Abiquo 5.1

Skip to end of metadata
Go to start of metadata

Introduction to public cloud

The multi-cloud platform enables you to add public cloud regions and vCloud Director clouds as public cloud regions. You can offer cloud tenants a federation of private cloud and public clouds in a single pane of glass. And you can control the use of public cloud resources in the same way as you can in the platform's private cloud datacenter (quotas, limits, etc).  

The platform manages public cloud regions using remote services. For a public cloud region, the remote services can be shared with other datacenters or public cloud regions, and you do not need an NFS repository.  Each cloud tenant using the public cloud region will require its own cloud provider account and needs to add a set of credentials to the Enterprise. 

 

When users create a virtual datacenter and deploy in the public cloud region, the platform creates the entities in the public cloud provider. For example, in AWS, Abiquo creates a VPC and in AWS, VMs deployed in the VPC virtual datacenter are AWS EC2 Instances. 

Allow the enterprise access to public cloud regions

When you first create a datacenter or public cloud region, by default only the users of the enterprise that created it will be allowed to use it. To enable other users to deploy and work with VMs, administrators must allow enterprises to access datacenters or public cloud regions. For brevity, these may be collectively called "Allowed datacenters" or "Allowed locations". For each allowed location, the enterprise will have an Apps library with their templates, and their virtual datacenters for deploying VMs.  

Allowed locations are where users can work, for example, create a virtual datacenter and deploy VMs. To administer the infrastructure of a location, the administrator must also have the location in their administration Datacenters scope list. See  Manage Scopes


To set the datacenters and public cloud regions that an enterprise is allowed to access:

  1. Go to Enterprise → Datacenters. The left pane contains a list of datacenters and public cloud regions, which are Prohibited datacenters by default
  2. Drag datacenters and public cloud regions from the left pane to the Allowed datacenters right pane
    If you have multiple public cloud regions on the platform, they may be grouped provider, which enables you to drag providers or regions. To set default Allocation limits and VDC roles for regions in a provider, edit the provider. 

To display the enterprises with access to a public cloud region, go to Infrastructure → Public → select region → servers view → Virtual machines → Accounts

To configure resources, including allocation limits for each allowed datacenter and public cloud region, see Configure an Enterprise in a Cloud Location.

Add public cloud credentials for the enterprise

To work with a public cloud region, each enterprise should have its own public cloud account for the cloud provider. All the users in the tenant will work with this same account. 

Privilege: Manage provider credentials

Before you begin:

  1. Check your provider's documentation and pricing. 
  2. Obtain credentials to access the cloud provider's API. We provide basic guides but you should always check with your provider. See Obtain public cloud credentials

To add public cloud credentials:

  1. Go to Users → select and edit enterprise → Credentials → Public
  2. Enter the Credentials as described here

    AttributeDescription
    ProviderSelect public cloud provider or vCloud Director region. Some providers may require different credentials for groups of regions, for example, "Amazon (CHINA)". If a specific provider does not display, for example, a vCloud Director region, the cloud administrator may need to allow access for your enterprise.
    Access key ID

    Identity to access the cloud provider API. For example, a username, API access key ID, subscription ID and certificate, or another account identifier. For DigitalOcean v2, the platform does not use this field but you need to write something in to enable the button Add account after.

    For Azure, the format is subscription-id#app-id#tenant-id

    Secret access keyKey to access the cloud provider API. For example, an API key or other API credential.

    For DigitalOcean v2 enter the token.

    Also use for pricingUse this credential to access pricing data in the provider. For example, to get hardware profile prices from AWS. For Azure, add a separate pricing credential.
    Current credentialsProvider that have credentials already in the platform
    Create accountFor resellers with Amazon, Azure ARM, and other partner accounts, click the enterprise create account button to create a customer account in the provider and add it to an enterprise in the platform
  3. Click Add account. The platform will validate your credentials with the cloud provider and save them
  4. Finish editing the enterprise and click Save

This will add a cloud provider account for a tenant enterprise with access to a public cloud region.

Create a user to access the cloud provider portal

When your enterprise has credentials for a public cloud provider, you can create a user account in a cloud provider. From here you can also click a link to access the cloud provider portal.

Abiquo displays the public cloud account identifiers on the Credentials tab.

