Documente Academic
Documente Profesional
Documente Cultură
Acropolis 5.0
03-Feb-2017
Notice
Copyright
Copyright 2017 Nutanix, Inc.
Nutanix, Inc.
1740 Technology Drive, Suite 150
San Jose, CA 95110
All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. Nutanix is a trademark of Nutanix, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
License
The provision of this software to you does not grant any licenses or other rights under any Microsoft
patents with respect to anything other than the file server implementation portion of the binaries for this
software, including no licenses or any other rights in any hardware or any devices or software that are used
to communicate with or in connection with this software.
Conventions
Convention Description
user@host$ command The commands are executed as a non-privileged user (such as nutanix)
in the system shell.
root@host# command The commands are executed as the root user in the vSphere or Acropolis
host shell.
> command The commands are executed in the Hyper-V host shell.
Version
Last modified: February 3, 2017 (2017-02-03 14:30:17 GMT-8)
4
1
Introduction to the Prism Self-Service Portal
The Prism self-service portal (SSP) enables the consumers of IT infrastructure within an enterprise
individual users or teams such as development, test, and DevOpsto provision and manage virtual
machines in a self-service manner, without having to engage IT in day-to-day operations.
SSP is a part of AOS, requires AHV, and can use the resources provided by a single AHV cluster. SSP has
a separate user interface and authenticates its administrators and users by connecting to a single Active
Directory (AD) directory service. The Prism administrator delegates the responsibility of administering
the self-service portal to one or Active Directory users who are referred to as self-service administrators.
In SSP, the self-service administrators create and manage self-service projects for end-users, and they
manage various aspects of self-service such as user permissions, resource usage limits, and a catalog of
VM templates and disk images.
Active Directory users who are added to projects by self-service administrators log on to SSP and create
and manage only what they needvirtual machines.
SSP also reports infrastructure usage statistics per project, VM, and project member. The SSP
administrator can obtain insights such as which projects, VMs, and users consume the most resources and
which projects require fewer resources.
Introduction to the Prism Self-Service Portal | Self-Service Portal Administration Guide | Prism | 5
2
Self-Service Portal Administration
While SSP is part of AOS and uses the same underlying infrastructure as Prism, SSP addresses a different
need. Prism enables infrastructure management. SSP enables end-users to consume that infrastructure
in a self-service manner. Accordingly, you can delineate the associated administrative responsibilities
into infrastructure administration responsibilities, which the Prism administrator retains, and self-service
administration responsibilities, which the Prism administrator delegates to an AD user or group (called self-
service administrators).
Before you designate users as self-service administrators, you must fully understand the self-service
administrator's role and the extent of their privileges on entities in the cluster. Take note of the following
recommendations:
The portal allows self-service administrators the complete set of privileges required to manage the
VMs in the cluster, including the VMs that you and other Prism administrators create in Prism. Such
VMs are called infrastructure VMs in the self-service portal. The portal allows its administrators to
assign infrastructure VMs to project members, add them to the catalog, and delete them even if they
do not have administrative access to Prism. Consider these privileges when appointing self-service
administrators, and make sure you communicate to self-service administrators the need to exercise
caution when working with infrastructure VMs.
After you have designated a user as a self-service administrator, you cannot limit the user's privileges.
Therefore, if you plan to delegate self-service administration responsibilities to an AD group, be sure
that you want to delegate the responsibility to all the users in the group. If the user group is large or
includes users that must not have self-service administrator privileges, Nutanix recommends that you
create a separate AD group for the users to whom you want to delegate self-service administration
responsibilities.
Caution: Exercise care when you are managing VMs in SSP. You have full access to all
VMs running on the Nutanix cluster, including VMs created by Prism administrators (called
infrastructure VMs in SSP). Be aware that SSP allows you to delete infrastructure VMs, which
might be running critical workloads.
b. Click Self Service in the Home menu at the top-right corner of the web console.
The initial configuration page of SSP is displayed.
If no AD connections are configured in Prism, specify a name, domain, directory URL, and
connection type in the Setup Directory Service section of the page.
3. In the Credentials section, in Username and Password, enter the credentials of an AD user account
that you can use to query the AD.
You are recommended to create and use an AD service account that does not correspond to a real
user.
4. Click Next.
5. In Assign Prism Self Service Admin, enter the name of the AD user or group that must administer
SSP.
6. Click Save.
The self-service portal associates self-service administration privileges with the AD users you
designated, and it imports the VMs, networks, and images that are configured in Prism. Only VMs,
networks, and images are imported. Prism users and other entities are not imported into SSP.
At this point in time, the self-service administrators that you appointed can log on to SSP by using their
AD credentials.
Replace cvm_ip_address with a Controller VM IP address. If you have assigned the host a virtual IP
address, you can use the virtual IP address instead of a Controller VM IP address.
Figure:
Projects
Lists the projects in SSP.
A project defines a set of AD users with a common set of requirements or a common structure and
function, such as a team of engineers collaborating on an engineering project. The project also
specifies the role to associate with its members, networks that they can use, and, optionally, usage
limits on infrastructure resources. You invite users to use SSP by adding them to a project.
VMs
Lists the VMs running on the clusterboth VMs that SSP imported from Prism and the VMs that SSP
users create.
Project Management
You create a project for each team that needs self-service and add users and groups to the projects.
You also add networks and optionally specify quotas for resource usage on the basis of the projects
infrastructure requirements.
Creating a Project
When creating a project, you can specify resource quotas for the project. A quota specifies a usage limit
on an infrastructure resource (compute, memory, or storage) for the project. Project members cannot use
more than the specified limit. A quota does not guarantee the project a certain amount of infrastructure
resources. Instead, it ensures that a single project or a small number of projects do not overrun the
infrastructure. If the Nutanix cluster runs out of a resource, project members might not be able to use
the resource even if the project has not reached its specified limit. However, if a project requires more
resources, you can increase its quota.
