In this section we will configure user accounts and the default tenant. The default tenant has been created during installation and it can be reached at the address https://vcac-appliance-hostname.domain.name/shell-ui-app; it can be accessed using the email@example.com SSO account.
Single or Multi-Tenant configuration
vCAC 6 can be configured as Single or Multi-Tenant application. A tenant is an organizational unit within a vCloud Automation Center deployment. A tenant can represent a business unit within an enterprise or a company that subscribes to cloud services from a service provider. Each tenant has a unique URL to the vCloud Automation Center console where the default has been specified above, while multi-tenant resources will be given a URL such as https://vcac-appliance-hostname.domain.name/shell-ui-app/org/MyTenant. The default tenant is the only tenant that supports native Active Directory authentication; all other tenants must use Active Directory over LDAP or OpenLDAP
In a single tenant configuration, everything is handled at the default instance. This includes system wide configurations. Tenant administrators can manage users and groups, configure tenant-specific branding, notifications, business policies, and catalog offerings. The system administrator account is always firstname.lastname@example.org, while the tenant administrator must be a user in one of the tenant identity stores, such as email@example.com.
In a multi-tenant environment, the system administrator creates new tenants for each organization that uses the same vCloud Automation Center instance. Tenant users log in to the vCAC console using their specific tenant URL.
vCAC 6 Roles
Before proceeding to configure users and tenant, I think it could be useful understand differences between Tenant and Infrastructure Administrator Roles:
The tenant administrator is a line-of-business administrator, business manager, or IT administrator who is responsible for a tenant. Tenant administrators configure vCloud Automation Center for the needs of their organizations. They are responsible for user and group management, tenant branding and notifications, and business policies such as approvals and entitlements. They also track resource usage by all users within the tenant and initiate reclamation requests for virtual machines.
Infrastructure administrators manage endpoints and endpoint credentials, create fabric groups, and configure virtualization proxy agents. They also manage cloud service accounts as well as physical machines and storage devices. They also monitor logs that are specific to IaaS.
Configuring Default Tenant
- Go to the Default Tenant address (https://vcac-appliance-hostname.domain.name/shell-ui-app) and log in using the SSO users firstname.lastname@example.org
- Click on Configure system then go to Tenants and, at this point, click on vsphere.local
- Go to the identity stores tab and click the green plus
- Provide the required information, click on Test Connection to verify your configuration and then click Add button
- Go the Administrator tab and add users and groups you want to have Tenant Administrator access as well as Infrastructure Administrator rights
- At this point you have completed the initial configuration and you will be able to log in using your domain credentials (Remember to login with the users FQDN).
Create a new Tenanat
My deployment is Single Tenant, but if you need to create more Tenants you can follow these steps: