Managing Multi-Tenant Services

Multi-tenancy is a principle of software architecture where a single instance of the software runs on a server serving multiple client organizations, or tenants. Tenants are logically isolated, but physically integrated.

In Prime Performance Manager you can create tenants directly or import tenants by integrating with OpenStack servers. You can then filter reports, alarms, and thresholds by one or more tenants. Procedures for managing tenants in Prime Performance Manager data are provided in the following topics:

Overview to Multi-Tenancy in Prime Performance Manager

Multi-tenant actions you can perform in Prime Performance Manager include:

  • Adding tenants directly.
  • Creating tenant groups.
  • Importing and synchronizing tenants through integration with an OpenStack server.
  • Filtering reports, thresholds, and alarms by tenant scope.
  • Displaying alarms filtered by tenant scope.
  • Associating Prime Performance Manager users to tenants.

Figure 16-1 provides an overview to the Prime Performance Manager tenant and user data access:

  • User A is a member of Tenant A, User A can only access data defined for Tenant A.
  • User B is a member of both Tenant A and Tenant B, User B can access data defined for both Tenant A and Tenant B.
  • User C is a member of Tenant B, User C can only access data defined for Tenant B.
  • The Admin user is the administrator, and can access all Prime Performance Manager data.

Figure 16-1 Multi-Tenancy Support in Prime Performance Manager

 

364144.eps

Creating Tenants in Prime Performance Manager

You can create tenants in Prime Performance Manager using one of the following methods:

  • Create tenants through the Tenant window, then create the report filtering for the tenant.
  • Create a tenant group then assign the data source and algorithms to filter the data objects and reports for the tenant group.

In general, creating tenants through the Tenants window is quicker and simpler, but does not provide the filtering capabilities tenant groups provide.

Following tenant creation, you must modify the definition file.

Instructions are provided in the following topics:

Adding Tenants to Prime Performance Manager From the Tenants Window

To add tenants Prime Performance Manager through the Tenants window:


Step 1blank.gif Log into Prime Performance Manager GUI as a System Administrator user.

Step 2blank.gif If user access is not enabled, enable it following the Enabling Secure User Access.

Step 3blank.gif From the Administration menu, choose Users/Tenants/Security.

Step 4blank.gif On the Users window, click the Tenants tab.

Step 5blank.gif On the Tenants window, click Add.

Step 6blank.gif In the Add Tenant dialog box, enter:

    • Tenant Name—The tenant name.
    • Display Name—The tenant display name.
    • Tenant Status—Choose Enabled to enable the tenant (default), or Disabled to not enable it.

Step 7blank.gif Click Save.

Step 8blank.gif On the Tenants window, choose the tenant you created and on the toolbar click Filter Reports.

Step 9blank.gif On the Tenant Reports window, check or uncheck the reports you want available to the tenant.

Step 10blank.gif To display or hide report data columns:

a.blank.gif Navigate to the report and click the Tenant Report Condition icon next to the report title.

The Tenant Filter Condition: [ report category:report title ] dialog box is displayed.

b.blank.gif In the Column Name field choose the report column for which you want to set conditions.

The column display name and data type are displayed in the Display Name and Column Type fields.

c.blank.gif In the Filter Value field, enter the value that you want the report data column to equal before it is displayed to tenant members. (Equal is the only available operator.)

d.blank.gif Click Add.

e.blank.gif If you want to add or append additional conditions, repeat Step c and click Add to add a new condition, or click Append to append the condition to the existing one.

f.blank.gif When finished, click OK.

Step 11blank.gif On the Tenant Reports window, click Save to save the tenant filter.


 

Adding Tenants to Prime Performance Manager Through Tenant Groups

To add tenants to Prime Performance Manager by creating tenant groups:


Step 1blank.gif Log into Prime Performance Manager GUI as a System Administrator user.

Step 2blank.gif If user access is not enabled, enable it following the Enabling Secure User Access.

Step 3blank.gif From the Administration menu, choose Group Editor.

Step 4blank.gif Click the Create New Group tool.

Step 5blank.gif In the Create Group dialog box, enter the group name.

Step 6blank.gif Click OK.

The new group is added to the System Groups table.

Step 7blank.gif Click the new group link.

Step 8blank.gif In the Group Details tab Type/Tag field, enter ppm_tenant.

This tag identifies the group as a tenant and will cause it to appear on the Tenants window.

Step 9blank.gif In the Data Source area, click Change.

Step 10blank.gif In the Edit Group Data Source dialog box, choose the data sources you want for the tenant and click Add to move them to the Assigned Data Sources group.

Step 11blank.gif When finished, click Save.

Step 12blank.gif To create an algorithm to run against the selected data source(s), click Launch Algorithm Editor (Beta).

Step 13blank.gif Create the algorithm by dragging blank operator equations to the area on the right, then dragging the variables on the top to fill in the blank elements of the operator equation.

Step 14blank.gif When finished, click Save and Quit.

Step 15blank.gif On the Group Details tab, click Validate to validate the data source and algorithm.

Step 16blank.gif Click Save.


 

Adding Tenants Through OpenStack Integration

OpenStack is an open-source cloud computing platform generally deployed in infrastructure as a service (IaaS) solutions. OpenStack controls data center processing pools, storage, networking resources, and many other IaaS functions.

Tenants are primary organizational elements within the OpenStack Compute service. (The OpenStack Compute service provides virtual servers upon demand.) OpenStack tenants include a separate VLAN, volumes, instances, images, keys, and users.

You can import OpenStack tenant data into Prime Performance Manager by connecting to the OpenStack server and running the tenant integration function. After the OpenStack tenants are added, you can set up report filtering to restrict report data to that which is appropriate for the tenant.

To add OpenStack tenant data to Prime Performance Manager:


Step 1blank.gif Log into the Prime Performance Manager GUI as the administrator user.

Step 2blank.gif From the Administration menu, choose OpenStack Tenant Integration.

The Administration Tenants window displays.

Step 3blank.gif Click the Tenants tab.

Step 4blank.gif On the OpenStack Tenants toolbar, click Add New Tenant.

In the Add Tenant Integration dialog, enter the integration parameter:

    • Host Name or IP Address—Enter the OpenStack server host name or IP address. For multi-node OpenStack deployments, this is the server where the OpenStack Keystone API service is installed.
    • Protocol—Choose the protocol used to access the server, either HTTP or HTTPs.
    • Port—Enter the OpenStack Identify service administrative endpoint. The default is 35357.
    • Tenant Name\User Name (Admin Role)—Enter the OpenStack project name and user in the format: [ ProjectName ]\[ UserName ]. For example, if the username is admin and the project name to which the admin user belongs is openstack, you would enter openstack\admin.
    • Password—Enter the user password.
    • Version—The Keystone Web API version. Currently only Version 2.0 is supported.
    • Sync Interval—Choose the tenant data synchronization interval: 30 minutes, 1 hour, or 6 hours.
note.gif

Noteblank.gif The synchronization interval must be longer than the life of the OpenStack authenticate token.


Step 5blank.gif Click Save & Import.

note.gif

Noteblank.gif Save & Import will not activate if fields are blank or have invalid entries.


The tenant import After successful integration, the tenant is added to the Administration Tenant Integration table with the parameters entered in the previous step as well as the following:

    • Ongoing Tenant Synchronization—Indicates whether the tenant data is automatically updated.
    • Last Import of Tenant—The date the tenant data was last updated.

Step 6blank.gif At any later time, you can:

    • Edit any tenant parameter in the table except the host name or IP address. After editing, click Save All Tenants on the toolbar to update the edited entries.
    • Select a tenant and perform the following actions in the Action column:

blank.gif Synchronize Tenant Data —Synchronizes the tenant data and updates the last import date and time.

blank.gif Disable Tenant Data Synchronization —Stops ongoing tenant data synchronization.

blank.gif Enable Tenant Data Synchronization —Starts ongoing tenant data synchronization.

blank.gif Delete Tenant —Removes the tenant entry and all associated tenant data.


