Configure VMware Cloud Services with Tanzu CloudHealth

Note

Effective Feb 2023, the VMware Cloud Services is a default authentication tool for all the new VMware Tanzu CloudHealth platform users. Using the VMware Cloud Services console, you can manage your entire VMware Cloud services portfolio across hybrid and native public clouds, and it provides you with easy access to the Tanzu CloudHealth platform and other VMware Cloud Services products.

Depending on whether you are a new Tanzu CloudHealth user or a new VMware Cloud Services user, there can be differences in the onboarding workflows.

• Onboard a new Tanzu CloudHealth user
• Onboard a new VMware Cloud Services user

You will receive an invitation email for both workflows with an onboarding link.

Sign up for the Tanzu CloudHealth Services Platform

As a New User with Non-federated Access

Prerequisite

• An email with an onboarding link from the VMware Cloud Services platform.

Procedure

Step 1 - Log in to the VMware Cloud Services platform.

• If you are a new user of VMware products, by clicking the onboarding link provided in the invitation mail, you are redirected to the VMware Cloud Services login page. Create a VMware Cloud Services account. The first user who creates an Organization gets an Organization Owner role in the VMware Cloud Services platform. See Create VMware Cloud Services Account.
• If you already have a VMware account, then log in using your VMware account credentials.

Once the Organization is created, new users invited to join the Organization can have the role that the Organization Administrator or Organization Owner granted them. It is recommended to provide the Organization Member role to new users to limit the Organization access unless they need higher privileges within the Organization.

Step 2 - Select a VMware Cloud Services Organization.

Select an existing Organization or create a new Organization in which you want to onboard the Tanzu CloudHealth service.

• If you select the Organization which already exists, click Proceed to Service. You will be redirected to the Tanzu CloudHealth platform.

  Each Organization comes with an Organization ID. If any of the existing Organizations were associated with the Tanzu CloudHealth platform service in the past, and the service was added again to the Organization, in that case, Tanzu CloudHealth automatically reactivates your old Tanzu CloudHealth account, and links it to the VMware Cloud Services Organization ID.

  Note that, per the data retention policy, Tanzu CloudHealth retains customer data for 13 months. If the Organization ID is not available in the Tanzu CloudHealth database, Tanzu CloudHealth creates a new account for you and automatically links it to the VMware Cloud Services Organization ID.

• If you want to create a new organization,

  1. Click Add Service to Another Org.
     
  2. Click Create Organization.
     
  3. Create your Organization Profile by providing an Organization Name and Address.
  4. Select Terms of Service and click Continue.
  5. Accept or Decline the Data Disclosure to Partners approval, click Continue.

  You will be redirected to the Tanzu CloudHealth platform.

Users with Federated Access

Prerequisite

• Enterprise Federation setup is ready.
• The VMWare Cloud Services Organization must be activated for Identity Governance and Administration (IGA).
• The Organization owner should set an auto entitlement policy in the VMware Cloud Services platform. See Configure auto entitlement policy. This policy is required to grant the Organization and service level role to anyone who logs in with a federated domain.

If you have an SSO federation setup, new Tanzu CloudHealth users from your company first need to log in to the VMware Cloud Services platform to access the Tanzu CloudHealth services. Once authenticated, they can access the Tanzu CloudHealth platform directly and get into their assigned Tanzu CloudHealth account.

Further, Organization Administrator or Organization Owner can change the user roles in the VMware Cloud Services platform, and the Tanzu CloudHealth administrator can change the Tanzu CloudHealth roles in the Tanzu CloudHealth platform if required.

Create a VMware Cloud Services Account

If you are a new user and do not have a VMware Cloud Services account, you need to create one to use Tanzu CloudHealth services. As part of the onboarding process, you will receive an Onboarding link in your mail id. Click the onboarding link and complete the following steps.

1. On the VMware Cloud Services sign in page, click Sign in using another account.
2. Fill in the following details in the account creation form.
   • Name and Phone number.
   • Email address Make sure you enter the same email address on which you received the invite. Create a password.
   • Business name and Address details.
3. Select the terms of user agreement and click Continue.
4. Click Send Verification Code. Copy and paste the verification code from your registered email address to the VMware Cloud Services platform. Complete the email verification and log in using your registered VMware account credentials.
5. Click Create VMware Account. You will be redirected to the VMware Cloud Services sign in page.
6. Log in to the VMware Cloud Services platform using the newly created credentials. Once authenticated, you can directly log in to the Tanzu CloudHealth platform.

After creating a VMware Cloud Services account, the first user who creates an Organization gets an Organization owner role in the VMware Cloud Services platform.

Add New Users to the Organization in the VMware Cloud Services Platform

Prerequisite

• You must have either Organization Owner or Organization Administrator role to invite users to your Organization. For more information, see How do I manage users in my Organization.
• You have at least one Organization created in the VMware Cloud Services platform.

