2. Organization Management (IAM)

In this area, you as a reseller manage your customers (clients), users and permissions for the Cloud Service Portal©.

2.1. Client Setup

To add a new client for the Cloud Service Portal© and the offered cloud services, e.g. OpenStack, please follow the steps below:

  1. Create Client - Creates the client account in the Cloud Service Portal© and the link to the uProvide account
  2. Enable Client Services - Enables a cloud service for a customer (client)
  3. Create Client User - Creates a client user and permissions to access the portal and cloud services

Note

The detailed user permissions for the individual cloud services (e.g. OpenStack) can be found in the corresponding submenus of the services (e.g. OpenStack).


2.1.1. Create Client

To create a new client, please log into uProvide and first create an “Uprovide account” with the address and contact details for this new client. Now switch to the area of the created up-account and click on Services new.

../_images/cp-ui-reseller-create-client-upform.png
  • Now select the corresponding service Cloud Service Portal Client in the EW Cloud section.
../_images/cp-ui-reseller-create-client-upform1-ssc.png
  • Please fill out the client form and then click on create
../_images/cp-ui-reseller-create-client-upform2-ssc.png
  1. Client Name: Enter the client name here
  2. Client Description: Enter a description of the client here
  3. Client state: Select the state of the client here (e.g. Trial, Demo, Production, Managed)
  4. Available Services: Tick the service [1] (e.g. OpenStack) which you want to enable for the client.
  5. Primary color: Initial default values are specified here, which you can change later with Edit Service. The colors affect the main menu of the client dashboard as well as the different forms. The values are in HexDec.
  6. Secondary color: Here you can set the secondary color of the client dashboard. The values are in HexDec.
  7. Icon: Optionally, you can enter here the URL to an icon of the client, which is displayed in the upper left corner on the client dashboard. If you leave this field empty, the icon of the reseller will be displayed.

You have now created a client account in the Cloud Service Portal in your reseller realm and linked it to the Uprovide account you just created. This connection will later be used for billing and allocation of used services and resources (USAGE). As soon as the customer / reseller creates an OpenStack project, it will be displayed here as a SubService with the USAGE data (see uProvide autocreate OpenStack SubServices).

[1]The OpenStack Service does not need to be enabled for the S3 Object Storage Service and Panel to be turned on and used.

Now log in to the Cloud Service Portal, create a User for this client and enable the desired Services and permissions.

Note

For this you need the authorizations on level Reseller

2.1.2. Enable Client Services

Note

The OpenStack Service does not need to be enabled for the S3 Object Storage Service and Panel to be up and running.

For a service such as OpenStack to become available to a client, you must select it and activate it once.

  • To do this, navigate to the client area at the top and click Services`then :guilabel:`Services in the navigation on the left.
  • Now please click on the action button Activate Service and watch how the status changes from Not ACTIVE to ACTIVE. The service is now activated for the Client. Now activate the service for the desired users of the client.
../_images/cp-ui-reseller-create-activate-service-ssc.png

2.1.3. Create Client User

In order for a client to be able to log on to the Cloud Service Portal© or to use the service, it requires a user with the appropriate permissions.

  • To do this, navigate to Organization Management on the left, Clients and then click on the small arrow on the right of the line of the desired client for which you want to create a user and select Manage Users.
../_images/cp-ui-reseller-create-client-user-ssc.png

Note

Use the filter options to reduce the client list

  • You are now in the User Management of this client. Now click the button +Create User to create a user for this client.
../_images/cp-ui-reseller-create-client-user1-ssc.png
  • Then fill in the fields accordingly:
../_images/cp-ui-reseller-create-client-user-form-ssc.png
  1. User data: Please enter the user data [2] here
  2. Clients: The Client Permissions are exclusively reserved for Reseller Users and may NOT be assigned to Client Users!!!
  3. Users: With these permissions a user can view, create, delete and edit other users of the client. Please select the desired permissions.
  4. Management-profiles With these rights you allow the user to create and manage permission profiles for his client (see Create User Profile). Then click on Add.

Danger

With Client Permissions a user would get Reseller Permissions and could create and edit other clients accordingly! A user of a client should therefore NEVER get these rights!

[2]Profiles - If you have already created a User Permission Profile in Dashboard Management, you can select it here.

Note

After clicking Add a success message appears briefly with the initial password, which you can reset at any time (see Reset Client User Password ).

