You complete the Provider VM configuration in the Data Management for VMware Tanzu Provider console.

Step 1: Satisfy the Prerequisites
Step 2: Create an Organization
Step 3: Choose the user identity source, and configure an Organization Administrator user
Step 4: Configure access to database templates and software updates
Step 5: (Optional) Configure other settings
Step 6: Define a VM Plan
Step 7: Publish a database template
Step 8: Validate Provider Readiness for Onboarding

Audience

The procedures in this topic are performed by a Data Management for VMware Tanzu user in the Provider Administrator role.

Step 1: Prerequisites

Before you begin configuring the Provider, ensure that:

  • You have installed and configured all the Hardware and Software Requirements.

  • You can identify your Data Management for VMware Tanzu Provider Administrator console login credentials. These are the Provider email and Provider password specified when you deployed the Provider VM.

  • You can identify the IP address of the Provider VM.

You must perform these tasks on a host that can access the Provider VM.

Step 2: Creating an Organization

An Organization is a logical grouping of users. The Provider Administrator adds an Organization in the Data Management for VMware Tanzu UI.

When the Provider Administrator adds an Organization, they must identify the VM Configuration Mode available to users in the Organization. The VM Configuration Mode identifies how Data Management for VMware Tanzu determines the vCPU and memory resources initially available to a provisioned database VM. Data Management for VMware Tanzu supports two modes of vCPU and memory resource configuration when a user in the Organization provisions a database:

  • Free Mode - The provisioning user specifies the vCPU and memory settings for the database VM.
  • Plans Mode - The vCPU and memory settings for the database VM are constrained by the currently configured VM plans (named, pre-defined combinations of compute and memory resources), one of which must be selected by the provisioning user.

Plans Mode requires that you define at least one VM plan for the Data Management for VMware Tanzu installation (described in Step 6: Defining an VM Plan). No additional configuration is required on your part for Free Mode.

Procedure

Perform the following procedure to add an Organization to your Data Management for VMware Tanzu installation:

  1. Open a browser window, and enter the Provider VM IP address.

  2. Provide your credentials to log in to the Data Management for VMware Tanzu console.

  3. Select Organizations from the left navigation pane.

    This action displays the Organizations view, a table that lists the configured organizations.

  4. Click CREATE ORGANIZATION in the upper right corner of the view.

    This action opens the Create Organization form.

  5. Specify the Organization Name, company Email address, and DB FQDN Suffix. The organization name must be unique.

  6. Select the desired service VM Configuration Mode for the organization.

  7. Click ADD to create the organization.

    The new organization is added to the table.

Step 3: Choosing the User Identity Source and Configuring an Organization Administrator User

Data Management for VMware Tanzu user accounts can originate from two different identity sources: the Provider local database (Local user) and a configured LDAP server (LDAP user). Data Management for VMware Tanzu manages Local users and LDAP users independently and differently.

You can choose to use one, or both, identity sources in your Data Management for VMware Tanzu installation. For deployment, you must choose the identity source for an Organization Administrator user to manage the Organization that you created in Step 2. An Organization Administrator user has administrative privileges within an Organization, and is permitted to manage and monitor any service provisioned within the org.

Creating an Organization Administrator Local User

The Provider Administrator adds an Organization Administrator Local user in the Data Management for VMware Tanzu UI, identifying the user's name, email address, password, and role. The Provider Administrator must also specify the Organization to which the user belongs.

Be sure to assign the Organization Administrator user the Admin role.

Procedure

Perform the following procedure to add an Organization Administrator Local user to your Data Management for VMware Tanzu installation:

  1. Navigate to Users in the left pane.

    This action displays the Users view, a table that lists the configured users.

  2. Click CREATE USER in the upper right corner of the view.

    This action opens the Add User form.

