked for too many password attempts, you can manually reset the password and unlock the account. 

To manually reset a user password:

  1. Open the Users view and select the user
  2. Click the Edit button at the top-right of the Users page. The user form will open.
  3. Enter the new password
  4. Recommended: go to Advanced and select the checkbox to Reset password on next login
  5. If the user account is locked and you wish to unlock it, go to Advanced, and select the Activated option
  6. Click Save. If the user is currently logged in, they will be automatically logged out when you save a new password,

The user password will be reset. Notify the user of their new password.





5.5. Manage users with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource UserResource.




5.6. Manage users in multiple tenants

Some administrators can manage users in more than one enterprise. Select an enterprise to manage its users. 

Privilege: Manage users of all enterprises, Manage users

Privilege: Manage users

If you are only managing users in one tenant, or you log in to multiple tenants separately, the platform displays your users and the user management options.




5.7. Display and filter users

To display the users in card view, select the card view tab from the view selectors in the top right-hand corner.

 Click here to show/hide the screenshot

Users in card view

To display groups of users, click on the pages to display the following:

  • All users on the All page
  • Active users on the Activated page
  • Suspended users on the Suspended page

5.7.1. User status

The user status is displayed either by a colored dot in the Activated column or in the colored tag on the user card:

  • Green for active accounts
  • Red for suspended accounts
    • Red with padlock symbol for accounts suspended automatically after too many failed login attempts 

5.7.2. Filter users

To filter users and display only those with a certain text in the user details:

  1. In the filter box on the right-hand side, enter a text string to search for which can include wildcards. For more details, see Starting Abiquo for the First Time#Searchinlists





5.8. Move a user to another tenant

If you manage users in multiple tenants, to move a user to another tenant:

  1. In the Enterprises list, select the user
  2. Drag and drop the user to a new enterprise

Note that you cannot edit the user to change the user's enterprise.

Privilege: Manage users of all enterprises




5.9. Delete a user

To delete a user:

  1. Select the user account and click the Delete button
  2. Confirm the delete

Abiquo will delete the user account but the user's VMs and other resources will remain on the cloud platform and users in the same enterprise with the appropriate permissions can work with them.

 Click here to show/hide the screenshot


6. Onboard virtual datacenters

If the cloud provider supports virtual datacenters, such as AWS VPCs, you can onboard them. After you onboard the virtual datacenters, you can synchronize them and the virtual resources. If the cloud provider does not support virtual datacenters, then you can onboard the resources from the public cloud regions, such as RackSpace and OpenStack regions. 

Privilege: Manage virtual datacenters

Before onboarding virtual resources, administrators must do the following steps:

  • Create the public cloud region to import from
  • Allow the tenant access to the public cloud region (Enterprise → Datacenters → Allow datacenter)
  • Register the tenant's credentials for the public cloud provider (Enterprise → Credentials)


To onboard virtual resources from public cloud:

  1. Go to Virtual datacenters and the top of the V. Datacenters list
  2. Click the + Add button  select Synchronize public cloud from the pull-down menu
  3. The platform opens a dialog box with a pull-down list of public cloud regions. Select one of these regions.
  4. After you select the region, there are two possibilities:
    • If the provider supports virtual datacenters, Abiquo will display a list of virtual datacenters
    • If the provider does not support virtual datacenters, Abiquo will automatically onboard the virtual resources in the region


6.1. Onboard virtual datacenters from public cloud

To onboard a virtual datacenter:

  1. For the public cloud region, the platform will display a drop-down list of virtual datacenter entities. For example, VPCs in AWS or Virtual networks in Azure. Select an entity and click the Synchronize button. 
    For an AWS region, select a VPC to synchronize as an Abiquo virtual datacenter
  2. The platform will load all of the elements into a virtual datacenter so they can be managed. For example, from AWS, the platform will import the VPC, VMs, subnet with IP addresses, public IPs, firewalls and load balancers, which will be named with their provider identifiers. 
    • The platform will detect a public subnet by the presence of a custom route table and NAT gateway, and the platform will mark the public subnet with a globe symbol and set the Internet gateway flag for this subnet. Users with bespoke network configurations should check the results of the synchronization. The platform will synchronize private and public IP addresses even if they are not in use by VMs, and mark the IP addresses in use by provider entities with provider identifiers.

       Click here to show/hide the screenshot

    • The platform will import VM templates. If the VM template cannot be found, the VM will be created in the platform with no registered template. In this case, to save a copy of your VM disk as a template, so you can recreate the VM, make an Abiquo instance of the VM.

       Click here to show/hide the screenshot

If you delete a synchronized VDC, the platform will delete it in the provider. Always check which is the default VDC in your provider, e.g. AWS default VPC, because it may be inconvenient to delete this VPC

If your enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will still exist in the public cloud provider




6.2. View classic VMs

To view classic VMs, for example in AWS these are EC2 classic VMs, click the "See classic" link. 

 Click here to show/hide the screenshot

The platform will display classic VMs

 



6.3. Synchronize VDCs and resources

During VDC synchronization, the platform will ensure that the resources in the platform and the provider are the same.