3. Customize Navigation User Interface

To enable the best possible user experience, the menu items displayed can be customized. This makes it possible, for example, for a client that only wants to manage S3 Object Storage with the Cloud Service Portal© to enable only these menu items. A description of the menu items can be found in chapter User interface overview.

The control of the respective menu items and displayed panels is done via the granted permission. This can be found in the Manage Permissions section in the respective section, such as Quota, Usage dashboard, OpenStack or S3 Storage Management.

Since there are any number of combinations for activating the menu structure and authorizations, the principle is described here using two Best Practice examples.

3.1. OpenStack Client

This example describes how to configure a client to use OpenStack (Horizon) and the following service panels:

  • OpenStack - Client can independently create additional OpenStack projects.
  • Quota - Client can assign and manage its quotas to projects.
  • USAGE dashboard - Client can call and create USAGE reports.

Note

The Organization Management panel appears automatically by releasing the User management permissions of the Client Admin User.

The Cloud Service Portal© dashboard of the client presents itself as follows after configuration for a Client Admin User:

../_images/cp-ui-client-dashboard-openstack-ssc.png

Prerequisites: Please ensure that the following requirements are met:

  1. Create Client - In uProvide, a client account has been created with OpenStack Service.
  2. Enable Client Services - The OpenStack service has been enabled.
  3. Create Client User - At least one client user exists.
  • To unlock a panel for a client, first navigate to the top of the Client for which you want to change the view.

3.1.1. Enable OpenStack Panel

The OpenStack Panel automatically becomes visible to users once this client’s OpenStack Service is enabled.

../_images/cp-ui-reseller-create-client-upform2-ssc.png

You can also enable the OpenStack service later in uProvide through EDIT service Cloud Service Portal Client.

To create an OpenStack Project for a client,

  • Make sure that you are in the area of the corresponding client. If not, first navigate to the area of the Client for which you want to create a project.
../_images/cp-ui-reseller-client-context.png

please follow the instructions in the following chapter Create OpenStack Project.

3.1.2. Enable Client to create OpenStack Projects

To authorize a client user to create OpenStack projects and manage the permissions, please follow these steps:

  • To do this, navigate to OpenStack on the left and then to Manage permissions.
  • Now all users are listed, which you could authorize
  • Now please click on the right side of the line of the desired user on the actions button Manage Permissions

Tip

Use the filter function to better find the user you are looking for.

../_images/cp-ui-reseller-manage-project-permissions.png
  • Now select the desired permissions for the user. If the user is allowed to manage OpenStack projects as well as user permissions for them, grant him both permissions accordingly.
  • Confirm your entry with the update button.
../_images/cp-ui-reseller-manage-project-permissions2.png
  • Repeat this process for all users you want to authorize.
  • The authorized user can now create and manage OpenStack projects himself
  • Please also check the #Project Quota of the client in the menu item Quota Overview.

3.1.3. Enable Quota Panel

  • Now navigate in the client area on the left to Quota and then to Manage Permisions.
  • Now please click on the Manage Permissions button on the right side of the corresponding user
../_images/cp-ui-enable-client-quota-permissions1.png
  • Now select the desired permissions for this user and confirm with the button update
  • For the Client Admin User we select all options, allowing this user to see and use all quota menu items Manage Permisions, Quota Overview and Profiles.
../_images/cp-ui-enable-client-quota-permissions2.png

Client Admin User:

The quota menu for this Client Admin User clienta-adm1 shows up as follows:

../_images/cp-ui-enable-client-quota-permissions3.png

Client Standard User:

  • For the Client Standard User we only select the options for the Quota Overview menu, which means that this user only sees this menu and can use it according to the granted permission.
../_images/cp-ui-enable-client-quota-permissions4.png

The quota menu for this Client Standard User clienta-u2 shows up as follows:

../_images/cp-ui-enable-client-quota-permissions5.png

3.1.4. Enable Usage Dashboard Panel

  • Please navigate in the client area on the left to Usage dashboard and then to Manage Permisions.
  • Now click on the Manage Permissions button on the right for the corresponding user
../_images/cp-ui-enable-client-usage-dashboard-permissions1.png
  • Now select the desired permissions for this user and confirm with the button update
  • For the Client Admin User, we select all options, allowing this user to see and use all Usage Dashboard menu items.
../_images/cp-ui-enable-client-usage-dashboard-permissions2.png

Client Admin User:

The Usage Dashboard menu for this client admin user clienta-adm1 now shows up as follows:

../_images/cp-ui-enable-client-usage-dashboard-permissions3.png

Client Standard User:

