Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.

Abiquo 4.6

Skip to end of metadata
Go to start of metadata

Change to documentation

For information about setting limits and resource access in Allowed datacenters and public cloud regions, see Configure an Enterprise in a Cloud Location

Introduction to enterprise tenants

In the platform, enterprises are cloud tenants, meaning they are groups of cloud users with their own logical resources. For more information, see Users (in the Walkthrough). For each tenant, you can assign access to infrastructure and resources.

Privilege: Manage enterprises, Manage users of all enterprises

Before you begin managing enterprises, we recommend that you do these steps:

Create an Enterprise

To create a cloud tenant enterprise, do these steps:

  1. Go to Users → Enterprise list

  2. Click the + Add button

  3. Enter tenant details and options as described below
    • To enable the tenant's users to deploy, allow the tenant to access at least one datacenter or public cloud region
  4. Define the resources the enterprise can use
  5. Click Accept to save

Abiquo will create the enterprise and filter to display only this enterprise. To display other enterprises, click the X beside the enterprise name in the filter box at the top of the Enterprises list. 

After you have created the enterprise:

  1. Abiquo will add this enterprise to the scope of the administrator who created the enterprise
    1. Optionally move this enterprise to a scope with related enterprises and assign the scope to the appropriate cloud and/or tenant administrators
  2. Optionally edit the tenant to set the default scope for users created in this tenant
  3. Create enterprise users with appropriate roles and scopes, for example a tenant administrator and users. Note that the tenant administrator can be allowed to create their own users

Configure a tenant with general information




The name of the Enterprise

Default scopeThe default scope to assign to future users that administrators create in this tenant. When creating users, an administrator can assign the enterprise’s default scope, even if it is above their scope in a hierarchy. Generally you should set this to a low scope.
Require two factor authenticationTo make two-factor authentication mandatory for all users of this enterprise, select this checkbox. Note that an administrator must configure it in the platform first. See Configure two factor authentication
Enable workflowTo enable workflow for this enterprise, mark this checkbox. Note that an administrator must configure it in the platform first. See Abiquo Workflow Feature
ResellerSelect this flag to mark the enterprise as a reseller
Key nodeSelect this flag to mark the enterprise as the key node of its default scope, for example, as the headquarters of an organization
Enterprise logoA logo file for the enterprise in web format (PNG, JPEG, GIF). The size of the default logo is 150 x 37 pixels. This will override the default logo, which is set in Configuration View.
Default themeA branding theme created for the enterprise. See Abiquo Branding Guide

Set allocation limits for an enterprise to control resource usage

Unable to render {include} The included page could not be found.

To set enterprise allocation limits:

  1. Go to Users → edit Enterprise → Allocation limits
  2. Complete the dialog. 




LimitChecked atDescription



Total amount of RAM that may be used by VMs including hardware profiles assigned to VMs

Virtual CPUs


Total number of virtual CPU cores that may be used by VMs including hardware profiles assigned to VMs

Local hard disk


Total size of hard disk that may be used by VMs on hypervisor datastores and in public cloud providers

External storage


Total size of external storage that may be assigned to VMs



Total number of private VLANs that may be defined. Note that a private VLAN is automatically created for every VDC, so this limit may restrict the number of VDCs that users can create

Public /floating/NAT IPs


Total number of public IPs, floating IPs (in public cloud), and NAT IPs that may be used

RepositoryOperationsTotal size of NFS Repository space that maybe used for the Apps Library including templates and instances (but not conversions). See Manage the Datacenter Apps Library#HowmuchspacecanatenantuseintheAppsLibrary?
Virtual machinesDeploymentTotal number of VMs that users can deploy in the location using their allowed resources

In public cloud regions, the platform does not support External storage and Repository (Apps library storage) features or limits 

Allow a tenant to access datacenters and cloud providers

When you first create a datacenter or public cloud region, by default only the users of the enterprise that created it will be allowed to use it. To enable other users to deploy and work with VMs, administrators must allow enterprises to access datacenters or public cloud regions. For brevity, these may be collectively called "Allowed datacenters" or "Allowed locations". For each allowed location, the enterprise will have an Apps library with their templates, and their virtual datacenters for deploying VMs.  