  • It will delete entities in the platform that were deleted already in the provider
  • However, it will maintain resources attached to undeployed VMs in the platform
    • For example, if a user has an undeployed VM with IPs and a load balancer, then after the synchronization, these resources are attached to the VM in the platform only
    • Warning: These resources are "free" in the provider. Users working directly in the provider could assign these resources to other VMs. This will cause a conflict and error at deploy time

To update a virtual datacenter and onboard any changes made in the provider, synchronize the virtual datacenter:

  1. Go to Virtual datacenters → V. Datacenters list
  2. Beside the virtual datacenter name, click the double arrow Refresh button

You can also synchronize resources such as networks, public IPs, firewalls, and load balancers. To do this, go to the resource tab and click the straight double arrow Synchronize button. For more information, see the resource documentation.

 Click here to show/hide the screenshots

Screenshot: Synchronize firewalls

Synchronize firewalls that you onboarded or created in public cloud

Screenshot: Synchronize private networks in public cloud

Public cloud synchronization parameters

Note to System Administrators: For information about tuning public cloud synchronization, see Abiquo Configuration Properties#pcrsync.




6.4. Manage resources that were deleted directly in the provider

When administrators delete resources in the provider, the platform will display the resource name in light gray to indicate that the user cannot work with the resource. The resource types include:

  • External networks
  • Firewalls 
  • Classic firewalls 
  • Load balancers 
  • NAT network
  • NAT IPs

To delete these resources (if they are not in use), select the resource and click the delete button.

 Click here to show/hide the screenshot



6.5. Delete or release virtual resources in public cloud

The virtual resources that you onboarded or created in public cloud will be grouped with their associated virtual datacenters.

Before you begin:

  1. If you recently created virtual resources, such as load balancers, synchronize the virtual datacenter to ensure that the platform can find and delete all the dependencies of the virtual datacenter.

To delete onboarded resources in public cloud:

  1. Delete each virtual datacenter
    • You can choose to delete each virtual datacenter in the platform only, or in the platform and the provider. If you delete in the platform only, the platform will automatically remove VMs, virtual appliances, load balancers, public IPs, and firewalls. Remember to check which is the default VDC in your provider, e.g. AWS default VPC, because it may be inconvenient to delete this VPC


If the enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will continue to exist in the public cloud provider




6.6. Onboard from public cloud using the API


Abiquo API Feature

This feature is available in the Abiquo API. See VirtualDatacenterResource for synchronization and LocationsResource for retrieval of virtual datacenters and virtual machines.



6.7. Onboard from public cloud regions without VDCs

If your public cloud provider does not support virtual datacenter entities, Abiquo will automatically onboard when you select the public cloud region.

Abiquo synchronizes virtual resources in public cloud regions for providers that do use virtual datacenters or similar entities, for example, OpenStack clouds and Rackspace. You can only synchronize these providers at the public cloud region level. You cannot synchronize a VDC or an individual resource, for example, a load balancer. 

If Abiquo already has virtual resources on the platform for the provider, then these entities will already be part of a virtual datacenter. Abiquo will check if any new entities in the provider are related to the existing ones in Abiquo and place them in the existing virtual datacenter.

Abiquo will place all VMs and network resources that are not related to existing Abiquo virtual resources into a generic virtual datacenter. Abiquo names this virtual datacenter with the same name as the public cloud region, but the user can rename it. Abiquo will use this virtual datacenter for future synchronizations, adding or removing resources to match the cloud provider.

If the Abiquo integration with the provider supports entities that are not assigned to any virtual datacenter, such as firewalls, load balancers, or floating IPs, these may be loaded into Abiquo as unassigned entities.

If conflicts occur during synchronization, Abiquo will cancel the synchronization. This would occur if two VMs already exist in different VDCs but are related by a firewall or load balancer. Or if two firewall policies or load balancers exist in different virtual datacenters but are related by a VM.


7. Manage networks

7.1. View virtual datacenter networks

To view the networks available to a virtual datacenter, go to Virtual datacenters → select virtual datacenter → Network.

  • The default network is highlighted with a star symbol
  • A network with an internet gateway is highlighted with a globe symbol.

API Features

Virtual datacenter networks are available in the Abiquo API. For example, see VirtualDatacenterResource and PrivateNetworksResource.


Network tab in virtual datacenter highlighting default network and internet gateway

In the Networks list, to view the pool and allocation of IPs:

  • To see all the IPs in the virtual datacenter, click the All button on the top of the list
  • To see the IPs in a VLAN, click the VLAN name

You can then:

  • use the slider at the bottom of the list to move through the pages 
  • filter the list by entering text in the search box. The filter works with all the columns of the table:
    • IP Address
    • MAC address
    • VLAN name
    • Virtual appliance using the IP
    • VM using the IP
    • Provider ID of the entity using the IP (for example, a load balancer)




7.2. Create a private network

Private networks are only available within a virtual datacenter. However, your cloud provider may configure an external gateway for your virtual datacenter.

To create a private network in your virtual datacenter, click the  button  and complete the form below.

Create a private network

Button

Action

Name

Name of the network (VLAN). The name can contain up to 128 characters

IPv6Select checkbox for IPv6 network
NetmaskNetwork mask with an integer value of between 16 and 30

Network Address

Private address range of the network

Gateway

Gateway of the VLAN. Must be an IP within the range of the network address and mask

Primary DNS

The primary DNS

Secondary DNS

The secondary DNS

DNS suffix

The DNS suffix

Excluded from firewallSelect Excluded from firewall to define a network where VM firewalls will not apply

Static Routes

Select Define to create static routes. See Configure Static Routes

Default network

Make this network the default network, replacing the existing default network.

