2. Organization Management (IAM)

In this area, you as a reseller manage your customers (clients), users and permissions for the Cloud Service Portal©.

2.1. Client Setup

To add a new client for the Cloud Service Portal© and the offered cloud services, e.g. OpenStack, please follow the steps below:

  1. Create Client - Creates the client account in the Cloud Service Portal© and the link to the uProvide account
  2. Enable Client Services - Enables a cloud service for a customer (client)
  3. Create Client User - Creates a client user and permissions to access the portal and cloud services

Note

The detailed user permissions for the individual panels (e.g. OpenStack, S3, USAGE) of the Cloud Service Portal can be configured under Dashboard Management => Manage Permissions ( Dashboard Management).

2.1.1. Create Client

To create a new client, please log into uProvide and first create an “Uprovide account” with the address and contact details for this new client. Now switch to the area of the created up-account and click on Services new.

../_images/cp-ui-reseller-create-client-upform.png
  • Now select the corresponding service Cloud Service Portal Client in the EW Cloud section.
../_images/cp-ui-reseller-create-client-upform1-ssc.png
  • Please fill out the client form and then click on create
../_images/cp-ui-reseller-create-client-upform2-ssc.png
  1. Client Name: Enter the client name here
  2. Client Description: Enter a description of the client here
  3. Client state: Select the state of the client here (e.g. Trial, Demo, Production, Managed)
  4. Available Services: Tick the service [1] (e.g. OpenStack) which you want to enable for the client.
  5. Primary color: Initial default values are specified here, which you can change later with Edit Service. The colors affect the main menu of the client dashboard as well as the different forms. The values are in HexDec.
  6. Secondary color: Here you can set the secondary color of the client dashboard. The values are in HexDec.
  7. Icon: Optionally, you can enter here the URL to an icon of the client, which is displayed in the upper left corner on the client dashboard. If you leave this field empty, the icon of the reseller will be displayed.

You have now created a client account in the Cloud Service Portal in your reseller realm and linked it to the Uprovide account you just created. This connection will later be used for billing and allocation of used services and resources (USAGE). As soon as the customer / reseller creates an OpenStack project, it will be displayed here as a SubService with the USAGE data (see uProvide autocreate OpenStack SubServices).

[1]The OpenStack Service needs to be enabled for the S3 Object Storage Service and Panel to be turned on and used.

Now log in to the Cloud Service Portal, create a User for this client and enable the desired Services and permissions.

Note

For this you need the authorizations on level Reseller

2.1.2. Enable Client Services

Note

The OpenStack Service needs to be enabled for the S3 Object Storage Service and Panel to be up and running.

For a service such as OpenStack to become available to a client, you must select it and activate it once.

  • To do this, navigate to the client area at the top and click Services`then :guilabel:`Services in the navigation on the left.
  • Now please click on the action button Activate Service and watch how the status changes from Not ACTIVE to ACTIVE. The service is now activated for the Client. Now activate the service for the desired users of the client.
../_images/cp-ui-reseller-create-activate-service.png

2.1.3. Create Client User

In order for a client to be able to log on to the Cloud Service Portal© or to use the service, it requires a user with the appropriate permissions.

  • To do this, navigate to Organization Management on the left, Clients and then click on the small arrow on the right of the line of the desired client for which you want to create a user and select Manage Users.
../_images/cp-ui-reseller-create-client-user.png

Note

Use the filter options to reduce the client list

  • You are now in the User Management of this client. Now click the button +Create User to create a user for this client.
../_images/cp-ui-reseller-create-client-user1.png
  • Then fill in the fields accordingly:
../_images/cp-ui-reseller-create-client-user-form.png
  1. User data: Please enter the user data [2] here
  2. Profiles: Select the desired profile for the Cloud Service Portal permissions for the user here. With the Client-Adm profile, the user can create and manage his own permission profiles for his client [2]
  3. Add: Then click Add to complete the process.

Note

After clicking Add a success message appears briefly with the initial password, which you can reset at any time (see Reset Client User Password ).

[2]Profiles - You can create your own individual user permission profiles in the Dashboard Management, which you can then select here(see Create Reseller Profile).

