Abiquo 5.1

Skip to end of metadata
Go to start of metadata

Change to documentation

For information about setting limits and resource access in Allowed datacenters and public cloud regions, see Configure an Enterprise in a Cloud Location

To create a cloud tenant enterprise, do these steps:

  1. Go to Users → Enterprises

  2. Click the + add button below the Enterprises list

  3. Enter tenant details and options as described below
    • To enable the tenant's users to deploy, allow the tenant to access at least one datacenter or public cloud region
  4. Define the resources the enterprise can use
  5. Click Accept to save

Abiquo will create the enterprise and filter to display only this enterprise. To display other enterprises, click the X beside the enterprise name in the filter box at the top of the Enterprises list. 

Configure a tenant with general information




The name of the Enterprise

Default scopeThe default scope to assign to future users that administrators create in this tenant. When creating users, an administrator can assign the enterprise’s default scope, even if it is above their scope in a hierarchy. Generally you should set this to a low scope.
Require two factor authenticationTo make two-factor authentication mandatory for all users of this enterprise, select this checkbox. Note that an administrator must configure it in the platform first. See Configure two factor authentication
Enable workflowTo enable workflow for this enterprise, mark this checkbox. Note that an administrator must configure it in the platform first. See Abiquo Workflow Feature

Select this flag to mark the enterprise as a reseller. See also Configure reseller mail accounts

Key nodeSelect this flag to mark the enterprise as the key node of its default scope, for example, as the headquarters of an organization
Enterprise logoA logo file for the enterprise in web format (PNG, JPEG, GIF). The size of the default logo is 150 x 37 pixels. This will override the default logo, which is set in Configuration View.
Default themeA branding theme created for the enterprise. See Abiquo Branding Guide

Set allocation limits for an enterprise to control resource usage

Error rendering macro 'excerpt-include' : User 'null' does not have permission to view the page 'Control resource usage with allocation limits'.

To set enterprise allocation limits:

  1. Go to Users → edit Enterprise → Allocation limits
  2. Complete the dialog. 




LimitChecked atDescription



Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs

Virtual CPUs


Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs

Local hard disk


Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers

External storage


Total size of external storage that may be assigned to VMs



Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create

Public /floating/NAT IPs


Total number of public IPs, floating IPs (in public cloud), and NAT IPs that may be used

RepositoryOperationsTotal size of NFS Repository space that maybe used for the Apps Library including templates and instances (but not conversions). See Manage the Datacenter Apps Library#HowmuchspacecanatenantuseintheAppsLibrary?
Virtual machinesDeploymentTotal number of VMs that users can deploy in the location using their allowed resources

In public cloud regions, the platform does not use Repository (Apps library storage) features or limits 

Allow a tenant to access datacenters and cloud providers

To set the datacenters and public cloud regions that an enterprise is allowed to access:

  1. Go to Enterprise → Datacenters. The left pane contains a list of datacenters and public cloud regions, which are Prohibited datacenters by default
  2. Drag datacenters and public cloud regions from the left pane to the Allowed datacenters right pane
    If you have multiple public cloud regions on the platform, they may be grouped provider, which enables you to drag providers or regions. To set default Allocation limits and VDC roles for regions in a provider, edit the provider. 

To display the enterprises with access to a public cloud region, go to Infrastructure → Public → select region → servers view → Virtual machines → Accounts

To configure resources, including allocation limits for each allowed datacenter and public cloud region, see Configure an Enterprise in a Cloud Location.

Set a default role to limit tenant access to VDCs in a location

To give users different levels of access to virtual datacenters (VDCs) in specific providers or datacenters, administrators can assign a default role (with fewer privileges than user roles) for all VDCs in a location. So this is a default value for the VDC role that you can set when you create or edit a VDC, that the administrator can later edit.

To control access for users of a tenant in a provider or cloud location with a default role:

  1. Go to Users → create or edit an enterprise → Datacenters → edit a provider or an allowed location → Defaults
  2. Select a default Role
  3. Continue configuring the provider or location or click Accept

At the provider level, the platform will copy the default role to all provider regions. The default role for a region will apply to all new virtual datacenters in the region.  