  3. Set the following properties for this new Organization Administrator Local user:

    Property Name Value
    First name The first name of the user.
    Last name The last name of the user.
    Organization The organization to which to assign the user; use the drop-down list to select the organization that you just created.
    Email id The email address of the user. This is the user's login username in the Data Management for VMware Tanzu console.
    Role The user's role in the organization; click the checkbox to assign the Admin role to this user.
    Password The password for the user. This is the user's login password in the Data Management for VMware Tanzu console.
    Confirm Password Enter the password a second time.
    Contact Number The contact number for the user. Optional.

  4. Click ADD

    The new Local user is added to the table.

Configuring an LDAP Server

You can integrate Data Management for VMware Tanzu with an external identity provider and import those users into an organization. The integration with Lightweight Directory Access Protocol (LDAP) enables an organization to use its existing LDAP service as a user source for Data Management for VMware Tanzu.

To take advantage of this LDAP integration, you must configure an LDAP server for your Data Management for VMware Tanzu installation. This server becomes the single LDAP user source for all organizations that are configured in Data Management for VMware Tanzu.

Prerequisites

Before you configure an LDAP server, ensure that you can identify the server host address, domain, and the user name and password of a read-only service user.

The LDAP endpoint must be resolvable by the DNS server specified at the time of Provider VM deployment.

Procedure

Perform the following procedure to configure an LDAP server:

  1. Select Settings from the left navigation pane.

    This actions displays the Settings view, Information pane.

  2. Select the LDAP Settings tab to view and configure/update the LDAP settings.

  3. Set the LDAP properties:

    Property Name Value Required?
    Host Address The hostname or IP address of the LDAP server. Required
    Port The port number on which the LDAP server is listening. For LDAP, the default port number is 389. For LDAPS, the default port number is 636.
    Username The ID of a read-only user in the domain. Required
    Password The password of the user who is specified by Username. Required
    Domain The FQDN of the domain. Required
    Base Dn The base distinguished name identifies the location in the LDAP directory from which to start user searches. The default behaviour is for search to start from the root DN.
    Search Filter The filter that defines the criteria to restrict access. The default value is (&(objectClass=user)).
    Login Attribute The LDAP attribute to map to the Data Management for VMware Tanzu Email Id. The default value is userPrincipalName.
    Firstname Attribute The LDAP attribute to map to the Data Management for VMware Tanzu First Name.
    Lastname Attribute The LDAP attribute to map to the Data Management for VMware Tanzu Last Name.
    TLS Enabled Check this box if your server is using LDAPS. Required

  4. Click SAVE or UPDATE to apply the LDAP settings.

  5. In the Trust LDAP Certificate dialog box, click CONTINUE.

    Data Management for VMware Tanzu validates the LDAP settings that you provide, and returns an error if validation fails.

    Note: It may take a few minutes for Data Management for VMware Tanzu to synchronize with LDAP.

Importing Provider Administrators from LDAP

You can import users from a previously-configured LDAP identity provider and assign them the Provider Administrator role in Data Management for VMware Tanzu. You can configure the LDAP group-to-role mapping after Provider organization creation as described in the procedure below.

Procedure

Perform the following procedure to import users from LDAP and assign them the Provider Administrator role:

  1. Select Organizations from the left navigation pane.

    This action displays the Organizations view, a table that lists the configured organizations.

  2. Click in the row of the organization into which you want to import LDAP users.

    The Details tab appears.

  3. Click EDIT in the Organization Information section of the Details tab.

    The Update Organization dialog box appears.

  4. Specify the LDAP group to Data Management for VMware Tanzu role mapping:

    Property Name Value
    Provider Groups The LDAP groups whose users you want Data Management for VMware Tanzu to assign the Provider Administrator role.

  5. Click UPDATE.

    Data Management for VMware Tanzu associates the LDAP users in the specified groups to the Provider Administrator roles in the organization.. These users can now log in to the Data Management for VMware Tanzu console using their LDAP credentials.

