CloudCenter Suite supports a multi-tenant model where each tenant has their own users, resources, permissions and policies. All configuration of tenants and subtenants is performed through the Suite Admin Tenant List page as described in Manage Tenants. This section discusses actions in the Suite Admin Tenants page that are specific to Workload Manager
Manage Tenant-wide Firewall Rules
The Suite Admin allows tenant administrators to add, update and delete firewall rules that are applied to all VMs launched by all users in the tenant. Each firewall rule may be applied to one, several, or all VM-based cloud types configured for the tenant. To manage firewall rules, go to the Suite Admin home page and click on the Tenants tab to get to the Tenant List page. For your own tenant, hover over the Actions column and click on the dropdown icon to reveal the dropdown menu as shown in the figure below.
Select the Manage Security Policies menu choice. This displays the Manage Firewall Settings dialog box as shown in the figure below.
The top section of the dialog box lets you add a new firewall rule by clicking the Add Rule button. When you click the Add Rule button, a new line is created in the list of rules as shown in the following figure. You must then complete all of the fields for that rule. You can create more rules by again clicking the Add Rule button.
Important: In order for your newly created firewall rules to be saved when you click the Done button, you must ensure that the Create default security groups for users in tenant toggle is turned on before you click Done. If not, when you click Done, your newly created firewall rules will be lost.
Note that additional firewall rules may be defined for each tier of an application in the Application Tier Properties section of the Topology Modeler tab of the Application Profiles form. And additional firewall rules can be defined in Security Profiles which may be selected by the user when Deploying an Application. See Security and Firewall Rules for additional context.
The Allow launched VMs to communicate with each other toggle allows all VMs launched by a user to communicate with each other on all ports across all deployments for that user. This feature is only supported on Amazon, OpenStack, and Google clouds. Unchecking this check box puts the onus on users to set up inter-node communication for their respective deployments.
Manage Default Usage Plan
You can share any cloud region or cloud account visible to your tenant with any of your subtenants. From the subtenant actions dropdown menu select Manage Cloud Groups. This displays the Manage Cloud dialog box as shown in the figure below.
For each cloud tab on the left, select the Accounts tab on top to choose the cloud accounts to share, then select the Regions tab on top to choose the cloud regions to share. Click done after repeating this for all clouds you want to share.
- No labels