Privilege: Manage enterprise datacenter default roles, No VDC restriction

Users with the Manage roles and No VDC restriction privileges can then edit the role for the virtual datacenter and define exceptions. See Set a VDC role to limit user access.

Troubleshooting VDC creation

The platform may prevent a user from creating a VDC (even when they have the Manage virtual datacenters privilege) if they will not have enough privileges to work with resources in the VDC. This can occur if a restrictive default role will apply to the user. The default role applies to users without the "No VDC restriction" privilege. In order for these users to create a VDC:

  • the default role must have more privileges than an ENTERPRISE_VIEWER type role; or
  • the user must have the privilege to Manage roles so that this user is able to change the role of the virtual datacenter

Reserve physical machines for a tenant and restrict deployments

For a datacenter, you can reserve physical machines for a single enterprise and restrict deployments.

Privilege: Manage enterprise reserved servers

Before you begin:

  1. Check that the physical machine is not already reserved or running VMs deployed by a different enterprise. 

To reserve physical machines for an enterprise:

  1. Go to Users → edit enterprise → Reservations 
  2. The platform will display a list of Available servers (Physical Machines) that are in the enterprise's Allowed datacenters. (See Allow a tenant to access datacenters and cloud providers). 
  3. Select the physical machine(s) in their Datacenter/Rack and drag them into the Reserved servers list 

To restrict the enterprise so that it may only deploy on the physical machines reserved for it (and not on any others)

  1. Mark the checkbox to Only use 'Reserved Servers'

 Click here to show/hide the screenshot


Add public cloud credentials for a tenant

To work with a public cloud region, each enterprise should have its own public cloud account for the cloud provider. All the users in the tenant will work with this same account. 

Privilege: Manage provider credentials

Before you begin:

  1. Check your provider's documentation and pricing. 
  2. Obtain credentials to access the cloud provider's API. We provide basic guides but you should always check with your provider. See Obtain public cloud credentials

To add public cloud credentials:

  1. Go to Users → select and edit enterprise → Credentials → Public
  2. Enter the Credentials as described here

    ProviderSelect public cloud provider or vCloud Director region. Some providers may require different credentials for groups of regions, for example, "Amazon (CHINA)". If a specific provider does not display, for example, a vCloud Director region, the cloud administrator may need to allow access for your enterprise.
    Access key ID

    Identity to access the cloud provider API. For example, a username, API access key ID, subscription ID and certificate, or another account identifier. For DigitalOcean v2, the platform does not use this field but you need to write something in to enable the button Add account after.

    For Azure, the format is subscription-id#app-id#tenant-id

    Secret access keyKey to access the cloud provider API. For example, an API key or other API credential.

    For DigitalOcean v2 enter the token.

    Also use for pricingUse this credential to access pricing data in the provider. For example, to get hardware profile prices from AWS. For Azure, add a separate pricing credential.
    Current credentialsProvider that have credentials already in the platform
    Create accountFor resellers with Amazon, Azure ARM, and other partner accounts, click the enterprise create account button to create a customer account in the provider and add it to an enterprise in the platform
  3. Click Add account. The platform will validate your credentials with the cloud provider and save them
  4. Finish editing the enterprise and click Save

This will add a cloud provider account for a tenant enterprise with access to a public cloud region.

Create a user to access the cloud provider portal

When your enterprise has credentials for a public cloud provider, you can create a user account in a cloud provider. From here you can also click a link to access the cloud provider portal.

Abiquo displays the public cloud account identifiers on the Credentials tab.

Privileges: Manage user creation in provider

To create a user:

  1. Go to Users → Edit enterprise → Credentials

  2. For a provider with credentials, click Create user.
    The platform will send the following to the cloud provider:
    • Details from your user account, including the username and email
    • An automatically generated password
    The platform will create an event with the enterprise ID, user ID, user email, date/time, and cloud provider.
  3. The platform displays the user credentials only once and it does not store these credentials
    To access the cloud provider portal, click user portal link or portal link
    • If you click portal link, then you will need to enter your account ID in the cloud provider

Enter tenant details and metadata

To store tenant details and metadata, use enterprise properties.