2.2. Edit Client

You may want to change the information about a client, unlock a service (e.g. Openstack), or customize the appearance of the client dashboard. To do this, please log in to uProvide and switch to the corresponding “Up-Account” in which the client service you want to customize is located.

  • Now click on the corresponding Services and then on Edit.
../_images/cp-ui-reseller-edit-client-upform1.png
  • Now make the desired adjustments and finish the process with save.
../_images/cp-ui-reseller-edit-client-upform2.png

Note

This data is transmitted to the Cloud Service Portal via API. A corresponding message appears on the screen (black box).

  • Then click Back to return to your service.

2.3. Reset Client User Password

To reset the password of a client user as a reseller, please proceed as follows:

  • Navigate to Organization Management >> Users on the left side and click on the small arrow on the right side of the line of the desired user for which you want to reset the password and then Reset password.
../_images/cp-ui-reseller-reset-user-password.png
  • A message New password: appears with the new password, which you can give to the customer.

2.4. uProvide autocreate OpenStack SubServices

In uProvide, a daily UP batch job, which runs at around 23:00, automatically creates the SubServices (OpenStack) of the Uprovide services “Cloud Service Portal Client EW” and “Cloud Service Portal Client SSC. Thus, OpenStack projects that a customer/reseller creates via the “Cloud Service Portal” automatically appear the next day as a SubService in the uProvide/upBusiness of the corresponding customer.

../_images/cp-up-subservice.png

From this point on, the USAGE and rating data will also be displayed within this service. The USAGE data collection itself starts at the same time as the creation of an OpenStack project.

../_images/cp-up-rating-data.png

2.5. Decommissioning of a Trail / Demo Client

Deleting OpenStack projects and the associated services and resources is done manually and preferably by the customer for security reasons.

Note

A trail account was usually not charged and will not be charged again. This means that no more USAGE data is required for this account and its services.

Procedure:

  1. Clean communication with customer a) extend b) will be deleted by date (create ticket for tracking)
  2. The customer/reseller deletes all resources (VMs, volumes, snapshots, VR,…) in the OpenStack Management Portal (Horizon)
  3. The customer/reseller deletes the Openstack project and all users of the trial account via Cloud Service Portal or API
  4. The reseller creates a task in the ticket with a request to delete the OpenStack sub-service in the trial customer’s Uprovide account.
  5. EW deletes the SubService “OpenStack” in the Uprovide account of the trial client (creates an UP-LOG entry) and sets the Client State to Disabled
  6. EW deletes the Client Service Portal service after 6 months
  7. EW deletes the Up account if no other services are used after 6 months

Note

For the delete request, the following minimum information is required: a) client name, b) project_id and project-name of the service to be deleted

2.6. Decommissioning of a Production Client

Procedure:

  1. The customer creates a ticket for cancellation/deletion order
  2. Clean communication with customer - a) Identify cancellation/deletion request through e.g. call back (KYC), b) Verify authorization of requester.
  3. The customer deletes all its resources (VMs, volumes, snapshots, VR,…) in the OpenStack Management Portal (Horizon)
  4. The customer/reseller deletes the Openstack project and all users of the account via Cloud Service Portal or API
  5. The Reseller creates a task in the ticket with a request to delete the OpenStack sub-service in the customer’s Uprovide account.
  6. EW checks whether there are still open settlements and, after they have been settled, executes the deletion of the “OpenStack” sub-service in uProvide and sets the client state to Inactive
  7. EW deletes the Client Service Portal service after 6 months (before that check if no new OS projects were created)
  8. EW deletes the Up account if no other services are used after 6 months

Note

The allocation continues until all resources (USAGE) have been deleted (point 3).

3. Dashboard Management

With the help of User Profiles, you can ensure that certain groups of users always receive the same permissions. The selected permissions are stored in a user profile, which you can then select when creating a user. This makes it much easier to manage the permissions of users. Also, you can easily change the permissions centrally for all users who use a particular profile.

The administration for this can be found in the menu item Dashboard Management. In the following chapter of the Reseller Manual only the reseller specific functions and possibilities are described.

3.1. List profiles

Resellers can choose between two standard user profiles (A & B) and a Reseller Profile (C).

    1. User-Adm - Can manage all users of this client and has access to all panels
    1. User has access to the S3 panel and cannot manage users.
    1. Client-Adm Can manage all users and clients of your realm and has access to all panels

To list the details of the profiles, go to Dashboard Management => Profiles.