Importing Organization Users from LDAP

You can import users from a previously-configured LDAP identity provider and assign them the Organization Administrator role in a Data Management for VMware Tanzu Agent organization. You can configure the LDAP group-to-role mapping after Agent organization creation as described in the procedure below.

Procedure

Perform the following procedure to import users from LDAP and assign them the Organization Administrator role:

  1. Select Organizations from the left navigation pane.

    This action displays the Organizations view, a table that lists the configured organizations.

  2. Click in the row of the organization into which you want to import LDAP users.

    The Details tab appears.

  3. Click EDIT in the Organization Information section of the Details tab.

    The Update Organization dialog box appears.

  4. Specify the LDAP group to Data Management for VMware Tanzu role mapping:

    Property Name Value
    Admin Groups The LDAP groups whose users you want Data Management for VMware Tanzu to assign the Organization Administrator role in the organization.
    User Groups The LDAP groups whose users you want Data Management for VMware Tanzu to assign the Organization User role in the organization.

  5. Click UPDATE.

    Data Management for VMware Tanzu associates the LDAP users in the specified groups to the Organization Administrator and Organization User roles in the organization.. These users can now log in to the Data Management for VMware Tanzu console using their LDAP credentials.

Step 4: Configuring Access to Database Templates and Software Updates

VMware releases certified Data Management for VMware Tanzu database templates and software updates to Tanzu Network.

The Provider requires access to an S3-compatible object store and Tanzu Network to automatically obtain and locally store database templates and software updates:

Setting Name Description
Provider Repo S3-compatible object store that Data Management for VMware Tanzu uses to store local copies of available database templates and software updates.
Tanzu Net Token Tanzu Network UAA API TOKEN that you generate from a Tanzu Network account.

Data Management for VMware Tanzu saves a local copy of each database template and software update that it downloads from Tanzu Network to the Provider Repo.

After you configure both the Provider Repo and Tanzu Net Token, it may take about ten minutes for available database templates to propagate to the Provider.

Note: If you are deploying Data Management for VMware Tanzu in an air-gapped environment (an environment with no internet connectivity), refer to Manually Populating Database Templates and Updates for the information required to manually populate these objects in the Provider Repo.

Procedure

Perform the following procedure to configure the Provider object storage repository and the Tanzu Network refresh token:

  1. Select Settings from the left navigation pane.

    This action displays the Settings view, which includes tabs for Information, Storage Settings, SMTP Settings, and LDAP Settings.

  2. Locate and select the Storage Settings tab.

  3. Examine the External Storage pane, locate the Provider Repo Url row, and click Add configuration in the Status column.

    This action opens the Configure Settings form.

  4. Set the following properties for the Provider repository:

    Property Name Value
    Setting Type The name of the object store setting - Provider Repo Url. (Read-only)
    Storage Type Select the type of storage from the drop-down list. You can choose S3_COMPATIBLE_STORAGE or AWS.
    AWS Region If you selected the AWS storage type, specify the AWS region for the object store.
    Storage URL1 The URL to the object store. If you do not specify the protocol, Data Management for VMware Tanzu assumes it to be https.
    Access Key The access key for the object store.
    Secret Key The secret key for the object store.
    Bucket Name The name of the bucket.

    1 If you selected the AWS Storage Type, refer to the Amazon Simple Storage Service documentation describing the URL endpoints for specific regions.

    1. Click SAVE to save the Provider Repo object storage settings.

  5. Locate the Tanzu Net Token pane, Refresh Token row, click the three vertical dots in the Action column, and select Add from the pop up menu.

    The Add Refresh Token dialog box appears.

  6. Enter your Tanzu Network UAA API TOKEN in the field provided, and then click SAVE.

    Note: Data Management for VMware Tanzu begins to download the database templates and software updates. The time that this takes to complete is dependent upon the number of objects and the network latency between the Provider VM and Tanzu Network.