Allowed locations are where users can work, for example, create a virtual datacenter and deploy VMs. To administer the infrastructure of a location, the administrator must also have the location in their administration Datacenters scope list. See  Manage Scopes

To set the datacenters and public cloud regions that an enterprise is allowed to access:

  1. Go to Enterprise → Datacenters. The left pane contains a list of datacenters and public cloud regions, which are "Prohibited Datacenters" by default
  2. Select one or more datacenters or public cloud regions in the left pane and drag and drop them into the "Allowed Datacenters" right pane

    If you have multiple public cloud regions on the platform, they may be grouped provider, which enables you to drag and drop the provider or selected regions. To set default allocation limits and VDC roles for regions in a provider, edit the provider.

     Click here to expand...

To configure resources, including allocation limits for each allowed datacenter and public cloud region, see Configure an Enterprise in a Cloud Location.

Set a default role to limit tenant access to VDCs in a location

To give users different levels of access to virtual datacenters (VDCs) in specific providers or datacenters, administrators can assign a default role (with fewer privileges than user roles) for all VDCs in a location. So this is a default value for the VDC role that you can set when you create or edit a VDC, that the administrator can later edit.

To control access for users of a tenant in a provider or cloud location with a default role:

  1. Go to Users → create or edit Enterprise → edit a Provider or an Allowed location → Default role
  2. Select a default role
  3. Continue configuring the provider or location or click Save or Accept 

At the provider level, the platform will copy the default role to all provider regions. The default role for a region will apply to all new virtual datacenters in the region.  

Privilege: Manage default VDC roles, No VDC restriction

Users with the Manage roles and No VDC restriction privileges can then edit the role for the virtual datacenter and define exceptions. See Set a role for a virtual datacenter to limit user access.

Troubleshooting VDC creation

The platform may prevent a user from creating a VDC (even when they have the Manage virtual datacenters privilege) if they will not have enough privileges to work with resources in the VDC. This can occur if a restrictive default role will apply to the user. The default role applies to users without the "No VDC restriction" privilege. In order for these users to create a VDC:

  • the default role must have more privileges than an ENTERPRISE_VIEWER type role; or
  • the user must have the privilege to Manage roles so that this user is able to change the role of the virtual datacenter

Reserve physical machines for a tenant and restrict deployments

For a datacenter, you can reserve physical machines for a single enterprise and restrict deployments.

Privilege: Manage enterprise reserved servers

Before you begin:

  1. Check that the physical machine is not already reserved or running VMs deployed by a different enterprise. 

To reserve physical machines:

  1. Go to Users → edit Enterprise → Reservations 
  2. The platform will display a list of Available Servers (Physical Machines) that are in the enterprise's "Allowed datacenters". (See Allow a tenant to access datacenters and cloud providers). 
  3. Select the Physical Machine(s) in their Datacenter/Rack and move them to the "Reserved" pane using drag and drop. 

To restrict the enterprise so that it may only deploy on the physical machines reserved for it (and not on any others)

  1. Mark the "Only use 'Reserved Servers'" checkbox

 Click here to show/hide the screenshot


Add public cloud credentials for a tenant

To work with a public cloud region, each enterprise should have its own public cloud account for the cloud provider. All the users in the tenant will work with this same account. 

Before you begin:

  1. Check your provider's documentation and pricing. 
  2. Obtain credentials to access the cloud provider's API. We provide the following basic guides but you should always check with your provider. See Obtain public cloud credentials
  3. Check that the public cloud region you wish to use is available in your environment.

Privilege: Manage provider credentials

To add public cloud credentials:

  1. Go to Users → edit enterprise → Credentials → Public
  2. Enter the credentials as described here

    ProviderSelect public cloud provider or vCloud Director region
    Access key ID

    Identity to access the cloud provider API. For example, a username, API access key ID, subscription ID and certificate, or another account identifier. For DigitalOcean v2, the platform does not use this field but you need to write something in to enable the button Add account after.

    For Azure, the format is subscription-id#app-id#tenant-id

    Secret access keyKey to access the cloud provider API. For example, an API key or other API credential.

    For DigitalOcean v2 enter the token.

    Also use for pricingUse this credential to access pricing data in the provider. For example, to get hardware profile prices from AWS. For Azure, add a separate pricing credential.
    Current credentialsProvider credentials that are already in the platform
  3. Click Add account. The platform will validate your credentials with the cloud provider and save them
  4. Finish editing the enterprise and click Save

Enter tenant details and metadata

To store tenant details and metadata, use enterprise properties.