Privileges: Manage user creation in provider


To create a user:

  1. Go to Users → Edit enterprise → Credentials

  2. For a provider with credentials, click Create user.
    The platform will send the following to the cloud provider:
    • Details from your user account, including the username and email
    • An automatically generated password
    The platform will create an event with the enterprise ID, user ID, user email, date/time, and cloud provider.
  3. The platform displays the user credentials only once and it does not store these credentials
    To access the cloud provider portal, click user portal link or portal link
    • If you click portal link, then you will need to enter your account ID in the cloud provider


Onboard enterprise resources from public cloud


To onboard a virtual datacenter from public cloud:

  1. Go to Virtual datacenters
  2. At the bottom of the V. Datacenters list, click the + add button
  3. Select Synchronize public cloud
  4. On the General information tab, select the region and the resources to onboard 

    FieldDescription
    LocationSelect the public cloud region to synchronize from the pull down list
    Virtual datacenterSelect the virtual datacenter entity to onboard. In AWS, this will be a VPC. In Azure, it will be a virtual network and its resources.

    If the provider does not support a virtual datacenter entity, the paltform will onboard all of the compatible virtual resources in the region into a default virtual datacenter.
    See classicClick here to display classic VMs that the platform does not onboard

  • On the Roles tab, optionally restrict user permissions in the virtual datacenter


    Field

    Description

    Role

    To limit access to the VDC for cloud users, select a more restrictive role to replace user roles within this VDC. For example, to give users read only access, select the ENTERPRISE_VIEWER role

    User exceptionsTo create exceptions to the VDC role, select a username and an exception role for the user and click Add. The exception will enable all privileges that are included in both the user's role and the exception role

    • The platform will mark the Public subnet (identified by a custom route table and NAT gateway) with a globe symbol and set the Internet gateway flag for this subnet. 
    • Users with bespoke network configurations should check the results of the synchronization. 

    • The platform will synchronize private and public IP addresses even if they are not in use by VMs, and mark the IP addresses in use by provider entities with provider identifiers.

    • The platform will import VM templates. If the platform cannot find the VM template, the VM will have no template in the platform. To save a copy of your VM disk to create a template, so you can recreate the VM, make an Abiquo instance of the VM. 

    If you delete a synchronized VDC, the platform will delete it in the provider. If your enterprise does not have valid credentials for the public cloud provider, when you delete public cloud entities in the platform, they will still exist in the public cloud provider


During VDC synchronization, the platform will ensure that the resources in the platform and the provider are the same.
  • Synchronization will delete entities in the platform that were deleted already in the provider
  • However, it will maintain resources attached to undeployed VMs in the platform
  • For example, if a user has an undeployed VM with IPs and a load balancer, then after the synchronization, these resources are attached to the VM in the platform only

Note to System Administrators: for information about tuning public cloud synchronization, see Abiquo Configuration Properties in the pcr (public cloud region) section.

Resources in undeployed VMs are available in the provider. Users working directly in the provider could assign these resources to other VMs. This will cause a conflict and error at deploy time

You can also synchronize specific resources such as networks, public IPs, firewalls, volumes, and load balancers.


To update a virtual datacenter and onboard any changes made in the provider, synchronize the virtual datacenter:
  1. Go to Virtual datacentersV. Datacenters list
  2. Beside the virtual datacenter Name, click the round arrow Synchronize button

To synchronize specific resources such as networks, public IPs, and so on:

  1. Go to Virtual datacenters → select the resource tab
  2. Click the round arrow Synchronize button for the resource. 

For more information, see the resource documentation.

 Click here to show/hide the screenshot

Screenshot: Synchronize networks

Control enterprise resource usage in public cloud


At the location level, you can limit resources and set defaults. This means you can set an allocation limit for an enterprise in each datacenter or public cloud region.

To configure the same limits for all regions in a provider, select a provider group. For example, if you enter a hard limit of 8 CPUs, then the platform will create a hard limit of 8 CPUs in each region for this provider. This option is available when regions are grouped by provider or vCloud endpoint. See Group public cloud regions by provider or endpoint


To limit resources in a datacenter or public cloud region, set allocation limits:

  1. Go to Users → edit Enterprise → Allowed Datacenters
  2. Select an Allowed Datacenter (datacenter or public cloud region) 
  3. Click the pencil Edit button. An edit dialog will open at the Allocation limits tab
  4. Set valid allocation limits

This is process is very similar to that of setting enterprise limits.


