In VMware Cloud Director, once the provider allows tenant access control on the user's own API token, the tenant generates an API token for use in VMware Cloud Director Availability instead of the local user for pairing, re-pairing and removing pairing of an on-premises to a cloud site.

Note: With version 10.4.1, VMware Cloud Director started the deprecation process for local users. VMware Cloud Director continues to fully support the use of local users while they are under deprecation. For more information, see the VMware Cloud Director 10.4.1 Release Notes.

Due to the upcoming deprecation of local users, pairing, re-pairing and removing pairing of an on-premises to a Cloud Director site can also be performed with an API token from VMware Cloud Director. Local users can still be used for these procedures, as long as they are available in VMware Cloud Director.

By default, in VMware Cloud Director the tenants cannot generate API tokens. The provider must first allow the tenant to generate an API token in VMware Cloud Director that can be then used in VMware Cloud Director Availability for pairing, re-pairing and removing pairing.

For information about the API tokens, see Generate an API Access Token Using Your VMware Cloud Director Service Provider Admin Portal in the VMware Cloud Director documentation.

Prerequisites

  • Verify that the version of VMware Cloud Director is 10.4.1 or later.
  • Verify that the version of VMware Cloud Director Availability is 4.7 or later.
  • Verify that to allow tenant access control on the user's own API token, you can access VMware Cloud Director as a System Administrator user.

Procedure

  1. Login in VMware Cloud Director as a System Administrator user then click the Administration tab.
  2. In the left pane, under Tenant Access Control click Rights Bundles.
  3. On the Rights Bundles page, click Add.
  4. In the Add Rights Bundle window, configure the following right in the bundle then click Save.
    1. Enter a Name and optionally a Description.
    2. Activate the Show implied rights toggle.
    3. Under Access Control expand the User section.
    4. Activate the Manage User's own API token check box.
  5. To publish the new right to all tenant users, select the new bundle and click Publish.
  6. Logout, then log back in VMware Cloud Director as a the tenant user to be used for the pairing later.
  7. In the top right corner of the navigation bar, click your tenant User Name then select User preferences.
  8. Under the API Tokens section, click New.
  9. In the Generate General Token window, create a general token for the currently logged tenant user.
    1. Enter a Client Name for the token.
    2. Click Create.
      You see Please wait followed by Your token was generated successfully message.
    3. Click Copy then store the token because it appears only once.
    4. Once you store the token, click OK.
      Note: After you click OK, you cannot retrieve this token again, you can only revoke it.

      Once used for pairing, the token is not stored anywhere in VMware Cloud Director Availability and you can revoke it without affecting the pairing.

      For future pairing, re-pairing, or removing paring, once revoked, a new token must be generated in VMware Cloud Director and provided to VMware Cloud Director Availability.

Results

The token in your clipboard is ready for using in VMware Cloud Director Availability.

What to do next

You can use this user token to pair, re-pair, or unpair the on-premises site with a cloud site. For information about the pairing procedures for this token, see the Manage an on-premises site pairing with a Cloud Director site section.