Self-Service Portal Administration Guide

Acropolis 5.0
03-Feb-2017
Notice

Copyright
Copyright 2017 Nutanix, Inc.
Nutanix, Inc.
1740 Technology Drive, Suite 150
San Jose, CA 95110
All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. Nutanix is a trademark of Nutanix, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.

License
The provision of this software to you does not grant any licenses or other rights under any Microsoft
patents with respect to anything other than the file server implementation portion of the binaries for this
software, including no licenses or any other rights in any hardware or any devices or software that are used
to communicate with or in connection with this software.

Conventions
Convention Description

variable_value The action depends on a value that is unique to your environment.

ncli> command The commands are executed in the Nutanix nCLI.

user@host$ command The commands are executed as a non-privileged user (such as nutanix)
in the system shell.

root@host# command The commands are executed as the root user in the vSphere or Acropolis
host shell.

> command The commands are executed in the Hyper-V host shell.

output The information is displayed as output from a command or in a log file.

Default Cluster Credentials

Interface Target Username Password

Nutanix web console Nutanix Controller VM admin admin

vSphere Web Client ESXi host root nutanix/4u

Copyright | Self-Service Portal Administration Guide | Prism | 2

 Interface Target Username Password

vSphere client ESXi host root nutanix/4u

SSH client or console ESXi host root nutanix/4u

SSH client or console AHV host root nutanix/4u

SSH client or console Hyper-V host Administrator nutanix/4u

SSH client Nutanix Controller VM nutanix nutanix/4u

SSH client or console Acropolis OpenStack root admin

Services VM (Nutanix
OVM)

Version
Last modified: February 3, 2017 (2017-02-03 14:30:17 GMT-8)

Copyright | Self-Service Portal Administration Guide | Prism | 3

Contents

1: Introduction to the Prism Self-Service Portal.......................................5

NutanixManagementShare Storage Container.................................................................................... 5

2: Self-Service Portal Administration........................................................ 6

Prism Administrator Role..................................................................................................................... 6
Self-Service Administrator Role...........................................................................................................6
Performing Initial Configuration (Prism Administrator Task)................................................................7
Logging On As a Self-Service Administrator.......................................................................................8
Self-Service Portal Components..........................................................................................................8
Project Management............................................................................................................................ 9
Creating a Project..................................................................................................................... 9
Modifying a Project................................................................................................................. 10
Deleting a Project................................................................................................................... 10
VM Management................................................................................................................................10
Creating a VM.........................................................................................................................11
Updating a VM........................................................................................................................ 11
Performing VM Operations..................................................................................................... 12
Deleting a VM......................................................................................................................... 12
Assigning a VM to a Project Member.................................................................................... 12
User Management..............................................................................................................................12
Role Management..............................................................................................................................13
Creating a Role....................................................................................................................... 13
Updating a Role...................................................................................................................... 13
Deleting a Role....................................................................................................................... 13
Catalog Management.........................................................................................................................13
Adding a VM to the Catalog................................................................................................... 13
Adding an Image to the Catalog............................................................................................ 14
Removing an Item from the Catalog...................................................................................... 14
Image Management........................................................................................................................... 14
Creating an Image.................................................................................................................. 14
Deleting an Image...................................................................................................................15
Monitoring Resource Usage.............................................................................................................. 15
Task Management..............................................................................................................................15
Viewing the Status of a Task..................................................................................................15
Restarting a Failed Task......................................................................................................... 16

4
1
Introduction to the Prism Self-Service Portal
The Prism self-service portal (SSP) enables the consumers of IT infrastructure within an enterprise
individual users or teams such as development, test, and DevOpsto provision and manage virtual
machines in a self-service manner, without having to engage IT in day-to-day operations.
SSP is a part of AOS, requires AHV, and can use the resources provided by a single AHV cluster. SSP has
a separate user interface and authenticates its administrators and users by connecting to a single Active
Directory (AD) directory service. The Prism administrator delegates the responsibility of administering
the self-service portal to one or Active Directory users who are referred to as self-service administrators.
In SSP, the self-service administrators create and manage self-service projects for end-users, and they
manage various aspects of self-service such as user permissions, resource usage limits, and a catalog of
VM templates and disk images.
Active Directory users who are added to projects by self-service administrators log on to SSP and create
and manage only what they needvirtual machines.
SSP also reports infrastructure usage statistics per project, VM, and project member. The SSP
administrator can obtain insights such as which projects, VMs, and users consume the most resources and
which projects require fewer resources.