Step 5: Configuring Other Settings

While these tasks are not required for deployment, you may choose to configure other settings for your Data Management for VMware Tanzu installation at this time:

Step 6: Defining an VM Plan

An VM plan is a named, pre-defined combination of compute and memory resources. When you configure an VM plan, you provide a name, a number vCPUs, and a memory amount in GBs.

If you chose Plans Mode when you configured the Organization, you must define one or more VM plans that a user can choose from to specify the resources allotted to a provisioned database VM.

Note: This configuration step is not required for Organizations that you configured to use the Free Mode service VM Configuration Mode.

Procedure

Perform the following procedure to define a new VM plan:

  1. Select VM Plans from the left navigation pane.

    This action displays the VM Plans view, a table that lists the configured VM plans.

  2. Click ADD NEW VM PLAN in the upper right corner of the view.

    This action opens the Add VM Plan form.

  3. Set the desired resource configuration properties:

    Property Name Value
    Plan name The name of the VM plan.
    vCPU The number of vCPU cores to assign to a provisioned database VM.
    Memory The amount of memory (in GBs) to allocate to a provisioned database VM.

  4. Click ADD.

    The new VM plan is added to the table.

Step 7: Publishing a Database Template

Configuring the Provider Repo and Tanzu Net Token in Step 4: Configuring Access to Database Templates and Updates prompts Data Management for VMware Tanzu to automatically pull VMware-certified database templates and make them available to the installation.

Publishing a database template makes a specific version of a service available for provisioning. For example, a database template may exist for PostgreSQL version 11.8.

You must publish at least one database template before users can provision a database, and any database template that you publish becomes available to all users in all organizations.

Procedure

Perform the following procedure to publish a database template:

  1. Select Database Templates from the left navigation pane.

    This action displays the Database Templates view.

  2. Examine the database templates listed in the table, identify the database template that you wish to publish, and navigate to that table row.

  3. Click on the Action column value, and select Publish from the pop-up menu.

    The Publish Template dialog box appears.

  4. Click CONFIRM.

    Note: Publishing a database template may take some time.

  5. Monitor the status of the publish operation.

    If the operation completes successfully, the database template's Status in the table changes to PUBLISHED.

Step 8: Validating Provider Readiness for Onboarding

The version of a Agent onboarded with Data Management for VMware Tanzu must be compatible with the version of the Provider. At initial deployment, Data Management for VMware Tanzu cannot determine this compatibility until after database templates are downloaded to the Provider Repo.

You can validate Provider readiness for onboarding by viewing the Agent Onboarding State. The Agent Onboarding State table, located in the Settings view, Storage Settings tab, displays the following information:

  • The Agent Min Version identifies the minimum Agent version number supported by the Provider.
  • The Agent Max Version identifies the maximum Agent version number supported by the Provider.
  • The Status column identifies the status of Provider readiness for onboarding.

A Ready to onboard Status indicates that the Provider is ready and prepared to accept onboarding requests for new Agents (whose version is within the specified mininum-maximum range).

Also ensure that you perform the following validation steps:

  1. From the left navigation pane, select System Audit.

  2. Set System Audit Events per page (at the bottom of the table) as 100.

  3. For the DMS RELEASE Component, ensure that the Event Type is DMS LOAD RELEASES and the Event Details is DMS Release N.N.N processed successfully, where N.N.N represents the current release of Data Management for VMware Tanzu.

    Note: You can click the column headers to arrange the rows in alphabetic order.

Next Steps

You have completed the required minimal configuration of the Provider. Next:

  • Provide the following information to the Organization Administrator user:

    • The Data Management for VMware Tanzu URL (i.e. the Provider VM IP address).
    • The Local user's login credentials to the Data Management for VMware Tanzu console, or instruct the user to log in with their LDAP creds.

  • You may choose to log in to Data Management for VMware Tanzu and access the provider console to begin monitoring and managing the environment.

check-circle-line exclamation-circle-line close-line
Scroll to top icon