The platform manages public cloud regions using remote services. For a public cloud region, the remote services can be shared with other datacenters or public cloud regions, and you do not need an NFS repository. Each cloud tenant using the public cloud region will require its own cloud provider account and needs to add a set of credentials to the Enterprise.
When users create a virtual datacenter and deploy in the public cloud region, the platform creates the entities in the public cloud provider. For example, in AWS, Abiquo creates a VPC and in AWS, VMs deployed in the VPC virtual datacenter are AWS EC2 Instances.
When you first create a datacenter or public cloud region, by default only the users of the enterprise that created it will be allowed to use it. To enable other users to deploy and work with VMs, administrators must allow enterprises to access datacenters or public cloud regions. For brevity, these may be collectively called "Allowed datacenters" or "Allowed locations". For each allowed location, the enterprise will have an Apps library with their templates, and their virtual datacenters for deploying VMs.
Allowed locations are where users can work, for example, create a virtual datacenter and deploy VMs. To administer the infrastructure of a location, the administrator must also have the location in their administration Datacenters scope list. See Manage Scopes
To set the datacenters and public cloud regions that an enterprise is allowed to access:
Drag datacenters and public cloud regions from the left pane to the Allowed datacenters right pane
If you have multiple public cloud regions on the platform, they may be grouped provider, which enables you to drag providers or regions. To set default Allocation limits and VDC roles for regions in a provider, edit the provider.
To display the enterprises with access to a public cloud region, go to Infrastructure → Public → select region → servers view → Virtual machines → Accounts
To configure resources, including allocation limits for each allowed datacenter and public cloud region, see Configure an Enterprise in a Cloud Location.
Before you begin:
Obtain credentials to access the cloud provider's API. We provide basic guides but you should always check with your provider. See Obtain public cloud credentials.
To add public cloud credentials:
|Provider||Select public cloud provider or vCloud Director region. Some providers may require different credentials for groups of regions, for example, "Amazon (CHINA)". If a specific provider does not display, for example, a vCloud Director region, the cloud administrator may need to allow access for your enterprise.|
|Access key ID|
Identity to access the cloud provider API. For example, a username, API access key ID, subscription ID and certificate, or another account identifier. For DigitalOcean v2, the platform does not use this field but you need to write something in to enable the button Add account after.
For Azure, the format is subscription-id#app-id#tenant-id
|Secret access key||Key to access the cloud provider API. For example, an API key or other API credential.|
For DigitalOcean v2 enter the token.
|Also use for pricing||Use this credential to access pricing data in the provider. For example, to get hardware profile prices from AWS. For Azure, add a separate pricing credential.|
|Current credentials||Provider that have credentials already in the platform|
|Create account||For resellers with Amazon, Azure ARM, and other partner accounts, click the enterprise create account button to create a customer account in the provider and add it to an enterprise in the platform|
Finish editing the enterprise and click Save
This will add a cloud provider account for a tenant enterprise with access to a public cloud region.
Abiquo displays the public cloud account identifiers on the Credentials tab.
To create a user:
Go to Users → Edit enterprise → Credentials
Onboard enterprise resources from public cloud
To onboard a virtual datacenter from public cloud:
|Location||Select the public cloud region to synchronize from the pull down list|
|Virtual datacenter||Select the virtual datacenter entity to onboard. In AWS, this will be a VPC. In Azure, it will be a virtual network and its resources. |
If the provider does not support a virtual datacenter entity, the paltform will onboard all of the compatible virtual resources in the region into a default virtual datacenter.
|See classic||Click here to display classic VMs that the platform does not onboard|
To limit access to the VDC for cloud users, select a more restrictive role to replace user roles within this VDC. For example, to give users read only access, select the ENTERPRISE_VIEWER role
|User exceptions||To create exceptions to the VDC role, select a username and an exception role for the user and click Add. The exception will enable all privileges that are included in both the user's role and the exception role|
Users with bespoke network configurations should check the results of the synchronization.
The platform will synchronize private and public IP addresses even if they are not in use by VMs, and mark the IP addresses in use by provider entities with provider identifiers.
The platform will import VM templates. If the platform cannot find the VM template, the VM will have no template in the platform. To save a copy of your VM disk to create a template, so you can recreate the VM, make an Abiquo instance of the VM.
If you delete a synchronized VDC, the platform will delete it in the provider. If your enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will still exist in the public cloud provider
For example, if a user has an undeployed VM with IPs and a load balancer, then after the synchronization, these resources are attached to the VM in the platform only
Note to System Administrators: for information about tuning public cloud synchronization, see Abiquo Configuration Properties in the pcr (public cloud region) section.
Resources in undeployed VMs are available in the provider. Users working directly in the provider could assign these resources to other VMs. This will cause a conflict and error at deploy time
You can also synchronize specific resources such as networks, public IPs, firewalls, volumes, and load balancers.
To synchronize specific resources such as networks, public IPs, and so on:
For more information, see the resource documentation.
Screenshot: Synchronize networks
At the location level, you can limit resources and set defaults. This means you can set an allocation limit for an enterprise in each datacenter or public cloud region.
To configure the same limits for all regions in a provider, select a provider group. For example, if you enter a hard limit of 8 CPUs, then the platform will create a hard limit of 8 CPUs in each region for this provider. This option is available when regions are grouped by provider or vCloud endpoint. See Group public cloud regions by provider or endpoint
To limit resources in a datacenter or public cloud region, set allocation limits:
This is process is very similar to that of setting enterprise limits.
Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs
Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs
Local Hard Disk
Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers
Total size of external storage that may be created for assignment to VMs
Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create.
Total number of Public IPs, floating IPs (in public cloud), and NAT IPs that may be used
|Repository||Operations||Private cloud: Total size of NFS Repository space that maybe used for the Apps Library including templates and instances (but not conversions). Manage the Datacenter Apps Library#How much space can I use in the Apps Library?|
|Virtual machines||Deployment||Total number of VMs that users can deploy in the location using their allowed resources|
In public cloud, Abiquo infrastructure metering and accounting register virtual CPUs, RAM, system disks, and floating public IPs.
The platform displays infrastructure statistics and resource usage for private and public cloud. The statistics vary depending on whether the data is for all datacenters or all public cloud regions, or filtered for a specific datacenter or region.
To view the resource usage of a cloud location:
For a full description of these statistics, see Infrastructure Statistics
To synchronize hardware profiles:
By default, for each enterprise with credentials, the hardware profiles mode is enabled. By default, all hardware profiles are available to all enterprises.
For information about hardware profiles in a provider, see Hardware profiles#Synchronizehardwareprofileswithaprovider
To go to the VM, or the virtual appliance or virtual datacenter that contains the VM, click on the active Name link in the list.
To display the details of a VM and the available controls, select the VM in the list.
To send an email to the owner and perform the standard VM actions, as appropriate and/or supported by the provider, use the buttons on the control panel.
To delete virtual resources in the provider, delete them in the platform before you delete the account.
To delete resources in the platform only, you can select this option when deleting or you can delete the enterprise's credentials and then delete the resources. There are virtual resources that you may not wish to delete in the provider, for example, the default VPC.
If you wish to use the account again, you can add the credentials again. After that you can synchronize to onboard resources from public cloud to update the resources in the platform