LimitChecked atDescription

Memory

Deployment

Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs

Virtual CPUs

Deployment

Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs

Local Hard Disk

Deployment

Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers

External Storage

Configuration

Total size of external storage that may be created for assignment to VMs

VLANs

Configuration

Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create.

Public IPs

Configuration

Total number of Public IPs, floating IPs (in public cloud), and NAT IPs that may be used

RepositoryOperationsPrivate cloud: Total size of NFS Repository space that maybe used for the Apps Library including templates and instances (but not conversions). Manage the Datacenter Apps Library#How much space can I use in the Apps Library?
Virtual machinesDeploymentTotal number of VMs that users can deploy in the location using their allowed resources

 

Display public cloud resources and statistics

In public cloud, Abiquo infrastructure metering and accounting register virtual CPUs, RAM, system disks, and floating public IPs. 


The platform displays infrastructure statistics and resource usage for private and public cloud. The statistics vary depending on whether the data is for all datacenters or all public cloud regions, or filtered for a specific datacenter or region.

Privilege: Access Infrastructure view, Display resource usage panel


To view the resource usage of a cloud location:

  1. Go to Infrastructure → Private or Public
  2. Select All, or select a datacenter or public cloud region
  3. If necessary, to display the Statistics view, click on the chart statistics button

Obtain infrastructure statistics with the API 

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource StatisticsResource.

For a full description of these statistics, see Infrastructure Statistics

Synchronize hardware profiles with a provider

In public cloud providers with hardware profiles, when you create a public cloud region and add credentials for an enterprise, Abiquo will automatically retrieve the hardware profiles for the public cloud region.
  • Provider hardware profiles are locked and you cannot edit them
  • In public cloud regions with provider hardware profiles that also support CPU and RAM, you can deactivate hardware profiles mode
  • The platform also registers if a hardware profile is Active and if it belongs to the Current generation

To synchronize hardware profiles: 

Privilege: Access infrastructure view and PCRs, View public cloud region details, Manage enterprises

  1. Go to Infrastructure → Public → select Public cloud region → Servers view → Hardware profiles
  2. At the top right of the Hardware profiles pane, select an enterprise with a public cloud account
  3. Click the round arrows refresh button

By default, for each enterprise with credentials, the hardware profiles mode is enabled. By default, all hardware profiles are available to all enterprises. 

For information about hardware profiles in a provider, see Hardware profiles#Synchronizehardwareprofileswithaprovider

Control VMs running in public cloud providers

To display the VMs created in a provider region, go to InfrastructurePublic → select Region → Virtual machines → select Enterprise account.

To go to the VM, or the virtual appliance or virtual datacenter that contains the VM, click on the active Name link in the list.

To display the details of a VM and the available controls, select the VM in the list. 

To send an email to the owner and perform the standard VM actions, as appropriate and/or supported by the provider, use the buttons on the control panel.

Sending Email Notifications

To send email notifications about a physical machine in private cloud or VMs in private or public cloud:
  1. Go to Infrastructure → Private → Servers OR
    Infrastructure → Public → Public cloud region → Virtual machines
  2. Select a server or a VM and click the email icon 
  3. Optional: To add the email from your user account as the Sender address, select the checkbox. 
  • For a VM, the platform can send a notification to the owner of the VM
  • For a physical machine, select checkboxes to send notifications to:
    • All administrators of enterprises using this physical machine. 
      • Administrators have the "Define Enterprise Manager" privilege.
    • All users who have VMs deployed on that machine.


Delete a public cloud account

It is possible to release a public cloud account without deleting the resources in public cloud. This means that the enterprise cannot work with the public cloud regions in the platform but the enterprise's resources in public cloud will remain intact. 

To delete virtual resources in the provider, delete them in the platform before you delete the account.

To delete resources in the platform only, you can select this option when deleting or you can delete the enterprise's credentials and then delete the resources. There are virtual resources that you may not wish to delete in the provider, for example, the default VPC.

If you wish to use the account again, you can add the credentials again. After that you can synchronize to onboard resources from public cloud to update the resources in the platform

Pages related to public cloud