ViPR 2.1 - Add a New Tenant to an Existing ViPR Virtual Data Center
Table of Contents
Before you begin
- You should plan how to you want to map users into tenants.
- To create a new tenant you will need the Tenant Administrator role for the provider tenant.
- To perform virtual array or virtual pool tenant assignment, you will need the System Administrator role.
- To configure the tenant for use by ViPR Data Services you will need the System Administrator role.
- Create a new tenant and map users into the tenant.
- Perform any virtual array and/or virtual pool assignment for the tenant.
You will need the System Administrator role and the Tenant Administrator role to perform this assignment.
- Assign a Tenant Administrator for the tenant.
- If you have configured Data Services, perform the namespace configuration for the Data Services tenant.
- Prepare the tenant for end-users by assigning users to projects and customizing the service catalog.
Before you begin
- You must have the Tenant Administrator role for the provider tenant.
- An authentication provider must have been registered with ViPR and must be for the domain from which you want to map users.
- Your AD administrator must have set up AD groups and/or attribute mappings in accordance with your tenant plan.
- At the ViPR UI, select .
- You can add a tenant by choosing Add, or to edit an existing tenant, click on the tenant name.
- Type a name and a description for the tenant.
- Optionally, specify a quota for the tenant. This is the total storage that users in the tenant can create.
- Select the domain to which the tenant users belong.
Your configuration could have a separate domain for each tenant, or you can use the same domain to provide users for more than one tenant. To use the same domain, you must configure the user mappings to identify the specific set of users that will belong to the tenant and to ensure that a user is mapped into only a single tenant.
- To specify the way users will be mapped from the selected domain, select
Add User Mapping Rule.
A user mapping rule is added to the tenant. You can add more than one user mapping to achieve finer grained control over the selection of users for the tenant.
- Specify any groups that you want to use to map users into the tenant.
The group or groups that you specify must exist in AD.A group associated with a domain can be used by more than one tenant, and the selection of users from the domain group can be based on attributes associated with the user.
- To use attributes to map users into the tenant, click the
Add Attribute button and enter the name of the attribute and the value or values for the attribute.
For users to be mapped into the domain, the attribute value set for the user must match the attribute value specified in ViPR. An example of setting user mappings at the Create Tenant page is shown below. In the example, users from the selected domain for whom the AD Department attribute has been set to "Accounts" are mapped into the tenant.
- Click Save.
After you finish
Any sub-tenant that you created requires a Tenant Administrator to perform day-to-day administration of the tenant: configuration of the service catalog, creation of projects, assignment of users to tenant roles. Sub-tenants can be managed by the Tenant Administrator of the provider tenant or a user that belongs to the tenant can be assigned as the Tenant Administrator.Back to Top
Before you begin
- You must have the Security Administrator role or the Tenant Administrator role for the tenant to which you want to assign the Tenant Administrator role. When a Tenant Administrator for the provider tenant creates a sub-tenant, they are automatically assigned as a Tenant Administrator for the sub-tenant.
- You will need the username or group to which you want to assign the Tenant Administrator role. The user or group must be a member of the tenant for which you want the user or group to be the administrator.
- Select .
- For the tenant for which you want to perform the assignment, select the Role Assignments button, located in the Edit column of the Tenants table.
- At the Tenant drop-down, select the tenant for which you want to assign a Tenant Administrator.
- Select Add.
- Select whether the role is being assigned to a User or Group.
- Enter the name of the user or group.
- Select the Tenant Administrator role.
- Select Save.
A virtual array comprises array endpoints and host endpoints interconnected by a SAN fabric or an IP network. The virtual array can comprise both fibre channel and IP networks. In this way different array ports can be configured into different virtual arrays, allowing a physical array to contribute to more than one virtual array.
This partitioning of physical arrays into virtual arrays, coupled with the ability to assign access to specific tenants, provides control over the storage provisioning environment made available to a tenant.
Even finer grained control can be obtained by assigning specific virtual pools to tenants. For storage provisioning purposes, the physical storage pools of a virtual array are offered as virtual pools based on their performance and protection characteristics. Restricting access to a virtual pool to specific tenants could mean that if a virtual pool is configured to use a particular array type, restricting access to the virtual pool can prevent a particular tenants from accessing the array. Similarly, you could restrict access to a pool that provides a particular performance characteristic, such as SSD.Back to Top
Before you begin
- You must have the System Administrator role in ViPR.
Prior to assigning a virtual array or virtual pool to one or more tenants, access the virtual array and virtual pool is available to all tenants. When you assign a virtual array or virtual pool to one or more tenants it will go from being unrestricted to being available only to the selected tenants. Tenants that could see the virtual pool prior to the assignment will no longer be able to do so.
For this reason restricting access to a specific tenant actually means assigning access to all of the tenants that you do want to allow access.
- Virtual array configuration. To select a virtual array and make it available to specific tenants:
Users belonging to the specified tenants will have access to the virtual array.
- At the ViPR UI, select .
- Select the virtual array that you want to assign/restrict access to.
- Check the Grant Access to Tenants box and choose the tenants that you want the virtual pool to be available to.
The Tenant Access panel on the Edit Virtual Array page is shown below.
- Save the virtual array.
- Virtual pool configuration. To select a virtual pool and make it available to specific tenants:
Users belonging to the specified tenants will have access to the virtual pool.
- At the ViPR UI, select or .
- Select the virtual pool that you want to assign/restrict access to.
- Expand the Access Control Panel and check the Grant Access to Tenants box. Choose the tenants that you want the virtual array to be available to.
The Tenant Access panel on the Edit/Create File Virtual Pool page is shown below.
- Save the virtual pool.
- Projects can be created and tenant users given access to the project.
- The service catalog can be configured by arranging services in categories. Tenant users can be assigned access to the allow categories or individual services.
- Hosts, clusters, and vCenters for the tenant can be added.
- Consistency groups can be created.
- Execution windows can be created.