NutanixManagementShare Storage Container

AOS creates a new storage container named NutanixManagementShare for Nutanix clusters for use
with the Acropolis File Services and Self-Service Portal features. This storage container is used by AFS
and SSP for file storage, feature upgrades, and other feature operations. To ensure proper operation of
these features, do not delete this storage container. Nutanix also recommends that you do not delete the
NutanixManagementShare storage container even if you are not using these features.

Introduction to the Prism Self-Service Portal | Self-Service Portal Administration Guide | Prism | 5
2
Self-Service Portal Administration
While SSP is part of AOS and uses the same underlying infrastructure as Prism, SSP addresses a different
need. Prism enables infrastructure management. SSP enables end-users to consume that infrastructure
in a self-service manner. Accordingly, you can delineate the associated administrative responsibilities
into infrastructure administration responsibilities, which the Prism administrator retains, and self-service
administration responsibilities, which the Prism administrator delegates to an AD user or group (called self-
service administrators).

Prism Administrator Role

As the Prism administrator, you access SSP only to perform initial configuration tasks, which includes
designating one or more Active Directory users as self-service administrators. After initial configuration,
you hand off all portal administration tasks to the self-service administrator.
By using Prism, you must create the networks that project members need. You can use the Prism web
console to create VMs and images for use in SSP. SSP imports these entities during initial configuration. It
also imports any entities that are created in Prism after initial configuration.
Note: Self-service administrators too can create VMs and images in SSP, but they cannot create
networks.

Before you designate users as self-service administrators, you must fully understand the self-service
administrator's role and the extent of their privileges on entities in the cluster. Take note of the following
recommendations:
The portal allows self-service administrators the complete set of privileges required to manage the
VMs in the cluster, including the VMs that you and other Prism administrators create in Prism. Such
VMs are called infrastructure VMs in the self-service portal. The portal allows its administrators to
assign infrastructure VMs to project members, add them to the catalog, and delete them even if they
do not have administrative access to Prism. Consider these privileges when appointing self-service
administrators, and make sure you communicate to self-service administrators the need to exercise
caution when working with infrastructure VMs.
After you have designated a user as a self-service administrator, you cannot limit the user's privileges.
Therefore, if you plan to delegate self-service administration responsibilities to an AD group, be sure
that you want to delegate the responsibility to all the users in the group. If the user group is large or
includes users that must not have self-service administrator privileges, Nutanix recommends that you
create a separate AD group for the users to whom you want to delegate self-service administration
responsibilities.

Self-Service Administrator Role

As a self-service administrator, you perform the following tasks in SSP:
Create a project for each team that needs self-service and add AD users and groups to the projects.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 6

 Configure roles for project members and specify a role for each project (the role specified for a project
applies to all the members in that project).
Publish VM templates and images to the catalog.
Monitor resource usage by various projects and its VMs and members, and then adjust resource quotas
as necessary.
Optionally, create VMs and assign them to project members.

Caution: Exercise care when you are managing VMs in SSP. You have full access to all
VMs running on the Nutanix cluster, including VMs created by Prism administrators (called
infrastructure VMs in SSP). Be aware that SSP allows you to delete infrastructure VMs, which
might be running critical workloads.

Performing Initial Configuration (Prism Administrator Task)

During initial configuration, you import users and groups from an AD that is configured in Prism. If no AD
is configured in Prism, you must create a new AD connection from the initial configuration page. You also
designate an AD user or group to administer SSP.
To perform initial configuration, do the following:

1. Log on to SSP with the internal administrator credentials.

a. Log on to the Prism web console.

b. Click Self Service in the Home menu at the top-right corner of the web console.
The initial configuration page of SSP is displayed.

2. Do one of the following:

If AD connections are configured in Prism, select one from the list in the Select Directory Service
section of the page.
If the AD connection that you want to use is not configured in Prism and you want to create one for
SSP, create it in the Prism web console, return to the initial configuration screen of SSP, and then
select the AD from the list. You can create an AD connection from the initial configuration screen of
SSP only if no AD connections are configured in Prism.

If no AD connections are configured in Prism, specify a name, domain, directory URL, and
connection type in the Setup Directory Service section of the page.

