CliQr is now part of Cisco Learn More About Cisco

Sub-Tenant Configuration

Overview

Cisco enables enterprises with multiple clients and centralize IT departments with multiple business units to create multiple hierarchies of administrators and users. Each hierarchy is called a tenant.

Configure Sub-Tenant Administrators

Tenant ID and Tenant Name Dependency

The Tenant ID field is displayed when a user logs into the CCM UI.

  • If the URL provided in the Tenant Name field includes the DNS name, the Tenant ID is not required to login to the CCM UI.
  • If the platform administrator (root) Tasks credentials are used to login to the CCM UI, the Tenant ID is not required.
  • In all other cases, you must provide a valid value in the Tenant ID field.

Typically, the Tenant ID field uses the first word provided in the Tenant Name. For example, if the Tenant Name is acme.cliqr.com, the CloudCenter platform automatically uses acme as the Tenant ID, unless otherwise configured in the Add a New Sub-Tenant page.

If this name is already used by another domain, you will see a corresponding error message requesting you to provide an alternate domain name.

Restrict Resource Permissions

You can share resources with sub-tenants as specified in Permission Control > Application Profile Permissions. As a resource owner, you can use the Share popup for a resource to control permissions for a resource.

If you share a resource:

  • With a tenant – all users in that tenant and its sub-tenants can view/access the shared resource.

  • With a user who is the sub-tenant admin – only that user can view/access the shared resource. If you assign Manage permissions, the sub-tenant admin can then share it with users and sub-tenants within his/her tenant.

To change resource (for example, an application profile) permissions, follow this procedure.

  1. From the Share popup for the application profile (or other resource), access the Users tab.

  2. Assign Manage permission for the application profile for the required sub-tenant admin and save your changes.
  3. Alert the sub-tenant admin to this change.

The sub-tenant admin can login and see the permitted application profile in the list of applications that (s)he already owns and can then decide to share the application profile with other users of their choice.

Disable Sub-Tenants

Only the tenant owner can disable sub-tenants.    

Cloud Governance

The CCM UI provides a view of the overall application health across multiple clouds just as it does for a single cloud. As an admin, you can specify how much of each workload runs on which cloud by using the CCM UI.

When governing hybrid clouds, a central authority, like the IT department for each enterprise, grants and restricts administers and provisions cloud services. To establish and govern hybrid clouds across departments, CloudCenter provides powerful governance features that allow administrators to set up multiple tenants, User Groups, and administrative tools that enforce standardized usage within the enterprise and between departments.

User Password Rules

The tenant administrator can reset password for tenant users or prevent all tenant users from resetting their own passwords.

Tenant administrators can configure the following password rules in the CloudCenter UI > Admin > Sub-Tenant Add a New Sub-Tenant page.

RuleDefaultType
Minimum length for password8Character limit scroll bar
Valid for days8Character limit scroll bar
No (unchecked)Check box
Require at least one uppercase characterNo (unchecked)Check box
Require at least one lowercase characterNo (unchecked)Check box
Require at least one digitNo (unchecked)Check box
Require at least one special characterNo (unchecked)Check box

Add Tenant-Specific CCOs

CloudCenter requires the CCO to be present in each target cloud region or cloud datacenter that is under management.

When an administrator installs an CCO for a tenant and registers it with the CCM, only permitted users, sub-tenants, and users within the sub-tenant can access this CCO. If this permission is not granted, tenant organizations can only work with clouds setup by their parent tenant.

Adding a tenant-specific CCO is the same as adding an CCO at the root level. The only difference is that you are logging in at the tenant level and need access to the applicable clouds and cloud accounts.

To add a tenant-specific CCO, follow this process:

  1. Contact your platform administrator (root) and/or Tenant Administrator to request cloud creation permissions. See Promote to Sub-Tenant Owner.
  2. To enable communication between the CCMCCO, and the Bundle Store within your cloud, you must provide the logical mapping details for your cloud configuration in the CCM UI. See Configure Cloud(s).
  3. Register the CCO with the CCM for this tenant.

Be aware of the following requirements to configure a logo for a tenant or sub-tenant:

  • CloudCenter supports PNG and JPG image formats
Icon

When a sub-tenant is assigned a logo, users in this sub-tenant must use their own domain URL to login. If these users use their parent tenant's or root tenant's domain URL to login, they will not be able to see the logo for their sub-tenant. If all tenants belong to the same organization, the same domain URL is used for all sub-tenants as well.

 To update the tenant logo, follow this procedure:

  1. Access the CCM UI > Admin > Sub-Tenants page.
  2. Click the required sub-tenant link to edit the details for this sub-tenant. The Edit Sub-Tenant Information page displays.
  3. Scroll down to the Add New Logo section and click the Browse button to select the new logo.
  4. Once selected, click the Add Logo button to update the logo. Verify the newly-added logo that is automatically displayed in this section.

Delete Tenant

You have the option to delete tenants and all its sub-tenants, including terminating VMs. Before deleting a tenant verify the following requirements:

  • All the running jobs will be terminated for all users – users cannot be deleted before their jobs are terminated.

  • All users in the tenant are deleted

  • All the sub tenants under the tenant must be deleted prior to issuing this API call. If any sub-tenant is not deleted, then a validation message states that you do this first.

To delete a tenant (or sub-tenant), access the CCM UI > Admin > Sub Tenants > TenantToBeDeleted > Actions dropdown > and select Delete.

Other References

  • No labels