You can configure static routes when you create or edit a VLAN. However, you should check with your systems administrator about when changes to static routes may be received by your VM.

Field

Description

Example

Netmask

Destination network mask

255.255.255.0

Network ID

Destination network or host

1.1.1.0

Gateway IP

Next hop (on your network)

10.10.10.100

 Click here to show/hide IPv6 networks

Strict network

 

Non-strict network

FieldDescription

Name

Name of the VLAN. The name can contain up to 128 characters

IPv6Select checkbox for IPv6 network
StrictIPv6 only. If you select Strict, Abiquo will automatically generate the network address (ULA) and also the IP addresses. If you do not select strict, you can enter the network address and IP addresses.
NetmaskNetwork mask of 48, 56 or 64.

Network Address

Private address range of the network. Only for non-strict networks

Primary DNS

The primary DNS

Secondary DNS

The secondary DNS

DNS suffix

The DNS suffix

Default network

Make this network the default network. In a datacenter, this will override the existing default network




7.3. Private networks in public cloud

When you onboard from public cloud, if the provider supports networks, then the platform will onboard private networks, including details of IP addresses not used by VMs. You can synchronize these networks.

When working in Abiquo, DO NOT DELETE networks directly in the provider because this may cause inconsistency. The synchronization process is designed to onboard public cloud elements, especially when you begin to work with a public cloud provider

When creating a custom private network in AWS, you can choose the Availability Zone. Availability Zones enable users to deploy VMs separately, with high availability. You can deploy in an availability zone by assigning a private IP address in the network belonging to that Availability Zone.




7.4. Add IPs to private networks

To create new IP addresses in your private network, click the Add button in the top right-hand corner of the Private IPs page. You can also create IPs automatically, directly in the Edit VM popup.

  • Enter the number of IPs and the first IP address in the range. The first IP address must be a new address that does not already exist in the network. After creating the first IP address, the platform will try to create the other IPs and it will skip any existing IP addresses. 

    For example, if you have IP addresses in network 30.30.30.30, which are 30, 33, and 34 and then you request 3 new IPs from 30.30.30.31. The new IPs created should be as follows: 31, 32, 35. 
IP Addresses
30.30.30.30
30.30.30.31
30.30.30.32
30.30.30.33
30.30.30.34
30.30.30.35
 Click here to show/hide IPv6 details

When you add IPv6 addresses on strict networks, you don't need to set the starting address.

On non-strict IPv6 networks, Abiquo recommends that you create an automatic IP address, or you can enter an IP address manually as shown here.




7.5. Delete IPs

The platform will delete only the IP addresses that are not in use, which means not attached to a VM, or not purchased by the enterprise.

To delete IP addresses:

  1. Select the network, then select the IP addresses, and click the delete button. 




7.6. Edit a private network

To edit a private network

  1. Select the network
  2. Click the Edit button  above the Networks list:
  3. You can change the network name, gateway, DNS settings, and make the network the new default for this virtual datacenter.
  4. Click Save

The new settings will apply to all VMs deployed after you save the network.




7.7. Delete a private network

You can delete a private VLAN if no VMs are using its IPs and it is not the default network. To delete a private VLAN, select it and click the Delete button  above the Networks list. 




7.8. Manage onboarded external networks

The platform automatically onboards external networks when you onboard virtual datacenters from vCloud Director.

To manage External networks, go to Virtual datacenters → Network → Select vCloud VDC → External.

7.8.1. Manage networks that have been deleted in the provider

If an onboarded network has been deleted in the provider, its name will display in light gray text.

If a VM is using an IP from this network, then you cannot deploy the VM.

If there are no VMs using the IPs of an external network that was already deleted in the provider, then you can delete the network, by clicking the Delete button.




7.9. Set default virtual datacenter networks

If you deploy a VM without assigning a NIC, Abiquo will add one in the virtual datacenter's default network.

To set a new or existing network as the default:

  1. Create or editing the network, select the Default network checkbox. The new default network will apply to all VMs deployed after you set it.  

In private cloud, if you set a public network as the default, obtain IP addresses for your VMs before you deploy!


8. Manage firewalls

The platform provides a unified interface to firewall policies in varied cloud environments. The platform uses a security group model, where users create rules that allow access for a specified port and protocol. For some providers, you can create policies in the platform and later assign them to the provider. And you can reuse policies within the provider region.

To work with firewalls go to Virtual datacenters → Network → Firewalls.

To display all firewalls in a location (public cloud region or datacenter), including those that only exist in the platform and not in the provider, do these steps:

  1. In the Virtual datacenters list, select All
  2. On the Firewalls tab, select the location (public cloud region or datacenter)

Virtual datacenters view with Network tab displaying all firewalls in a region of the cloud provider

To display firewalls that exist in a virtual datacenter in the provider, do these steps:

  1. Go to Virtual datacenters → Network → Firewalls
  2. In the Virtual datacenters list, select the virtual datacenter

Virtual datacenters view with Network tab on Firewalls page

To filter the display of firewalls, enter text in the search box. You can search for text in the name, description, and provider ID in the firewall list.


8.1. Synchronize firewall policies

If you have made changes directly in the provider, you can synchronize firewalls to onboard new policies and rules. 

To synchronize firewall policies, select the ones to update and click the synchronize button 


Create a firewall policy


To create a new firewall, do these steps:

  1. Go to Virtual datacenters → Network → Firewalls 
  2. Click the +  Add button
  3. Enter the firewall details
  4. Click Save to create the firewall
  5. Add firewall rules as described below


Field

Description

Name

Name of the firewall with up to 128 characters. Check provider documentation for restrictions on length and type of characters

LocationThe datacenter or public cloud region where the platform will create the firewall. If you select a virtual datacenter, the platform will automatically complete this field
Virtual datacenterThe virtual datacenter where the platform will create the firewall. The platform will not create the firewall in the provider until the user selects a virtual datacenter to assign it to
DescriptionThe description of the firewall


8.2. Edit firewall rules


To add a new firewall rule:

  1. Select the firewall
  2. On the firewall rules panel, click the pencil Edit button

  3. Select the Inbound or Outbound tab for the traffic direction you wish to control

  4. Enter the rule details
  5. Click Add
  6. Enter more rules as required, then click Save


First select the Inbound or Outbound tab for the traffic direction you wish to allow, then enter the following details:

Field

Description

Common protocols

Select a common protocol to allow connections for or enter custom protocol

ProtocolIf you selected custom protocol, enter your protocol here
Port range

The start and end ports of the range that this rule will apply to. The range is inclusive and to apply the rule to one port only, enter the same value twice.

Sources (incoming)
or Targets (outgoing)

The IP addresses that the rule will apply to in the format (network address/netmask)

Click Add to save the rule.

Enter more rules as required, then click Save



8.3. Move and reuse firewall policies

To move a firewall policy to another virtual datacenter, do these steps:

  • In Azure ARM, edit the firewall policy and change or remove the virtual datacenter
  • When working in AWS directly, you cannot modify a firewall policy. To reuse a firewall policy, delete the firewall policy directly in the provider, then synchronize so the provider ID will be removed from the firewall policy in the platform. Now you can edit the firewall policy to assign a new virtual datacenter. The firewall rules are preserved for you to edit or apply to another virtual datacenter. 


8.4. Troubleshooting firewalls

Here are some answers to common firewall issues:

Does my firewall exist in the provider? Which VDC does it belong to?

In the Abiquo API, the firewall object contains a link to the virtual datacenter it belongs to. In AWS or Azure ARM, if a firewall has a provider ID, then it exists in the cloud provider. The provider ID is the AWS security group ID or the Azure firewall name.

Why did the platform display a message about duplicate rules?

To edit rules in Amazon, first synchronize the firewall to update the rules because Amazon will not allow you to create a rule that already exists in the security group. Remember that it may take some time for firewall rules to propagate throughout AWS. Until the rules have propagated, Abiquo will not be able to detect them. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/query-api-troubleshooting.html#eventual-consistency


8.5. Delete a firewall policy

To delete a firewall, first edit the VMs that are using the firewall and remove the firewall from these VMs.

9. Manage load balancers

The load balancer feature aims to simplify the creation of load balancers across all cloud platforms, providing a unified interface. You can create a load balancer in the enterprise for the location and later assign it to a virtual datacenter, and then the platform will create it in the provider. You can also reuse load balancer configurations.

Please refer to cloud provider documentation as the definitive guide to the load balancing features. And remember to check your cloud provider pricing before you begin.

To manage load balancers, go to Virtual datacenters → Network → Load balancers.

To display load balancers for a region, including those that are not assigned to a virtual datacenter in a provider

  1. In the Virtual datacenters list, select All
  2. In the pull-down list next to the search box, select the region name

To display load balancers in virtual datacenters, select a virtual datacenter.

Virtual datacenters view with Network tab displaying load balancers

9.1. Create load balancers

Before you begin, create firewalls for your VMs to allow your load balancers to access the VMs.

To create load balancers:

  1. Select a virtual datacenter
  2. Open the Network tab
  3. Open the Load Balancers page
  4. Click the + Add button and complete the following dialogs in accordance with your cloud provider's documentation

9.1.1. Load balancer general information

Create a load balancer entering general information


Field

Value

Name

The name of the load balancer.

  • Amazon will only accept the following characters: A-Z, a-z, 0-9 and "-", and you cannot modify the name
  • Azure will not accept names with white space

Subnets

In providers that support subnets, the subnets that the load balancer is connected to.

Algorithm

See cloud provider documentation for more information

Addresses

  • AWS: private or public IP
    Rackspace: private or public IP
    Azure ARM: private or public IP
    Neutron: private IP, or private and public IPs
    NSX: private IP, or private and public IPs
    vCloud Director: private or public IP (IPs on external networks)

  • You may be able to change the address to another one in the same VDC by editing the load balancer


9.1.2. Load balancer routing rules

Create a load balancer entering a routing rule

Field

Value

Common protocols

Select one of the common protocols to load presets

Protocol in

The incoming protocol to the load balancer. See cloud provider documentation for accepted values.