3. In the Credentials section, in Username and Password, enter the credentials of an AD user account
that you can use to query the AD.
You are recommended to create and use an AD service account that does not correspond to a real
user.

4. Click Next.

5. In Assign Prism Self Service Admin, enter the name of the AD user or group that must administer
SSP.

6. Click Save.
The self-service portal associates self-service administration privileges with the AD users you
designated, and it imports the VMs, networks, and images that are configured in Prism. Only VMs,
networks, and images are imported. Prism users and other entities are not imported into SSP.
At this point in time, the self-service administrators that you appointed can log on to SSP by using their
AD credentials.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 7

 If you want to log on to SSP but do not have self-service administration privileges, you can use the
internal administrator credentials, admin . The password is the Prism administrator password.

Logging On As a Self-Service Administrator

If you have been identified as a self-service administrator, you can log on to SSP as an administrator after
the Prism administrator has completed the initial configuration of SSP.
To log on to SSP, do the following:

1. In a window of a supported browser, enter the SSP URL.

https://cvm_ip_address:9440/ssp/

Replace cvm_ip_address with a Controller VM IP address. If you have assigned the host a virtual IP
address, you can use the virtual IP address instead of a Controller VM IP address.

2. Log on to SSP with your AD user name and password.

Self-Service Portal Components

SSP offers a role-based view of its components. Self-service administrators have access to all of the
components listed below. A self-service user sees only the VMs in the projects to which you add the user.
The left navigation pane in the following figure shows the components in SSP:

Figure:

Projects
Lists the projects in SSP.
A project defines a set of AD users with a common set of requirements or a common structure and
function, such as a team of engineers collaborating on an engineering project. The project also
specifies the role to associate with its members, networks that they can use, and, optionally, usage
limits on infrastructure resources. You invite users to use SSP by adding them to a project.
VMs
Lists the VMs running on the clusterboth VMs that SSP imported from Prism and the VMs that SSP
users create.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 8

 On the VMs page, you can perform various VM-related tasks such as creating a VM for a project,
starting or stopping a VM, or changing VM ownership. A user must belong to a project to be able to
create a VM for that project, even if the user is the self-service administrator.
To enable a project member to use a VM, you can either change the ownership of the VM to the
project member or add the VM to the catalog in template form so that the user can use it to create a
VM.
Roles
Lists all created roles, including the built-in role, DevOps. The DevOps role has permissions to create,
view, update, and delete VMs, virtual NICs, and virtual disks, to clone VMs, and to perform power on
and power off operations on VMs.
On the Roles page, you can create and manage roles. A role defines a set of permissions for
performing VM operations. A single role is specified in each project and is applied to all the users in
the project.
SSP includes an internal administrator role (user name admin ) and a self-service administrator role
that is assigned to the self-service administrator during initial configuration. These roles are not
shown on the Roles page.
Users
Lists AD users that have been added to projects in SSP. The page also lists the internal administrator
user and self-service administrators.
Catalog
Lists the VM templates and images that you want to make available to self-service users.
Items in the catalog are available for users to choose from when creating VMs.
Images
Lists the disk and ISO images that you upload to SSP.
You can add images to the catalog.

Project Management
You create a project for each team that needs self-service and add users and groups to the projects.
You also add networks and optionally specify quotas for resource usage on the basis of the projects
infrastructure requirements.

Creating a Project
When creating a project, you can specify resource quotas for the project. A quota specifies a usage limit
on an infrastructure resource (compute, memory, or storage) for the project. Project members cannot use
more than the specified limit. A quota does not guarantee the project a certain amount of infrastructure
resources. Instead, it ensures that a single project or a small number of projects do not overrun the
infrastructure. If the Nutanix cluster runs out of a resource, project members might not be able to use
the resource even if the project has not reached its specified limit. However, if a project requires more
resources, you can increase its quota.
To create a project, do the following:

1. Click Projects in the left navigation, and then click Create Project.

2. Enter a name and a description for the project in General Settings.

3. Add users and a role by doing the following in the Users and Roles section:

a. Click User at the top-right corner of the Users and Roles section.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 9

 An empty row is displayed in the table

b. Enter the AD name of a user or group in the row, and then click Save.
Repeat this step for each user or group that you want to add.

c. In Role Type, select the role to apply to the users.

4. Specify the networks that project members can use by doing the following in the Network table:

a. In the Name column, select the networks to which members are allowed to add VMs.

b. In the Default column, select the default network for the project.
VMs created by project members have this network selected by default, but users can override the
default selection.