To manage enterprise properties:

  • Go to Users → edit enterprise → Properties.
    • The platform may display some preset properties that were already defined by the administrator. 
  • To add your own properties, enter a Key and Value for each property and click the Add button
    • Both the Key and the Value have a maximum length of  255 characters   
  • To edit a property's value, click the pencil edit button to the right of the Value of the property
  • To delete a property, click the trash can delete button to the left of the Key of the property

You can also configure the tenant properties using the Abiquo API. See: EnterprisesResource

Enable Chef for a tenant

The Abiquo Chef Integration allows you to automate the configuration of Linux VMs using Chef.

Privilege: Manage Chef enterprises

Before you begin:

  1. Set up a Chef Server with roles and recipes for your VMs 
  2. Obtain templates that support cloud-init in private cloud datacenters. 

For full details, see Abiquo Chef Integration Guide

To enable the Chef Integration for an enterprise:

  1. Go to Users → create or edit Enterprise
  2. Complete the dialo
  3. Continue editing or Save the changes to the enterprise



Enable Chef

Tick this checkbox to enable Chef

Server URL

Enter the URL of the Chef Server API

Validator Client

You must use the name of the validator client on the Chef server. The validator client will be used to register the nodes (VMs) for working with Chef

Validator Certificate

The validator certificate, which may be stored in a file called organization-validator or validation.pem

Admin Client

This must be a Chef admin client on the Chef server. The Abiquo Server will use it to work with the Chef Server so that when a VM is deployed, Abiquo can change and update recipes.

Admin Certificate

The admin client certificate, which may be stored in a file called adminclient.pem

Now the enterprise is ready to deploy VMs and automate software installation with Chef.

Set a pricing model for a tenant

To display charge-forward messages to your customers assign a pricing model to the enterprise. The platform can display a message with pricing information when the users deploy VMs and on-demand through the UI and API.

Before you begin:

  1. Go to Pricing view and configure pricing and create a pricing model.  

To set a pricing model for an enterprise:

  1. Go to Users → edit enterprise → Pricing
  2. Select a Pricing model from the list. The details of the pricing model will be displayed. 
  3. Continue editing or to finish editing, click Save 
 Click here to show/hide the screenshot

Display and filter and switch enterprises

To search for an enterprise by name and filter the list of enterprises to display only the matching enterprises

  1. Go to Users
  2. In the search box at the top of the Enterprises list, enter text and wildcards 

After you create an enterprise, Abiquo will filter the enterprise display by the name of the new enterprise and select this enterprise.

To remove the new enterprise filter:

  1. Click the x beside the search box 

Abiquo will display the enterprise list in alphabetical order. If the new enterprise is on the first page, it will remain selected. Otherwise Abiquo will select All and display the first page.

To work within an enterprise (and access its resources, such as templates, virtual datacenters, private networks and VMs):

  1. Select the enterprise name in the Enterprises list
  2. Click the building switch enterprises button.

You can also switch enterprises using the same button in the tenant list in Home View.

Edit an enterprise

Before you edit an enterprise, check if the users have created virtual datacenters and deployed VMs and the general resource usage of tenant.

Privilege: Manage enterprises, Manage users of all enterprises

To edit an enterprise:

  1. Select the enterprise in the Enterprises list 
  2. Click the pencil edit button
  3. Move through the tabs and edit as required
    • Editing an enterprise is very similar creating an enterprise, as described in the section on creating an enterprise 

    • Remember you may not be able to change some settings, especially for Allowed datacenters, after users have created virtual datacenters and deployed VMs
    • Some changes will not be retroactive, for example, if you change the default VLAN, this change will apply to all new virtual datacenters the enterprise creates

Change the default scope for the enterprise's users

When you create an enterprise, Abiquo automatically assigns your user scope as the default for users created in this tenant. When you edit a tenant, you can change the default scope for future users created in the tenant. 

Create an enterprise using the API

API Feature

To create an enterprise in the Abiquo API, create the enterprise using the EnterprisesResource.

Then to allow the users of the enterprise to work with VMs, assign an allowed datacenter or public cloud region. To do this, create an Enterprise-Datacenter Limit. See EnterpriseLimitsByDatacentersResource. The platform will then create a cloud location, which defines this relationship, so you can then manage cloud elements for the location. See AllowedLocationsResource

Pages related to enterprise tenants