  • For the Client Standard User we only select the options for the Usages menus, which means that this user will only see this menu and will not be able to manage any permissions.
../_images/cp-ui-enable-client-usage-dashboard-permissions4.png

The Usage Dashboard menu for this client default user clienta-u2 shows up as follows:

../_images/cp-ui-enable-client-usage-dashboard-permissions5.png

3.2. Setup S3-only Client

This example describes how to configure the user interface for a client that only wants to manage S3 Object Storage, does not use OpenStack and therefore only receives the following service panels:

  • guilabel:Organization Management > Users - Optionally, the client can also manage its users
  • USAGE dashboard - Client can call and create USAGE reports.
  • guilabel:S3 Object Storage - Client can create projects, buckets and EC2 credentials and upload and download files.

Note

The Organization Management panel appears automatically by unlocking the User management permissions of the Client Admin User. To enable the USAGE panel, please see Enable Usage Dashboard Panel here.

Client Admin User:

The Cloud Service Portal© dashboard of a S3-only Client Admin User presents itself as follows after configuration:

../_images/cp-ui-client-dashboard-S3-admin-ssc.png

Client Standard User:

  • The dashboard of an S3-only Client Standard User appears as follows:
../_images/cp-ui-client-dashboard-S3-standard-ssc.png

Requirements:

Please make sure that the following requirements are met before starting the configuration:

  1. Create Client - A client account has been created in uProvide.
  2. Enable Client Services - The OpenStack service has not been enabled.
  3. Create Client User - At least one client user exists.
  • To unlock a panel for a client, first navigate to the top of the Client for which you want to change the view.

3.2.1. Enable S3 Object Storage Panel

  • Please navigate in the client area on the left to S3 Object Storage and then to Manage Permisions.
  • Now click on the Manage Permissions button on the right for the corresponding user
../_images/cp-ui-enable-client-s3-dashboard-permissions1.png
  • Now select the desired permissions for this user and confirm with the button update
  • For the Client Admin User, we select all options, giving this user all permissions to manage Buckets, Users, Projects, and EC2 Credentials.
../_images/cp-ui-enable-client-s3-dashboard-permissions2.png

3.3. Edit Client

You may want to change the information about a client, unlock a service (e.g. Openstack), or customize the appearance of the client dashboard. To do this, please log in to uProvide and switch to the corresponding “Up-Account” in which the client service you want to customize is located.

  • Now click on the corresponding Services and then on Edit.
../_images/cp-ui-reseller-edit-client-upform1.png
  • Now make the desired adjustments and finish the process with save.
../_images/cp-ui-reseller-edit-client-upform2.png

Note

This data is transmitted to the Cloud Service Portal via API. A corresponding message appears on the screen (black box).

  • Then click Back to return to your service.

3.4. Reset Client User Password

To reset the password of a client user as a reseller, please proceed as follows:

  • Navigate to Organization Management >> Users on the left side and click on the small arrow on the right side of the line of the desired user for which you want to reset the password and then Reset password.
../_images/cp-ui-reseller-reset-user-password.png
  • A message New password: appears with the new password, which you can give to the customer.

3.5. uProvide autocreate OpenStack SubServices

In uProvide, a daily UP batch job, which runs at around 23:00, automatically creates the SubServices (OpenStack) of the Uprovide services “Cloud Service Portal Client EW” and “Cloud Service Portal Client SSC. Thus, OpenStack projects that a customer/reseller creates via the “Cloud Service Portal” automatically appear the next day as a SubService in the uProvide/upBusiness of the corresponding customer.

../_images/cp-up-subservice.png

From this point on, the USAGE and rating data will also be displayed within this service. The USAGE data collection itself starts at the same time as the creation of an OpenStack project.

../_images/cp-up-rating-data.png

3.6. Decommissioning of a Trail / Demo Client

Deleting OpenStack projects and the associated services and resources is done manually and preferably by the customer for security reasons.

Note

A trail account was usually not charged and will not be charged again. This means that no more USAGE data is required for this account and its services.