Port in

The incoming port to the load balancer. See cloud provider documentation for accepted values.

Protocol out

The outgoing protocol from the load balancer.

Port outThe outgoing port from the load balancer
SSL CerftificateFor secure connections (e.g. HTTPS), you can add an SSL certificate.
  • The platform will never store or validate the SSL certificate 
  • The platform will pass the certificate directly to the provider
Select an existing certificate or add a new one. Cannot be used in platform-only load balancers
AddClick Add to save a routing rule for the load balancer

To delete a routing rule, click the Delete button beside the name of the routing rule in the list

9.1.3. Load balancer SSL certificate

Create a load balancer entering a certificate

Field

Value

Name

Name of the certificate

Certificate

The certificate contents

Intermediate certificate

An intermediate certificate can be issued by a provider to support older browsers that may not have all of the trusted root certificates for that provider, so that users will not receive invalid SSL warnings. If you have an intermediate certificate, add it at the same time as the certificate to ensure that a trusted-chain certificate is configured.

Private key

The RSA private key for the certificate

9.1.4. Load balancer health check

Create a load balancer entering a health check

 

Field

Value

Common protocols

Select one of the most common protocols to load presets

Name

Name of the health check

Protocol

The protocol with which the health check will be performed

Port

The port to which the health check will be performed

PathThe server path to ping (for supported protocols)
Interval (sec)The interval in seconds between health checks
Timeout (sec)The timeout in seconds after which an attempted health check will be considered unsuccessful
AttemptsThe number of attempts before the health check will be considered unsuccessful
AddAdd the current health check to the load balancer

9.1.5. Load balancer firewalls

If your provider supports firewall policy selection, to add a firewall policy to your load balancer, select it from the list of firewall policies in your provider. 

Create a load balancer selecting firewall policies to assign to the load balancer

9.1.6. Assign load balancer nodes

To assign your load balancer to VMs, drag and drop the VMs them from the Available nodes list into the Attached nodes list.

  • The VMs to be load balanced can be in the same or different virtual appliances in the same virtual datacenter
  • You can also attach VMs by selecting load balancers when configuring the VM.

Create a load balancer assigning nodes

The platform will display the status of the load balancer nodes on the Nodes tab. You can also check the status using the API.


9.2. Edit load balancers

The cloud provider determines which elements of a load balancer that you can modify. Due to different provider support for load balancer features, it may be possible to make modifications in the platform that will later be rejected by the cloud provider, triggering an error. Check your cloud provider documentation for supported modifications.

10. Save configurations in virtual appliance specs

10.1.1. Introduction to virtual appliance specs

The virtual appliance specifications (specs) feature enables administrators to save complex virtual appliance configurations and present them to users for simple, self-service deployment across their virtual datacenters. Administrators select the locations where users can work with each spec, including datacenters and public cloud regions such as AWS and Azure ARM.

Specs can save the configuration of virtual appliances including VMs, storage, networks, monitoring, Chef, firewalls, and load balancers. When users create a new virtual appliance based on a spec (also called to "materialize" a spec), the platform will automatically use existing virtual resources or create new ones for this virtual appliance.

Specs have the following limitations:

  • Specs use template disks. They do not save data from persistent volumes or hard disks added to VMs after deploy or data that was added to template disks after deploy.
  • Specs do not support external networks and NICs or unmanaged networks and NICs. If you create a spec containing an external IP, you cannot create a VApp from this spec because the external IP is unsupported.
    • In vCloud, specs have basic support for external networks. The validation process will list the network, and you can select it and then continue with the process. The platform will create the VApp correctly. Remember to ensure that there are enough external IP addresses available for the new virtual appliance
  • Specs do not support scaling groups

Users should also be aware of differences in features between private and public cloud environments.

Managing specs

To create virtual appliances from specs, the user will require the privilege to Consume virtual appliance specs. To manage specs, the user will require access to the enterprise, the Apps library and the Manage virtual appliance specs privilege. By default, specs are only available to the enterprise that created them. To share specs with other tenants, the user will require the privilege to Allow user to switch enterprises. This user can share the spec to tenants within their own scope and to tenants in scopes below their scope in the hierarchy. This is done by assigning resource scopes (tenant access lists) to the spec. You create a resource scope in the same way as a user scope, but the platform will only consider the Enterprise list. For more information, see Manage Scopes and Manage resource scopes

Specs in the Abiquo UI

  1. In the virtual appliance pane, there is a pull-down menu to create virtual appliance specs and versions.
  2. In the Virtual datacenters view and in the V. Appliances list, the + add button has an option to Create virtual appliance based on spec.
  3. In the Apps library, there is a Virtual appliance specs tab for managing specs.

 

 Click here to show or hide the screenshots

Screenshot: create a spec or spec version

Screenshot: create a virtual appliance based on a spec

Screenshot: Apps library specs tab

What do virtual appliance specs save and create?

When creating the new virtual appliance based on the spec, the platform will:

  • Try to use the same template or offer a selection of templates with similar names
  • Create:
    • VMs in layers
    • storage in appropriate matching tiers
      • template disks
      • empty volumes in the available storage device
      • empty hard disks
    • networks allowing the user to select from existing or replace:
      • private network
      • private IPs
      • public IPs (either tenant's pre-purchased or automatically purchased)
      • external IPs (basic support)
    • firewalls with available integration
    • load balancers with available integration

 

 Click here to show/hide table of what specs save and create

 

The following VM configuration elements are saved and created by virtual appliance specs. Support for elements is marked for datacenters (DC) and public cloud regions (PCR). When creating a virtual appliance from a spec, the platform will assign the spec icon to the virtual appliance.