5. Optionally, select Quotas, and then specify usage limits for compute, storage, and memory in vCPUs,
Storage, and Memory, respectively.
If you do not specify a resource quota, no usage limit is applied on that resource. However, usage
statistics are collected even if you do not specify a quota.

6. Click Save.

Modifying a Project
To modify a project, do the following:

1. Click Projects in the left navigation, and then click the project that you want to modify.

2. Click Update Project.

3. Update the project as needed.

The Edit Project page includes the same fields as the Create Project page. See Creating a Project on
page 9.

4. Click Save.

Deleting a Project
You can delete a project after first removing any VMs and networks, in that order, from the project.
To delete a project, do the following:

1. Click Projects in the left navigation, and then click the project that you want to delete.

2. Click Delete.

VM Management
You are responsible for making VM templates available in the catalog and for assigning existing VMs
to project members. Additionally, like any self-service user, you can create and manage your own VMs.
You can also perform actions on infrastructure VMs (VMs created by Prism administrators in Prism), so
exercise caution when working with infrastructure VMs.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 10

 Even though you are a self-service administrator, you must add yourself to a project to be able to create a
VM for that project.

Creating a VM
To create a VM, do the following:

1. Click VMs in the left navigation, and then click Create VM.

2. Do one of the following in Image Type.

Click From VM Template if you want to create a VM from a template in the catalog, and then click
Next.
A VM template includes all the configuration information required to create a VM. You can use a
template to quickly deploy a VM without having to specify all configuration information.

Click From Disk Images if you want to create a VM from a mounted disk image, and then click
Next.
Disk images can be CD-ROM images such as installer ISO images or images of hard drives that
contain pre-installed applications and data. Disk images enable you to share data with other VMs,
but you need to specify configuration information to create the VM that will use the data.
The detail to be specified on the next page depends on your choice of image type.

3. Select a VM template or disk image, and then click Next.

4. On the Deployment Settings page, do the following:

a. Specify a name for the VM in Name.

b. In Target Project, select the project for which you want to create the VM.

c. Click New HDD or New CD at the top-right corner of the Disks table, and then specify a disk size in
the row that is added to the table.
Repeat this step until you have added all the hard disk drives and CD-ROMs that you want to add.

d. Optionally, in Network, select a network for the VM.

If your administrator has specified a default network for your project, that network is selected by
default. However, you can add networks or change the default selection.

e. Select Advanced Settings if you want to specify the compute and memory capacity of the VM, and
then specify the details in the text boxes that are displayed.

f. Click Save.

Updating a VM
To update a VM, do the following:

1. Click VMs in the left navigation, and then select the VM that you want to update.

2. In the Actions menu, click Update.

3. Update the VM as needed.

The Update VM page includes the same fields as the Create VM page.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 11

 4. Click Save.

Performing VM Operations
The actions that you can perform depend on the permissions that your administrator has associated with
your project role.
To perform a VM operation, do the following:

1. Click VMs in the left navigation, and then select the VM on which you want to perform an operation.
Some VM operations, such as power operations, can be performed on multiple VMs simultaneously. For
such operations, you can select multiple VMs.

2. In the Actions menu, do one of the following:

Click Power On to turn on the VM.
Click Power Off to turn off the VM.
Click Reset to reset the VM.
Click Launch Console to open a console to the VM.

Deleting a VM

To delete a VM, do the following:

1. Click VMs in the left navigation pane, and then select the VM that you want to delete.

2. In the Actions menu, click Delete.

Assigning a VM to a Project Member

A VM is assigned to a member within the scope of a particular project. You can assign a VM to only one
project member.
To assign a VM to a project member, do the following:

1. Click VMs in the left navigation, and then select the VM that you want to add to the catalog.

2. From the Actions menu, select Manage Ownership.

3. In Project Membership, select the project.

4. In VM Owner, enter the user name of the AD user to whom you want to assign the VM.

5. Click Save.

User Management
In this release, you cannot perform any management tasks on users imported from the Active Directory.
The Users page only lists the users in the directory service from which SSP authenticates users. However,
you can click a user name to view details about the user. The details include statistics and information
about project membership and owned VMs.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 12

Role Management
SSP includes a built-in user role named DevOps that you cannot update or delete. Use this role if you want
project members to have all VM management privileges available in SSP. If you want project members to
have only a subset of the privileges, create a role.

