You complete the Provider VM configuration in the VMware Data Services Manager Provider console.
Step 1: Satisfy the Prerequisites
Step 2: Login to VMware Data Services Manager
Step 3: Create an Organization
Step 4: Choose the user identity source, and configure an Organization Administrator user
Step 5: Configure access to database templates and software updates
Step 6: (Optional) Configure other settings
Step 7: Define a VM Plan
Step 8: Publish a database template
Step 9: Validate Provider Readiness for Onboarding
The procedures in this topic are performed by a VMware Data Services Manager user in the Provider Administrator role.
Before you begin configuring the Provider, ensure that:
You must perform these tasks on a host that can access the Provider VM.
Perform the following procedure to log in to VMware Data Services Manager:
Open a browser window, and enter the Provider VM IP address.
Provide your credentials to log in to the VMware Data Services Manager console.
An Organization is a logical grouping of users. The Provider Administrator adds an Organization in the VMware Data Services Manager UI.
When the Provider Administrator adds an Organization, they must identify the VM Configuration Mode available to users in the Organization. The VM Configuration Mode identifies how VMware Data Services Manager determines the vCPU and memory resources initially available to a provisioned database VM. VMware Data Services Manager supports two modes of vCPU and memory resource configuration when a user in the Organization provisions a database:
Plans Mode requires that you define at least one VM plan for the VMware Data Services Manager installation (described in Step 7: Defining a VM Plan). No additional configuration is required on your part for Free Mode.
Perform the following procedure to add an Organization to your VMware Data Services Manager installation:
After logging in to VMware Data Services Manager, select Organizations from the left navigation pane.
This action displays the Organizations view, a table that lists the configured organizations.
Click CREATE ORGANIZATION in the upper right corner of the view.
This action opens the Create Organization form.
Specify the Organization Name, company Email address, and DB FQDN Suffix. The organization name must be unique.
Select the desired service VM Configuration Mode for the organization.
Click ADD to create the organization.
The new organization is added to the table.
VMware Data Services Manager user accounts can originate from two different identity sources: the Provider local database (Local user) and a configured LDAP server (LDAP user). VMware Data Services Manager manages Local users and LDAP users independently and differently.
You can choose to use one, or both, identity sources in your VMware Data Services Manager installation. For deployment, you must choose the identity source for an Organization Administrator user to manage the Organization that you created in Step 2. An Organization Administrator user has administrative privileges within an Organization, and is permitted to manage and monitor any service provisioned within the org.
The Provider Administrator adds an Organization Administrator Local user in the VMware Data Services Manager UI, identifying the user's name, email address, password, and role. The Provider Administrator must also specify the Organization to which the user belongs.
Be sure to assign the Organization Administrator user the Admin role.
Perform the following procedure to add an Organization Administrator Local user to your VMware Data Services Manager installation:
Navigate to Users in the left pane.
This action displays the Users view, a table that lists the configured users.
Click CREATE USER in the upper right corner of the view.
This action opens the Add User form.
Set the following properties for this new Organization Administrator Local user:
Property Name | Value |
---|---|
First name | The first name of the user. |
Last name | The last name of the user. |
Organization | The organization to which to assign the user; use the drop-down list to select the organization that you just created. |
Email id | The email address of the user. This is the user's login username in the VMware Data Services Manager console. |
Role | The user's role in the organization; click the checkbox to assign the Admin role to this user. |
Password | The password for the user. This is the user's login password in the VMware Data Services Manager console. |
Confirm Password | Enter the password a second time. |
Contact Number | The contact number for the user. Optional. |
Click ADD
The new Local user is added to the table.
You can integrate VMware Data Services Manager with an external identity provider and import those users into an organization. The integration with Lightweight Directory Access Protocol (LDAP) enables an organization to use its existing LDAP service as a user source for VMware Data Services Manager.
To take advantage of this LDAP integration, you must configure an LDAP server for your VMware Data Services Manager installation. This server becomes the single LDAP user source for all organizations that are configured in VMware Data Services Manager.
Before you configure an LDAP server, ensure that you can identify the server host address, domain, and the user name and password of a read-only service user.
The LDAP endpoint must be resolvable by the DNS server specified at the time of Provider VM deployment.
Perform the following procedure to configure an LDAP server:
Select Settings from the left navigation pane.