ElementDCPCRSave in SpecCreate in VApp

VMs

(tick)(tick)General information: hardware profiles, CPU, RAM, remote access and descriptionSame. If a matching hardware profile is not found, the platform will activate or create one, or the user can select another available hardware profile
Anti-affinity layers(tick) VMs in layersSame
VM templates(tick)(tick)Template name is saved

The system matches the spec template name against the Apps library template name. The user selects from a list of templates with names that contain the spec template name. The match is done with an SQL %LIKE% command from the spec to the template, so spec template "m0n0" will match with "m0n0" and "m0n0wall" in the Apps library. But spec template "m0n0wall" will not match with "m0n0" in the Apps library

Template auxiliary hard disks(tick)N/A

Template system disks and other datastore hard disks and their tiers are saved

The platform will create template disks in order as in the template with no gaps in the sequence. Then empty additional hard drives and volumes will be added in the same order as in the base virtual appliance. The platform will search for datastore tiers by name, as for templates

Persistent VMs(error)(error)Persistent VMs are not supported. To create a spec from a persistent VM, first create an instance, which is a non-persistent template 
Private network, Private IPs(tick)(tick)Save private network characteristics: network address and mask only. Save private IPs

The materialize process will present the addresses of the spec private networks. Abiquo will display matching networks in the virtual datacenter in green text, and ones that are not present in red text. Abiquo will display the number of private IPs to use in each network.

The user can choose to change any private network, even if it matches the spec network. The user can choose to create a new network (specifying the IP address, mask and gateway), or replace the network with an existing VDC network.

Network gateways(tick)(tick)Abiquo will determine if a NIC has a gateway IP address and save this information in the spec
  • If a NIC has a gateway IP address, when using an existing network, the materialize process will attempt to assign the network's gateway address to the NIC
  • Abiquo will not assign the gateway IP address to a NIC that did not have this address in the original configuration
  • If the materialize process is creating a new network, it will attempt to assign the same gateway address from the spec to the gateway NIC in the new network
Public network(tick)(tick)Number of public IPs is saved

The materialize process will try to use public IPs that were already purchased by the enterprise. These public IPs will be momentarily quarantined during the materialization process. If not, the materialize process will purchase new public IPs. The public networks will be used in the order returned by the API. In public cloud, the platform will use floating IPs

External IPs(warning)(warning)Not supported, except for basic support in vCloud

If you create a spec containing an external IP, the materialize process will fail because the external IP is unsupported.

In vCloud, specs have basic support for external networks. The validation process will list the network, and you can select it and then continue with the process. The platform will create the VApp correctly. Remember to ensure that there are enough external IP addresses available for the new virtual appliance

Unmanaged IPs(minus)(minus)Not supportedIf you create a spec containing an unmanaged IP, the materialize process will fail because the unmanaged IP is unsupported.
Volume (data)

(error)

 

(error)

Data on external storage volumes is not included. To use data on a volume, create an instance to save it to a template disk

  • Empty volumes with the same specifications as the attached volumes are created. Empty volumes are named vappName-UUID
Volume (specifications)(tick)N/A

The specifications, disk controller types, and tiers of the volumes are saved.

  • Empty volumes with the same specifications as the attached volumes are created. Empty volumes are named vappName-UUID
  • Volumes are attached to the same disk controller type as in the original VM. If this controller type is not compatible with the target hypervisor, then the platform will use the hypervisor default
  • Matches tier names as for VM templates. If no storage tier is found, then the validate will fail. If the storage tier does not contain pools, then the volume create will fail.
Hard disk (data)(error)(error)

Data on hard disks attached to the VM is not included. To use data on a hard disk, create an instance to save it to the template

Empty hard disks with the same specifications as the attached hard disks are created. Empty disks are named Empty disk-UUID
Hard disk (specifications)(tick)(error)

The specifications, disk controller types and tiers of the hard disks are saved.

  • Empty hard disks with the same specifications as the attached hard disks are created. Empty disks are named Empty disk-UUID
  • Hard disks are attached to the same disk controller type as in the original VM. If this controller type is not compatible with the target hypervisor, then the platform will use the hypervisor default
  • Matches tier names as for VM templates. If no datastore tier is found, then the validate will fail. If the datastore tier does not contain datastores, then the deploy will fail.
Backup configuration(tick)(error)Configured backups are storedBackups are configured
Firewalls(tick)(tick)

Firewalls attached to VMs or load balancers are saved

  • Access to a firewall integration is required to create firewalls in the new virtual appliance
  • Users can edit firewall rules during virtual appliance creation
  • Users should be aware of compatibility issues between providers
Load balancers(tick)(tick)Load balancers attached to VMs are saved, including health checks and so on
  • Access to a load balancer integration is required to create load balancers in the new virtual appliance
  • Users should be aware of compatibility issues between providers
Monitoring (status)(tick)(tick)
  • Monitoring status of fetch metrics is saved
  • The selected metrics are saved
  • Access to a monitoring server is required to retrieve metrics
  • The materialize process creates built-in metrics of the exact same name ONLY and creates all custom metrics
Alarms and Alerts(tick)(tick)

