This post is more than 5 years old
5 Practitioner
•
274.2K Posts
0
1690
Multi-Tenant Views
Is it possible to create a multi-tenant environment in ViPR SRM, where users can monitor their own resources without stepping on other user's stuff?
This post is more than 5 years old
5 Practitioner
•
274.2K Posts
0
1690
Is it possible to create a multi-tenant environment in ViPR SRM, where users can monitor their own resources without stepping on other user's stuff?
Top
fredc2
14 Posts
0
October 2nd, 2014 10:00
When you combine ViPR SRM with ViPR controller this gets even easier. As each resource in the ViPR SolutionPack is already tagged with a ViPR tenant the data enrichment is already done for you. All you need to do is assign a filter where tenname = 'Name of Tenant'
When you setup the user, set the storage roll, and just apply the tenant filter to the other options.
First create your new user and add the "Storage Administrator User" role.
Then set the tenname filter for that user's account.
When you are done the tenant's other options should look like this:
The ViPR administrator will be able to see all tenants and resources as normal. This is what they can see when logged in:
And when the account with the filter setup logs in, they will only see the tenants and projects for that user's tenant in ViPR.
You can now choose to make the Tenant's landing page the tenant dashboard or project dashboard based on your preferences. You can do this by setting up a ViPR tenant profile and using the Login Report settings in the Profile Administration as shown by lonespeedster above.
P.S. This technique will not work if you have multiple tenant's named Frito-Lay. The name is probably good enough for small shops or quick demonstration purposes. If you do for some weird reason have multiple tenants named the same thing then you will have to use the Tenant's ViPR URN instead. You can see this ID easily if you are in ViPR Portal and edit the tenant as administrator. Simply set tenid=='urn:storageos:TenantOrg:....' instead of tenname in your user configuration settings. The tenant's URN ID is the part starting with urn:storageos to the end of the URL in the browser.
Use this ID instead of the tenant's name in the user's master filter as shown below and now you can name or rename tenants in ViPR and the tenant view will remain the same regardless of name or number of tenant named the same thing.
Enjoy,
Fred
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 2nd, 2014 09:00
Yes, SRM does have the ability to setup a multi-tenant environment. Let’s consider a scenario where I’d like to provide access to a set of Isilon shares to a user named “sam”. On a high-level, these are the things I need to do:
NOTE: This is a very simple example of multi-tenancy. We can do a lot more with alert configuration, report customization etc. in SRM with regards to multi-tenancy.
< >
This is where I’ll be defining the boundary of what Sam can monitor and avoid him from viewing un-authorized resources. Hence, grouping or tagging resources is the fundamental step in establishing a multi-tenant environment. Having that said, SRM has the ability to tag whatever resources that you’d like to be tagged – storage systems, hosts, LUNs, shares – whatever you need!
The first step is to enable the data-enrichment module on the appropriate solution pack, in this case the Isilon solution pack.
Once you have the data-enrichment registered, click on “Collector Manager :: emc Isilon :: ISILON-PTF1” in the Data-Enrichment inventory view. You will be navigated to the Isilon tagging page named as “Module ‘emc-isilon :: ISILON-PTF1’ on server ‘server-name’”.
This is the place where you would group your desired resources, in our case, the selective Isilon shares. To effectively use the feature, you must be familiar with the property-names used within the SRM application and this post assumes that you know the basics. For more details on property-names and filters, check out the following link: Click here
We’re done with tagging our Isilon shares. In order for SRM to recognize the newly created “tags” within the entire system, we’ll have to wait for a polling cycling (on the collector server - which happens every 15 minutes) and a refresh of the property-store (on the frontend server- which happens every 1 hour). Now, if you’re impatient as I am, please follow these steps to do a manual refresh:
The second step is to refresh the property-store.
< >
The roles in SRM will help me define what a SRM user can and can’t do, which is one of the most important steps in a multi-tenant environment.
By the time you’re done creating the role, the property-store refresh should have been completed
< >
This is relatively a no brainer task. I’ll create a user named “Sam” and attach the user to the tag\group he’s responsible for.
< >
Now, if the purpose of having this user is just to monitor the quota usage of his shares, then you can setup a profile that would enable him to view the preferred report the moment he logs in. This can be a useful feature, if the user doesn’t know his way around SRM to browse to his preferred report.
Now when Sam logs in this is what he’ll be looking at:
Tada!!!!
On the other hand, this is what “sam” will be looking at If I had used the report identifier “0-c2-ffffff32-8bf101bb-13bb7b00-404a2b57-a6075f7e” without the “report.jsp” prefix in the “Login Report” field within the user-profile.
Hope that helps!