To create a project, do the following:
1. Click Projects in the left navigation, and then click Create Project.
3. Add users and a role by doing the following in the Users and Roles section:
a. Click User at the top-right corner of the Users and Roles section.
b. Enter the AD name of a user or group in the row, and then click Save.
Repeat this step for each user or group that you want to add.
4. Specify the networks that project members can use by doing the following in the Network table:
a. In the Name column, select the networks to which members are allowed to add VMs.
b. In the Default column, select the default network for the project.
VMs created by project members have this network selected by default, but users can override the
default selection.
5. Optionally, select Quotas, and then specify usage limits for compute, storage, and memory in vCPUs,
Storage, and Memory, respectively.
If you do not specify a resource quota, no usage limit is applied on that resource. However, usage
statistics are collected even if you do not specify a quota.
6. Click Save.
Modifying a Project
To modify a project, do the following:
1. Click Projects in the left navigation, and then click the project that you want to modify.
4. Click Save.
Deleting a Project
You can delete a project after first removing any VMs and networks, in that order, from the project.
To delete a project, do the following:
1. Click Projects in the left navigation, and then click the project that you want to delete.
2. Click Delete.
VM Management
You are responsible for making VM templates available in the catalog and for assigning existing VMs
to project members. Additionally, like any self-service user, you can create and manage your own VMs.
You can also perform actions on infrastructure VMs (VMs created by Prism administrators in Prism), so
exercise caution when working with infrastructure VMs.
Creating a VM
To create a VM, do the following:
1. Click VMs in the left navigation, and then click Create VM.
Click From Disk Images if you want to create a VM from a mounted disk image, and then click
Next.
Disk images can be CD-ROM images such as installer ISO images or images of hard drives that
contain pre-installed applications and data. Disk images enable you to share data with other VMs,
but you need to specify configuration information to create the VM that will use the data.
The detail to be specified on the next page depends on your choice of image type.
b. In Target Project, select the project for which you want to create the VM.
c. Click New HDD or New CD at the top-right corner of the Disks table, and then specify a disk size in
the row that is added to the table.
Repeat this step until you have added all the hard disk drives and CD-ROMs that you want to add.
e. Select Advanced Settings if you want to specify the compute and memory capacity of the VM, and
then specify the details in the text boxes that are displayed.
f. Click Save.
Updating a VM
To update a VM, do the following:
1. Click VMs in the left navigation, and then select the VM that you want to update.
Performing VM Operations
The actions that you can perform depend on the permissions that your administrator has associated with
your project role.
To perform a VM operation, do the following:
1. Click VMs in the left navigation, and then select the VM on which you want to perform an operation.
Some VM operations, such as power operations, can be performed on multiple VMs simultaneously. For
such operations, you can select multiple VMs.
Deleting a VM
1. Click VMs in the left navigation pane, and then select the VM that you want to delete.
1. Click VMs in the left navigation, and then select the VM that you want to add to the catalog.
4. In VM Owner, enter the user name of the AD user to whom you want to assign the VM.
5. Click Save.
User Management
In this release, you cannot perform any management tasks on users imported from the Active Directory.
The Users page only lists the users in the directory service from which SSP authenticates users. However,
you can click a user name to view details about the user. The details include statistics and information
about project membership and owned VMs.
Creating a Role
To create a role, do the following:
1. Click Roles in the left navigation, and then click Create Role.
2. Enter a name and description for the role in Role Name and Description, respectively.
4. Click Save.
Updating a Role
To update a role, do the following:
1. Click Roles in the left navigation, and then click the role that you want to update.
3. Make the changes that you want, and then click Save.
Deleting a Role
To delete a role, do the following:
1. Click Roles in the left navigation, and then click the role that you want to update.
Catalog Management
Catalog management tasks include adding VMs and disk images to the catalog so that users who have
permissions to create a VM can use them. Only self-service administrators can create and manage catalog
items.
1. Click VMs in the left navigation, and then select the VM that you want to add to the catalog.
1. Click Images in the left navigation, and then select the image that you want to add to the catalog.
1. Click Catalog Items in the left navigation, and then select the item that you want to remove from the
catalog.
Image Management
You can upload disk images and ISO images to SSP. Users can select an image from the catalog when
creating VMs.
Creating an Image
You can upload an image from your workstation or download an image to the cluster by providing a URL.
To create an image, do the following:
1. Click Images in the left navigation, and then click Create Image.
2. Specify a name and description for the image in Image Name and Description, respectively.
4. Click Save.
1. Click Images in the left navigation, and then select the image that you want to delete.
Click Projects in the left navigation pane and view the Total vCPU Usage, Total Memory Usage, and
Total Storage Usage indicators above the projects table. The indicators show the total resource usage
by all the projects in SSP.
Click the name of a project in the projects table and view resource usage by the members and VMs in
the project.
Click the Summary tab and view project statistics, top five users by resource allocation, and top five
VMs by resource allocation.
Click the Usage tab and view the vCPU count, memory usage in bytes, and storage usage in bytes.
Click the VMs tab and view information about resource consumption by the VMs in the project.
Click the Users tab and view information about resource consumption by project members.
Task Management
Actions such as creating of a VM or updating a role are converted to tasks that you can track on a task
status page. If a task fails, you can correct the configuration and restart the task from the task status page.
1. Click the Recent Actions menu at the top-left corner of the user interface.
The menu shows recent actions.
2. Click View All Recent Actions to view the status of all tasks.
3. Identify and resolve any issues on the configuration page that appears, and then click Save.