(tick) Alarms and alerts are saved 

The materialize process creates all existing alarms and alerts, regardless of the existence of their corresponding metrics

VM variables(tick)(tick)VM variables are saved
  • The materialize process creates VMs with VM variables
  • During the materialize process, users can edit the VM variables
Chef(tick)(tick)

Chef status, runlist and attributes are stored

  • The materialize process sets the status and recipes
  • During the materialize process, users can edit the runlist and the attributes

10.1.2. Create a spec to save virtual appliance configuration

To create a virtual appliance spec to save a configuration:

Privilege: Manage virtual appliance specs

  1. Open the virtual appliance and from the Virtual appliance spec menu, select Create new spec
  2. Enter spec details
  3. Click Accept

The platform will create the new spec for your tenant. This spec will be the default, but an administrator can change the default configuration later.

Field

Description

Name

The name of the virtual appliance spec

Description

Describe this version of the spec to distinguish it from other versions

IconEnter the URL of an icon that will identify the spec for users. Click Validate to check the icon will display correctly - a preview should display below the Icon field

When designing a virtual appliance for use in more than one location, please consider the following:

  • Private cloud datacenters allow multiple disk templates and additional disks. In public cloud, Abiquo templates and VMs usually have a single disk or use all disks
  • Public networks in private cloud will be translated to floating IPs in public cloud and vice versa
  • Some IP addresses may be reserved by an SDN system or the cloud provider
  • The number of NICs allowed or required per VM may vary across different private and public cloud environments
  • Firewall and load balancer systems may differ between providers


10.1.3. Share a spec with multiple tenants

To share a VApp spec with multiple tenants, assign scopes to the spec. A scope is a list of enterprises whose users can access the spec.

Privilege: Allow user to switch enterprises

  1. When creating or editing a spec, open the Scopes tab
  2. Select scopes to allow access to users of the enterprises included in the scopes

When you have finished working with the spec, click Accept

10.1.4. Select locations where a spec can be used

You can select the locations where users can work with this spec if they have access to these locations (i.e. their tenant is allowed to access the locations). This will help to ensure that users only have access to specs that "work" because there may be different features and resources available in different cloud locations.

To edit spec locations, create or edit a spec and open the Locations tab. By default a virtual appliance spec is available in all locations. This means that users can work with the virtual appliance spec in all present and future locations that are allowed for their enterprise.

To limit the VApp spec to a specific set of locations, deselect "Use all locations". Then select individual locations. Note that the platform will not automatically add new locations created after this selection is made.

10.1.5. Save changes to the configuration in a spec

You can save changes to a spec as a new spec OR as a new version of the same spec. To create a new version of the same spec you must w ork with a virtual appliance created from the spec in the enterprise that owns the spec.  And if the spec is shared, then you will also need the Allow user to switch enterprises privilege and an appropriate scope, which is above the assigned scopes in the scope hierarchy.

Privilege: Manage virtual appliance specs

To create a new version of a spec:

  1. Inside the virtual appliance, from the Virtual appliance spec menu, select Create new spec version
  2. Enter a description of the spec version to identify it
  3. Optional: set this version of the spec as the default version
    • If no default version is set, the platform returns the latest version to users

11. Manage virtual appliance specs in the Apps Library

A user with privileges to work in the Apps library view and to manage specs can use the Virtual appliance specs tab. Click on a spec to display a details panel. To display the details of a spec and its versions, on the spec's icon, click the option button and select Versions. The Manage spec versions dialog will open. Click on a version to display its details.

Privilege: Manage virtual appliance specs, Consume virtual appliance specs

Screenshot: virtual appliance specs tab and details panel

Screenshot: virtual appliance spec version dialog

Edit a virtual appliance spec

When you edit a virtual appliance spec in the Apps library, you can change the name, description and icon.

 Click here to show/hide the screenshot

 

Share virtual appliance specs with other tenants

A new VApp spec is always available to the enterprise that created it and to users of any other tenants in its scopes.

Privilege: Allow user to switch enterprises

To define the tenants who can work with the spec, edit the spec's scopes. Edit the spec and open the Scopes tab. Assign your own scope and/or child scope(s) beneath your scope in the hierarchy.

 Click here to show/hide the screenshot

 

Define the locations where users can work with a spec

To define where a spec can be used, you can select allowed locations. Users of enterprises that are allowed to access a location can work with the specs allowed in the location.

Privilege: Allow user to switch enterprises

To manage allowed locations, edit the spec and open the Locations tab and select locations, noting the following:

    • Another user may have already assigned locations that you cannot administer and access. In this case, you can maintain or deselect these locations. If you deselect them, you cannot add them again
    • If the spec should be available in all current and future locations, select Use all locations.
    • If you want to restrict the spec to a group of current locations, deselect Use all locations and select the locations where the spec will be available for use

When designing a virtual appliance for use in more than one location, please consider the following:

  • Private cloud datacenters allow multiple disk templates and additional disks. In public cloud, Abiquo templates and VMs always have a single disk
  • Public networks in private cloud will be translated to floating IPs in public cloud and vice versa
  • Some IP addresses may be reserved by an SDN system or cloud provider
  • The number of NICs allowed or required per virtual machine may vary across different private and public cloud environments
 Click here to show/hide the screenshot

 

Define the version of a spec to use

The platform presents users with a single version of a virtual appliance spec. The administrator can configure this to be the default version or the latest version.