../_images/cp-ui-profiles-list2.png
  1. Profile - Name of the profile
  2. Permissions - Lists all permissions of this profile, including a description
  3. Origin - Shows which role created this profile
  4. Users - Shows which users are using this profile
  5. Actions - Here you can add a description to your profiles or delete the profile.
  6. Filter - Here you can filter for any information you want

3.2. Create Reseller Profile

To create a new reseller profile, please proceed as follows:

To do this, navigate to Dashboard Management => :guilabel:`Manage permissions`on the left

  • Click on permissions for a user with a Reseller Profile (Client-Adm), which serves as a template
  • The permission sections for this user are displayed.
  • Now switch to the corresponding Permission section, which you want to adapt for the new profile. In our example Organization_Management (1)
../_images/cp-ui-profiles-detail4.png
  • Now grant the desired permissions (2). Leave at least one Clients (2) permission (e.g. Show clients) so that the new profile remains visible ONLY for reseller users.
  • To save the profile with the adjusted permissions as a new profile, please click on the Save permissions as a new profile button (3).
../_images/cp-ui-new-profiles2.png
  • Now enter a Profile Name and a Description for the new profile in the input mask and confirm the entry with the create profile button.

Note

The user’s profile remains unchanged by the creation of the new profile.

Warning

By granting client permissions a user gets reseller rights and can therefore create and edit other clients!

3.3. Create Client User Profile

You can create a user profile for your clients as described in Create Profile. Precondition: The profile must NOT contain any client permissions in the section Organization_Management! … note:: User profiles you create as a reseller are automatically visible to all your clients.

3.4. Customize Navigation User Interface

To enable the best possible user experience, the menu items displayed can be customized. This makes it possible, for example, for a client that only wants to manage S3 Object Storage with the Cloud Service Portal© to enable only these menu items.

The control of the respective menu items and displayed panels is done via the granted permission. This can be found Dashboard Management => Manage Permissions in the respective section, such as Quota, Usage dashboard, OpenStack or S3 Storage Management.

To create individual user profiles, please follow the instructions as described in Create Profile.

4. Quota Management

Quota management is described in detail in the Client User Manual (see Quota Management), so this section is limited to the additional functions of a reseller.

4.1. Manage permissions

As a reseller, you can then assign the quota panel permissions for your and your clients’ users under Quota in Manage permissions. To do this, click on the Manage permissions button on the right-hand side of the line for the relevant user.

Note

If you do not grant a user permissions for the Quota Panel, it will not appear in the navigation for this user.

4.2. Quota Overview

In contrast to a client, you as a reseller will find the quotas of all your clients under Quota Overview.

4.2.1. Approve Client quota request

In addition to the client Quota Management functions, you can process a Client quota request from a client here and answer it with one of the Approve or Reject buttons.

../_images/cp-ui-req-quota4.png

Additionally you have another menu item Pending quota requests in which you can list and edit all quota requests of clients in tabular form.

../_images/cp-ui-req-quota5.png

4.3. Create globale Quota Profiles

For easier management of your and your clients’ resources you can create quotas, for which you can find a description under Create Quota Profiles. As a reseller, you can also make created quota profiles visible and selectable for your clients.

  • To do this, check the Inheritable box when creating a quota profile.
../_images/cp-ui-create-quota-profile-inheritable.png

Note

Your clients can use profiles they have shared, but they cannot edit them.

4.4. Create Client Quota Profiles

Alternatively, you could create a quota profile for one of your clients.

  • To do this, navigate at the top to the area of the Client (1) for which you want to create a quota profile and then click on Quota in the navigation on the left and then on Profiles.
  • Now click on the Create profile button (2).
  • Then fill in the form and confirm with the create button.
../_images/cp-ui-reseller-create-client-quota-profile-ssc.png

For more information, see Create Quota Profiles.

5. Create Client OpenStack Project

To create an OpenStack Project for a client,

  • Make sure that you are in the area of the corresponding client. If not, first navigate to the area of the Client for which you want to create a project.
../_images/cp-ui-reseller-client-context.png

please follow the instructions in the following chapter Create OpenStack Project.