Tuesday, July 3, 2012

vCD is multi-tenant, vCO is single-tenant, what now?

This week I had a discussion with one of our VSSP customers about the integration of vCloud Director in vCenter Orchestrator. As you might know there ist a plug-in for the vCD available which allows you to configure the vCD connection and make it available in vCO.

Now there is one thing to know about: If you configure the plug-in you will use the SYSTEM organization to have all other organizations available. If you connect to the vCO with the SOAP interface (with WaveMaker for example) the users will have full access to the vCD and not only to their organization.

Because of the user and role management in vCloud Director you will be limited in some functions. As example: There is no way to "consolidate" a VM even if you can see the chain length in their properties. This is limited to the provider administrator role.

So what´s the solution?

You can insert all organizations as new vCD connections in the vCD plug-in and as a vCO admin you are able to consolidate... but this isn´t really slick. The other was is to "authenticate" users with their organization and limit their access to their vApps/VMs.

After some attempts i designed a workflow like this:

IN-Parameter:

  • org (string)
  • user (string)
  • pass (string)

IN-Attributes:
  • url (string)
which were easy to fill from a web portal. With these parameters you are able to use the VclHost.login() method like this:

VclHostManager.setRuntimeCredentials(user, pass); 
var host = VclHostManager.createHost(); 
host.url = url; 
host.organization = org; 
host.sessionMode = VclHostSessionMode.PER_USER_SESSION; 
host.enabled = true; 
host.login(); 

Now you are "logged" in with the user and the matching org. A way to verify this is to check for the organizations:

var Organizations = host.getOrganizations(); 
for (i in Organizations){
    System.log("Organization: "+Organizations[i].name);
}


As you can see you will only receive the organizations of the logged in user :)

In my test environment it looks like this:














Now you will be able to get the vApps and Vms of the organization and do some magic with them. I will post some further steps (chain length, WaveMaker portal) later... cause I´m a consultant... in a hotel... with some beer... and only a notebook :)

2 comments:

  1. Property entrepreneurs & residence owners- offer me your ears! Believe in me, you'll thank me later. I asked tenants to discover out what their top 5 wish record products are. Study this and keep them restarting the rental and residing gladly ever after in your earnings residence. Changes out, tenants are fairly simple to please! So, pay attention up.
    www.rentalprotectionagency.com.

    ReplyDelete