This actions displays the Settings view, Information pane.
Select the LDAP Settings tab to view and configure/update the LDAP settings.
Set the LDAP properties:
Property Name | Value | Required? |
---|---|---|
Host Address | The hostname or IP address of the LDAP server. | Required |
Port | The port number on which the LDAP server is listening. For LDAP, the default port number is 389. For LDAPS, the default port number is 636. | |
Username | The ID of a read-only user in the domain. | Required |
Password | The password of the user who is specified by Username. | Required |
Domain | The FQDN of the domain. | Required |
Base Dn | The base distinguished name identifies the location in the LDAP directory from which to start user searches. The default behaviour is for search to start from the root DN. | |
Search Filter | The filter that defines the criteria to restrict access. The default value is (&(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(userPrincipalName=$username)) to filter from enabled users. |
|
Login Attribute | The LDAP attribute to map to the VMware Data Services Manager Email Id. The default value is userPrincipalName . |
|
Firstname Attribute | The LDAP attribute to map to the VMware Data Services Manager First Name. | |
Lastname Attribute | The LDAP attribute to map to the VMware Data Services Manager Last Name. | |
TLS Enabled | Check this box if your server is using LDAPS. | Required |
Click SAVE or UPDATE to apply the LDAP settings.
In the Trust LDAP Certificate dialog box, click CONTINUE.
VMware Data Services Manager validates the LDAP settings that you provide, and returns an error if validation fails.
You can import users from a previously-configured LDAP identity provider and assign them the Provider Administrator role in VMware Data Services Manager. You can configure the LDAP group-to-role mapping after Provider organization creation as described in the procedure below.
Perform the following procedure to import users from LDAP and assign them the Provider Administrator role:
Select Organizations from the left navigation pane.
This action displays the Organizations view, a table that lists the configured organizations.
Click in the row of the organization into which you want to import LDAP users.
The Details tab appears.
Click EDIT in the Organization Information section of the Details tab.
The Update Organization dialog box appears.
Specify the LDAP group to VMware Data Services Manager role mapping:
Property Name | Value |
---|---|
Provider Groups | The LDAP groups whose users you want VMware Data Services Manager to assign the Provider Administrator role. |
Click UPDATE.
VMware Data Services Manager associates the LDAP users in the specified groups to the Provider Administrator roles in the organization.. These users can now log in to the VMware Data Services Manager console using their LDAP credentials.
You can import users from a previously-configured LDAP identity provider and assign them the Organization Administrator role in a VMware Data Services Manager Agent organization. You can configure the LDAP group-to-role mapping after Agent organization creation as described in the procedure below.
Perform the following procedure to import users from LDAP and assign them the Organization Administrator role:
Select Organizations from the left navigation pane.
This action displays the Organizations view, a table that lists the configured organizations.
Click in the row of the organization into which you want to import LDAP users.
The Details tab appears.
Click EDIT in the Organization Information section of the Details tab.
The Update Organization dialog box appears.
Specify the LDAP group to VMware Data Services Manager role mapping:
Property Name | Value |
---|---|
Admin Groups | The LDAP groups whose users you want VMware Data Services Manager to assign the Organization Administrator role in the organization. |
User Groups | The LDAP groups whose users you want VMware Data Services Manager to assign the Organization User role in the organization. |
Click UPDATE.
VMware Data Services Manager associates the LDAP users in the specified groups to the Organization Administrator and Organization User roles in the organization.. These users can now log in to the VMware Data Services Manager console using their LDAP credentials.
VMware releases certified VMware Data Services Manager database templates and software updates to Tanzu Network.
The Provider requires access to an S3-compatible object store and Tanzu Network to automatically obtain and locally store database templates and software updates:
Setting Name | Description |
---|---|
Provider Repo | S3-compatible object store that VMware Data Services Manager uses to store local copies of available database templates and software updates. |
Tanzu Net Token | Tanzu Network UAA API TOKEN that you generate from a Tanzu Network account. |
VMware Data Services Manager saves a local copy of each database template and software update that it downloads from Tanzu Network to the Provider Repo.
After you configure both the Provider Repo and Tanzu Net Token, it may take about ten minutes for available database templates to propagate to the Provider.