As an Organization owner, you can invite users to your Organization in the VMware Cloud Services platform and grant them access to the Tanzu CloudHealth services platform.

To add new users to the Organization

1. In the Tanzu CloudHealth platform, click the profile name at the top-right corner, and select View Organization. You will be redirected to the Organization page in the VMware Cloud Services platform.
2. From the left menu, click Identity & Access Management > Active Users.
   
3. Click Add Users. On the Add New Users page, provide the account name of the user or the email address of the user you want to add to your Organization. Make sure the account name of the user is a real email address.

4. Assign Roles. As an administrator in the VMware Cloud Services platform, you must assign two roles to the users you invite to the Tanzu CloudHealth platform - an Organization Role in the VMware Cloud Services platform and a Service Role for the Tanzu CloudHealth platform. A user can have the same or different roles in both platforms. For example- An administrator in VMware Cloud Services will not necessarily be an Administrator in the Tanzu CloudHealth platform, and vice versa.

   Organization Roles -
   The following Organization roles are available in the VMware Cloud Services platform.

   Mandatory Roles	Additional Roles
   Organization Administrator	Access Log Auditor
   Organization Member	Billing Read-Only
   Organization Owner	Developer
   	Project Administrator
   	Software Installer
   	Support User

   To know more about the VMware Cloud Services Organization and roles, see Before you start with VMware Cloud services.

   Service Roles -
   

   • To assign a Service Role, you first need to select a service and then the service- related role.
   • For Tanzu CloudHealth service, you can assign either a Tanzu CloudHealth Administrator role or A role Managed by Tanzu CloudHealth. In Role Managed by Tanzu CloudHealth, the user will assume a Tanzu CloudHealth role assigned by the Tanzu CloudHealth administrator in the Tanzu CloudHealth platform.

   To know more about the roles in the Tanzu CloudHealth platform, see What are Tanzu CloudHealth Roles.

5. Click Add to send an invitation to the user.

Invite Redemption

New users should accept the invitation using the invite link and create a VMware Cloud Services account or log in to the VMware Cloud Services platform using their active VMware account credentials.

After the user has successfully logged in to the VMware Cloud Services platform,

1. On the Services > Organization page, click Launch Service to go to the Tanzu CloudHealth platform.
2. Select the Tanzu CloudHealth terms of service and click Next.

After redeeming the invitation, the user name will be added to the Tanzu CloudHealth platform.

Add Users to the User Group in the Tanzu CloudHealth Platform

See, how to add Users to a User group in the Tanzu CloudHealth platform.

Configure Auto Entitlement Policy

As an Organization owner, you need to link your Organization to your identity provider to grant federated access to all users from your domain.

Pre-requisite

• A domain has been set up in the VMware Cloud Services platform.
• The domain setup is not attached to a specific Organization in the VMware Cloud Services platform.

Procedure

Log in to the VMware Cloud Services platform as an Organization owner.

Step 1 – Link the domain name with your Organization

1. From the left pane, click Organization > Details.
2. Scroll down to the Domains Linked to Identity Provider and click Link Identity Provider.
3. Click Link to link your Organization and click Continue.

Step 2 – Configure a domain policy

1. From the left pane, navigate to Identity and Access Management > Governance.
2. In the Requests tab, click Settings.
3. On the Request Settings page, click Add Domain Policy.

4. Provide the following information-

   • Name – Name of new domain policy.
   • Description – Description of new domain policy.
   • Domains – List of domain names separated by a comma or new line to which the new policy is applicable.
   • Scopes- Assign Organization and Service roles.

5. Click Save. The domain policy appears in the Grant default roles section.

The domain policy becomes effective immediately after you save the policy, and any user with the saved domain name can log in to the VMware Cloud Services platform using their credentials.

By default, all the users from the configured domain will be assigned an Organization member role. Later Organization Owner can edit the role if required.

Select the policy name in the Grant default roles section to edit the domain policy details and click Edit.

Manage Your VMware Cloud Services Account Profile

Using the VMware Cloud Services console, you can manage your entire VMware Cloud services portfolio across hybrid and native public clouds, and it provides you with easy access to the Tanzu CloudHealth platform and other VMware Cloud Services products.

In the VMware Cloud Services platform, click your profile name at the top right corner. In this pane, you can see your Organization ID and can change your Organization and User Settings.

• Organization Settings View Organization – Click to view the setting of your current Organization. You will be redirected to the VMware Cloud Services > Organization > Details page.

• User Settings

  • My Account – View your account details in the VMware Cloud Services platform.
  • Set Default Organization- If you are added to more than one Organization, you can set a default Organization.
  • Tanzu CloudHealth Profile

To view all the VMware Cloud services you have access to, click the 9-dot menu at the top right corner. Click the service name to switch to a different service.