When you create a virtual appliance spec, the platform automatically sets this first version as the default version.

When you create another version you can choose to make this version the default.

 Click here to show/hide the screenshot

To change the default version of a spec:

  1. In the Apps library open the Virtual appliance specs tab
  2. On the spec's icon, click the option button and select Versions
  3. Click on the version you want users to work with
  4. On the top right hand side of the dialog, click Mark as default version

To unset the default, so that users will always work with the latest version:

  1. Remove the mark of the default version
 Click here to show/hide the screenshots


You can delete a version of a spec. If you delete the default version, then the platform will return the latest version.

Delete virtual appliance specs

You can delete spec versions or the entire spec. When you delete a virtual appliance spec, the platform will also delete all its versions, even shared versions. When you delete an enterprise, the platform will delete all its specs, even shared specs and shared versions.

12. View Virtual Resources

12.1. Enterprise Resources statistics of the enterprise

This screen shows statistics of the resources used by the enterprise and virtual datacenters.

If you can manage more than one enterprise, to display an enterprise's statistics, select it from the enterprise list on the left.

13. View platform events

The Events view allows users to see what is happening in Abiquo. To open the Events view, click on the Events icon Events view icon in the main menu bar.

Events view displays the events that the user can access

Event viewing can be restricted using privileges assigned to user roles. Users can have: no event privileges; the Display all events for current enterprise privilege; or the Display all events privilege. Users with no event privileges will not see the Events icon or the Events window in the Home view. If you cannot see the events you expected to see in Events view, check with your System Administrator.

13.1.1. The event list

The event list has the following columns:

Column

Description

Source

Shows the system object that is the source of the event or error and its full hierarchy. For example, it could be a MACHINE MODIFY event, where the source is myMachine (the name of the machine) which is part of a rack named myRack which is part of a datacenter named myDatacenter which belongs to the Abiquo enterprise.

SeverityThe severity of the event. Can be INFO, WARN or ERROR
ActionThe action that generated the event. See Entity and Action Tables

Performed by

The user who performed the Action.

Date/time

The date and time when the event was generated.

UserThe user affected by the action

Trace

Additional information about the event. The trace displayed in Events view are documented under Logs in the Troubleshooting section of the Abiquo Administrator's Guide. See Abiquo Logs#Messages in Catalina.out and Events View

There is also the Update automatically checkbox. If checked, new events will be automatically added to the list as they arrive. Otherwise, you must refresh the list manually.

Double-click on an event to see the event detail in the panel below the event list

Click on an event to display its details in a panel beneath the events list

 

13.1.2. Filtering events

To make it easier to find a specific event, use the filter tool. Click the filter button  at the top right of Events view. Enter your filter criteria and click Accept. To remove the filter, click Clear at the bottom of the popup.

Basic event filtering

Basic event filtering enables you to filter with the following fields:

Filter events by severity, action, user, dates and tenant

Event fieldDescription
SeverityPull-down list of Severity types
ActionPull-down list of Actions from Entity and Action Tables
Performed byThe name of the user who performed the action
Date fromStart date in format YYYY/MM/DD
Date toEnd date in format YYYY/MM/DD
EnterpriseEnterprise

 

Advanced event filtering

Click "See more" on the basic filter panel to filter on more fields.

 You can search for events related to a datacenter, a user, an enterprise, and so on. You can filter by:

In the following screenshot, the user is searching for events related to the main cloud admin user.

Filter events by values of different attributes

13.1.3. Severity table

Events on the Abiquo platform are classified into three severity categories: info, warning and error. 

Severity

Description

INFO

General information events for the user as part of the normal use of the platform

WARNING

Warning about an abnormal situation that does not block normal use of the platform

ERROR

Error that blocks the normal use of the platform


13.1.4. Component List

These values can be used to filter the events by Component.

  • PLATFORM
  • DATACENTER
  • RACK
  • MACHINE
  • VIRTUAL_STORAGE
  • STORAGE_POOL
  • STORAGE_DEVICE
  • ENTERPRISE
  • USER
  • ROLE
  • ROLE_LDAP
  • VIRTUAL_APPLIANCE
  • VIRTUAL_MACHINE
  • VOLUME
  • NETWORK
  • APPLIANCE_MANAGER
  • IMAGE_CONVERTER
  • LICENSE_MANAGER
  • PERSISTENT_CONVERTER
  • INSTANCE_CONVERTER
  • API
  • WORKLOAD
  • HIGH_AVAILABILITY
  • PRICING_TEMPLATE
  • COSTCODE_CURRENCY
  • COSTCODE
  • UCS

13.1.5. Storage System List

These values can be used to filter the Events list by Storage System:

  • GENERIC_ISCSI
  • LVM
  • NETAPP
  • NEXENTA


13.1.6. Entity and Action Tables

These tables show the events that will be displayed for Users and Enterprise Administrators in Abiquo.