Perform the following procedure to configure the Provider object storage repository and the Tanzu Network refresh token:
Select Settings from the left navigation pane.
This action displays the Settings view, which includes tabs for Information, Storage Settings, SMTP Settings, and LDAP Settings.
Locate and select the Storage Settings tab.
Examine the External Storage table, click the three vertical dots in the Actions column of the Provider Repo Url row, and then click Configure.
This action opens the Configure Settings form.
Set the following properties for the Provider repository:
Property Name | Value |
---|---|
Setting Type | The name of the object store setting - Provider Repo Url. (Read-only) |
Storage Type | Select the type of storage from the drop-down list. You can choose S3_COMPATIBLE_STORAGE or AWS. |
AWS Region | If you selected the AWS storage type, specify the AWS region for the object store. |
Storage URL1 | The URL to the object store. If you do not specify the protocol, VMware Data Services Manager assumes it to be https . |
Access Key | The access key for the object store. |
Secret Key | The secret key for the object store. |
Bucket Name | The name of the bucket. |
1 If you selected the AWS Storage Type, refer to the Amazon Simple Storage Service documentation describing the URL endpoints for specific regions.
Click the Information tab.
Locate the Tanzu Net Token pane, click on the ACTIONS drop-down, and then select Add or Update from the pop-up menu.
The Add Refresh Token or Update Refresh Token dialog box appears.
Enter your Tanzu Network UAA API TOKEN in the field provided, and then click SAVE.
While these tasks are not required for deployment, you may choose to configure other settings for your VMware Data Services Manager installation at this time:
A VM plan is a named, pre-defined combination of compute and memory resources. When you configure a VM plan, you provide a name, a number vCPUs, and a memory amount in GBs.
If you chose Plans Mode when you configured the Organization, you must define one or more VM plans that a user can choose from to specify the resources allotted to a provisioned database VM.
Perform the following procedure to define a new VM plan:
Select VM Plans from the left navigation pane.
This action displays the VM Plans view, a table that lists the configured VM plans.
Click ADD NEW VM PLAN in the upper right corner of the view.
This action opens the Add VM Plan form.
Set the desired resource configuration properties:
Property Name | Value |
---|---|
Plan name | The name of the VM plan. |
vCPU | The number of vCPU cores to assign to a provisioned database VM. |
Memory | The amount of memory (in GBs) to allocate to a provisioned database VM. |
Click ADD.
The new VM plan is added to the table.
Configuring the Provider Repo and Tanzu Net Token in Step 4: Configuring Access to Database Templates and Updates prompts VMware Data Services Manager to automatically pull VMware-certified database templates and make them available to the installation.
Publishing a database template makes a specific version of a service available for provisioning. For example, a database template may exist for PostgreSQL version 11.8.
You must publish at least one database template before users can provision a database, and any database template that you publish becomes available to all users in all organizations.
Perform the following procedure to publish a database template:
Select Database Templates from the left navigation pane.
This action displays the Database Templates view.
Examine the database templates listed in the table, identify the database template that you wish to publish, and navigate to that table row.
Click on the Action column value, and select Publish from the pop-up menu.
The Publish Template dialog box appears.
Click CONFIRM.
Monitor the status of the publish operation.
If the operation completes successfully, the database template's Status in the table changes to PUBLISHED.
The version of a Agent onboarded with VMware Data Services Manager must be compatible with the version of the Provider. At initial deployment, VMware Data Services Manager cannot determine this compatibility until after database templates are downloaded to the Provider Repo.
You can validate Provider readiness for onboarding by viewing the Provider Status. The Provider Status located in the Environments view displays the following information:
A Ready to onboard Provider Status indicates that the Provider is ready and prepared to accept onboarding requests for new Agents (whose version is within the specified mininum-maximum range).
Also ensure that you perform the following validation steps:
From the left navigation pane, select System Audit.
Set System Audit Events per page (at the bottom of the table) as 100.
For the DSM RELEASE Component, ensure that the Event Type is DSM LOAD RELEASES and the Event Details is DSM Release N.N.N processed successfully, where N.N.N represents the current release of VMware Data Services Manager.
You have completed the required minimal configuration of the Provider. Next:
Provide the following information to the Organization Administrator user:
You may choose to log in to VMware Data Services Manager and access the provider console to begin monitoring and managing the environment.