A tenant is like an organizational unit in a vCloud Automation Center. A tenant can represent a business unit in an enterprise or a company that subscribes to cloud services from a service provider:
- Each tenant has its own dedicated configuration, although some system-level configuration is shared across tenants.
- The default tenant which created during the vCAC deployement is vsphere.local.
- You can add additional tenants using the system administrator account (administrator@vsphere.local)
The system administrator can manage system-wide configurations in the default tenant. These configurations include global system defaults for branding and notifications, and monitoring system logs.The default tenant (vSphere.local) is the only tenant that supports native Active Directory (AD) authentication. All other tenants must use AD over Lightweight Directory Access Protocol (LDAP) or OpenLDAP.
Each tenant has a unique URL to the vCloud Automation Center console where the default has been specified above, while mutli-tenant resources will be given a URL such as https://vcac-appliance-hostname.domain.name/shell-ui-app/org/mydepartment .
Before we start to configuring the Tenant, It is very important to understand certain roles and functions within vCAC. We have Many system wide roles available in the vCAC. At this Tenant configuration, it is necessary to understand the below 3 roles.
System Administrator: performs the initial configuration of single sign-on and basic tenant setup, including designating at least one identity store and a tenant administrator for each tenant
Infrastructure Administrator: The Infrastructure administrator is responsible for managing endpoints and endpoint credentials, and creating fabric groups.
Tenant Administrator: create custom groups within their own tenant and add both users and groups defined in the identity store to custom groups.
Default Tenant Configuration:
Open up the web browser and type https://vcac-appliance-hostname.domain.name/shell-ui-app (in my case https://vcac-01.vmwarearena.c0m/shell-ui-app) and log in with system administrator account administrator@vsphere.local and the SSO password
Once Logged-in, you will be able to see the default tenant (vsphere.local) under Tenants. you can click on + symbol to add the new tenant. I am going to use the default tenant as my tenant. Click on the tenanat vsphere.local
You are not allowed to edit any existing values under General option for the default tenant.
Click on Identity Stores tab and click on + symbol to add the identity stores. Each tenant must be associated with at least one identity store.Identity stores can be OpenLDAP or Active Directory (AD). For a default tenant, you can also use AD in native mode.
Provide the below active directory related information. I used AD Explorer from Microsoft Tools to identify the distinguished name for the administrator user account because you can’t use the User name. you need to use the distinguished name.
Once identity sources has been added, you can assign the vCAC system wide roles like Infrastructure administrator and Tenant administrators to your Active Directory users or Groups. I have already created 2 groups (infrastructure administrators and Tenant administrators) in my active directory domain VMwarearena.com. Click on Administrators Tab, type in your group name under Tenant and Infrastructure administrator role. Click on Update.
To test the assigned role , login to your vCAC portal using infra-admin credentials. Infra-admin@vmwarearena.com is the user account which is part of AD group Infrastructure Administrators
I am able to login successfully with the infra admin privileges.
That’sit. We are done with configuring Default tenant. Let’s take look at configuring endpoint, fabric groups and other stuffs in upcoming posts. I hope this is informative for you. Thanks for Reading !!!. Be Social and share it in social media, if you feel worth sharing it.