Procedure:

  1. Clean communication with customer a) extend b) will be deleted by date (create ticket for tracking)
  2. The customer/reseller deletes all resources (VMs, volumes, snapshots, VR,…) in the OpenStack Management Portal (Horizon)
  3. The customer/reseller deletes the Openstack project and all users of the trial account via Cloud Service Portal or API
  4. The reseller creates a task in the ticket with a request to delete the OpenStack sub-service in the trial customer’s Uprovide account.
  5. EW deletes the SubService “OpenStack” in the Uprovide account of the trial client (creates an UP-LOG entry) and sets the Client State to Disabled
  6. EW deletes the Client Service Portal service after 6 months
  7. EW deletes the Up account if no other services are used after 6 months

Note

For the delete request, the following minimum information is required: a) client name, b) project_id and project-name of the service to be deleted

3.7. Decommissioning of a Production Client

Procedure:

  1. The customer creates a ticket for cancellation/deletion order
  2. Clean communication with customer - a) Identify cancellation/deletion request through e.g. call back (KYC), b) Verify authorization of requester.
  3. The customer deletes all its resources (VMs, volumes, snapshots, VR,…) in the OpenStack Management Portal (Horizon)
  4. The customer/reseller deletes the Openstack project and all users of the account via Cloud Service Portal or API
  5. The Reseller creates a task in the ticket with a request to delete the OpenStack sub-service in the customer’s Uprovide account.
  6. EW checks whether there are still open settlements and, after they have been settled, executes the deletion of the “OpenStack” sub-service in uProvide and sets the client state to Inactive
  7. EW deletes the Client Service Portal service after 6 months (before that check if no new OS projects were created)
  8. EW deletes the Up account if no other services are used after 6 months

Note

The allocation continues until all resources (USAGE) have been deleted (point 3).

4. Dashboard Management

In Dashboard Management, among other things, the permissions for the Cloud Service Portal are managed with the help of profiles. This allows any user profiles to be created, which can then be selected as a permission profile when creating a user.

4.1. Create User Profile

With the help of User Profiles, you can ensure that certain groups of users always receive the same permissions. The selected permissions are stored in a user profile, which you can then select when creating a user. This makes it much easier to manage the permissions of users. Also, you can easily change the permissions centrally for all users who use a particular profile.

  • To create a user profile, please navigate to Dashboard Management >> Profiles on the left and then click Create Profile
../_images/cp-ui-reseller-create-Profile-ssc.png
  • Please enter a profile name, tick the permissions you want to assign to this profile and complete your entry by clicking the Add button.
  • Below are some examples of user profiles:
../_images/cp-ui-reseller-create-Profile1-ssc.png ../_images/cp-ui-reseller-create-Profile2-ssc.png ../_images/cp-ui-reseller-create-Profile3-ssc.png

Warning

By granting client permissions a user gets reseller rights and can therefore create and edit other clients!

5. Quota Management

Quota management is described in detail in the Client User Manual (see Quota Management), so this section is limited to the additional functions of a reseller.

5.1. Manage permissions

As a reseller, you can then assign the quota panel permissions for your and your clients’ users under Quota in Manage permissions. To do this, click on the Manage permissions button on the right-hand side of the line for the relevant user.

Note

If you do not grant a user permissions for the Quota Panel, it will not appear in the navigation for this user.

5.2. Quota Overview

In contrast to a client, you as a reseller will find the quotas of all your clients under Quota Overview.

5.2.1. Approve Client quota request

In addition to the client Quota Management functions, you can process a Client quota request from a client here and answer it with one of the Approve or Reject buttons.

../_images/cp-ui-req-quota4.png

Additionally you have another menu item Pending quota requests in which you can list and edit all quota requests of clients in tabular form.

../_images/cp-ui-req-quota5.png

5.3. Create globale Quota Profiles

For easier management of your and your clients’ resources you can create quotas, for which you can find a description under Create Quota Profiles. As a reseller, you can also make created quota profiles visible and selectable for your clients.

  • To do this, check the Inheritable box when creating a quota profile.
../_images/cp-ui-create-quota-profile-inheritable.png

Note

Your clients can use profiles they have shared, but they cannot edit them.

5.4. Create Client Quota Profiles

Alternatively, you could create a quota profile for one of your clients.

  • To do this, navigate at the top to the area of the Client (1) for which you want to create a quota profile and then click on Quota in the navigation on the left and then on Profiles.
  • Now click on the Create profile button (2).
  • Then fill in the form and confirm with the create button.
../_images/cp-ui-reseller-create-client-quota-profile-ssc.png

For more information, see Create Quota Profiles.

6. Create Client OpenStack Project

To create an OpenStack Project for a client,

  • Make sure that you are in the area of the corresponding client. If not, first navigate to the area of the Client for which you want to create a project.
../_images/cp-ui-reseller-client-context.png

please follow the instructions in the following chapter Create OpenStack Project.