To manage enterprise properties:

  • Go to Users → edit Enterprise → Properties.
    • The platform may display some preset properties that were already defined by the administrator. 
  • To add your own properties, enter a Key and Value for each property and click the Add button
  • To edit a property, click the pencil Edit button to the right of the Value of the property
  • To delete a property, click the trash can button to the left of the Key of the property

You can also configure the tenant properties using the Abiquo API. See: EnterprisesResource


  • The maximum length of enterprise properties is a key of 255 characters and value of 255 characters.

Enable Chef for a tenant

The Abiquo Chef Integration allows you to automate the configuration of Linux VMs using Chef.

Privilege: Manage Chef enterprises

Before you begin:

  1. Set up a Chef Server with roles and recipes for your VMs 
  2. Obtain templates that support cloud-init in private cloud datacenters. 

For full details, see Abiquo Chef Integration Guide

To enable the Chef Integration for an enterprise:

  1. Go to Users → create or edit Enterprise
  2. Complete the dialo
  3. Continue editing or Save the changes to the enterprise



Enable Chef

Tick this checkbox to enable Chef

Server URL

Enter the URL of the Chef Server API

Validator Client

You must use the name of the validator client on the Chef server. The validator client will be used to register the nodes (VMs) for working with Chef

Validator Certificate

The validator certificate, which may be stored in a file called organization-validator or validation.pem

Admin Client

This must be a Chef admin client on the Chef server. The Abiquo Server will use it to work with the Chef Server so that when a VM is deployed, Abiquo can change and update recipes.

Admin Certificate

The admin client certificate, which may be stored in a file called adminclient.pem

Now the enterprise is ready to deploy VMs and automate software installation with Chef.

Set a pricing model for a tenant

To display charge-forward messages to your customers assign a pricing model to the enterprise. The platform can display a message with pricing information when the users deploy VMs and on-demand through the UI and API.

Before you begin:

  1. Go to Pricing view and configure pricing and create a pricing model.  

To set a pricing model for an enterprise:

  1. Go to Users → edit Enterprise → Pricing
  2. Select a pricing model from the pull-down menu. The details of the pricing model will be displayed. 
  3. Continue editing or Save enterprise details 
 Click here to show/hide the screenshot

Display and filter and switch enterprises

To search for an enterprise by name and filter the list of enterprises to display only the matching enterprises

  1. Go to Users
  2. Enter text and wildcards in the search box at the top of the Enterprises list.

After you create an enterprise, Abiquo will filter the enterprise display by the name of the new enterprise and select this enterprise.

To remove the new enterprise filter:

  1. Click the x beside it 

Abiquo will display the enterprise list in alphabetical order. If the new enterprise is on the first page, it will remain selected. Otherwise Abiquo will select All and display the first page.

To work within an enterprise (and access its resources, such as templates, virtual datacenters, private networks and VMs):

  1. Mouse over the enterprise name in the list and click the switch enterprises button.

You can also switch enterprises using the same button in the tenant list in Home View.

Edit an enterprise

Before you edit an enterprise, check if the users have created virtual datacenters and deployed VMs and the general resource usage of tenant.

Privilege: Manage enterprises, Manage users of all enterprises

To edit an enterprise:

  1. Select the enterprise in the Enterprises list and click the pencil edit icon.
  2. Move through the tabs and edit as required
    • Editing an enterprise is very similar creating an enterprise, as described in the previous sections on this page. 

    • Remember you may not be able to change some settings, especially for Allowed datacenters, after users have created virtual datacenters and deployed VMs
    • Some changes will not be retroactive, for example, if you change the default VLAN, this change will apply to all new virtual datacenters the enterprise creates

Change the default scope for the enterprise's users

When you create an enterprise, Abiquo automatically assigns your user scope as the default for users created in this tenant. When you edit a tenant, you can change the default scope for future users created in the tenant. 

Create an enterprise using the API

API Feature

To create an enterprise in the Abiquo API, create the enterprise using the EnterprisesResource.

Then to allow the users of the enterprise to work with VMs, assign an allowed datacenter or public cloud region. To do this, create an Enterprise-Datacenter Limit. See EnterpriseLimitsByDatacentersResource. The platform will then create a cloud location, which defines this relationship, so you can then manage cloud elements for the location. See AllowedLocationsResource

Pages related to enterprise tenants