Creating a Role
To create a role, do the following:

1. Click Roles in the left navigation, and then click Create Role.

2. Enter a name and description for the role in Role Name and Description, respectively.

3. Turn the permissions in the Permissions table on or off, as required.

4. Click Save.

Updating a Role
To update a role, do the following:

1. Click Roles in the left navigation, and then click the role that you want to update.

2. In the Actions menu, click Update Role.

The Edit Role page includes the same fields as the Create Role page.

3. Make the changes that you want, and then click Save.

Deleting a Role
To delete a role, do the following:

1. Click Roles in the left navigation, and then click the role that you want to update.

2. In the Actions menu, click Delete.

Catalog Management
Catalog management tasks include adding VMs and disk images to the catalog so that users who have
permissions to create a VM can use them. Only self-service administrators can create and manage catalog
items.

Adding a VM to the Catalog

When you add a VM to the catalog, a snapshot of the VM is created. The snapshot is available to users
across all the projects in SSP. Users who have the requisite permissions can create VMs from the
snapshot. You can continue to use the VM or delete the VM after you add it to the catalog. These actions
do not affect the snapshot.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 13

 Before you begin: Nutanix recommends that you power off the VM before adding it to the catalog.
To add a VM to the catalog, do the following:

1. Click VMs in the left navigation, and then select the VM that you want to add to the catalog.

2. From the Actions menu, select Add to Catalog.

Adding an Image to the Catalog

Adding an image to the catalog makes the image available to self-service users who have permissions to
create VMs. A copy of the image is added to the catalog, so you can delete the image without affecting the
copy in the catalog.
To add an image to the catalog, do the following:

1. Click Images in the left navigation, and then select the image that you want to add to the catalog.

2. From the Actions menu, select Add Image to Catalog.

Removing an Item from the Catalog

Images and VMs removed from a catalog makes those items unavailable to project members.
To remove an item from the catalog, do the following:

1. Click Catalog Items in the left navigation, and then select the item that you want to remove from the
catalog.

2. In the Actions menu, click Delete Catalog Item.

Image Management
You can upload disk images and ISO images to SSP. Users can select an image from the catalog when
creating VMs.

Creating an Image
You can upload an image from your workstation or download an image to the cluster by providing a URL.
To create an image, do the following:

1. Click Images in the left navigation, and then click Create Image.

2. Specify a name and description for the image in Image Name and Description, respectively.

3. Do one of the following in Image Sources:

Click From URL if you want to specify the URL of the image file.
Click From File if you want to upload the image from your workstation, and then click New Image
Source. Browse to the image file and double-click it.

4. Click Save.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 14

Deleting an Image

To delete an image, do the following:

1. Click Images in the left navigation, and then select the image that you want to delete.

2. In the Actions menu, click Delete.

Monitoring Resource Usage

You can use SSP to monitor resources used by various projects, VMs, and project members.
To monitor resource usage by various projects, VMs, and users, do the following:

Click Projects in the left navigation pane and view the Total vCPU Usage, Total Memory Usage, and
Total Storage Usage indicators above the projects table. The indicators show the total resource usage
by all the projects in SSP.

View per-project resource usage in the projects table.

Click the name of a project in the projects table and view resource usage by the members and VMs in
the project.
Click the Summary tab and view project statistics, top five users by resource allocation, and top five
VMs by resource allocation.
Click the Usage tab and view the vCPU count, memory usage in bytes, and storage usage in bytes.
Click the VMs tab and view information about resource consumption by the VMs in the project.
Click the Users tab and view information about resource consumption by project members.

Task Management
Actions such as creating of a VM or updating a role are converted to tasks that you can track on a task
status page. If a task fails, you can correct the configuration and restart the task from the task status page.

Viewing the Status of a Task

To view the status of a task, do the following:

1. Click the Recent Actions menu at the top-left corner of the user interface.
The menu shows recent actions.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 15

 Figure: Recent Actions Menu

2. Click View All Recent Actions to view the status of all tasks.

Restarting a Failed Task

To restart a failed task, do the following:

1. Select the task on the task status page.

2. From the Actions menu, click Update.

3. Identify and resolve any issues on the configuration page that appears, and then click Save.

Self-Service Portal Administration | Self-Service Portal Administration Guide | Prism | 16