 

Adding OpenStack Tenant Message Brokers

After you create an OpenStack tenant and import its data to Prime Performance Manager, you can set up message brokers that listen for OpenStack tenant changes and update the Prime Performance Manager tenant data when they occur. The message brokers supplement the ongoing tenant data synchronization set up at 30-minute, one-hour, or six-hour intervals when you add the tenant entry to Prime Performance Manager. Message brokers have two requirements:

To add an OpenStack tenant message broker:


Step 1blank.gif Log into the Prime Performance Manager GUI as the administrator user.

Step 2blank.gif From the Administration menu, choose OpenStack Tenant Integration.

Step 3blank.gif Click the Message Broker tab.

Step 4blank.gif On the OpenStack Message Broker Configuration toolbar, click Add New Message Broker Entry.

Step 5blank.gif In the Add New Message Broker Entry dialog box, enter the following properties:

    • Name—Enter unique name for the message broker entry.
    • Broker IP Address—Enter the IP address of the RabbitMq message broker.
    • Broker Listener Port—Enter the port used by the message broker to listen for messages. The default port is 5672.
    • Broker Virtual Host—Enter the virtual host configured on message broker. The default is /.
    • User Name—Enter the username needed to connect to the message broker.
    • Password—Enter the username password.
    • Enabled—Check if you want to enable the message broker after it is created.
    • IP Address of OpenStack—Choose the OpenStack IP address from the list, which is populated from the OpenStack tenants that appear in the OpenStack tab.

Step 6blank.gif Click OK.

The message broker entry is added to the Message Broker table.

Step 7blank.gif At any later time, you can:

    • Edit any message broker parameter in the table except the name or OpenStack IP address. After editing, click Save Message Broker Entries on the toolbar to update the edited entries.
    • Select a tenant and perform the following actions in the Action column:

blank.gif Enable/Disable Message —Check the box to enable the message broker; uncheck the box to disable it.

blank.gif Delete —Removes the message broker entry.

note.gif

Noteblank.gif If the tenant that the message broker is monitoring is disabled, the status changes to Unknown. Some brokers should not be added.



 

Adding Users to Tenants

After you create or add tenants to Prime Performance Manager, you can add users to them. User creation and editing procedures are provided in the following topics:

When you create or edit a user, in the Tenant Name field check the tenants to which you add the user. After you save the user or user information updates, you can display the tenants to which the user belongs by clicking the Tenants box.

Setting Up OpenStack Ceilometer Reports

OpenStack ceilometers provide a point of contact for billing systems to acquire measurements for customer billing across all current OpenStack core components. Ceilometer reports are located in the Compute > OpenStack report category.

By default, ceilometer collects metrics every 10 minutes. Prime Performance Manager allows you to configure other intervals. If the interval is lower than the ceilometer interval, Prime Performance Manager fills the data automatically by using most recent data. Therefore, the polling interval must always be larger then the ceilometer interval.

When configuring Prime Performance Manager to monitor OpenStack, review the default OpenStack Ceilometer poll interval. By default this is 10 minutes. Disable OpenStack reports that are less than the Ceilometer poll interval, otherwise Prime Performance Manager will poll OpenStack more frequently than OpenStack is updated. For example, if the OpenStack Ceilometer poll interval is the 10-minute default, disable OpenStack 1 and 5 minute reports. See Customizing Individual Report Settings.

Displaying Tenant Reports

If OpenStack tenant integration is enabled, hypervisor and OpenStack Ceilometer report data are filtered automatically.

note.gif

Noteblank.gif For OpenStack tenant integration, Prime Performance Manager must import Ceilometer as the monitored device for data filtering. Hypervisors are optional.


For tenants added to Prime Performance Manager directly, filtering is set up at the time you create the tenant. See the following topics:

To display report data by tenant:


Step 1blank.gif Log into the Prime Performance Manager GUI as the administrator user.

Step 2blank.gif On the Prime Performance Manager toolbar, click User Preferences.

Step 3blank.gif In the User Preferences window, click General Display Settings.

Step 4blank.gif In the right column, modify the following tenant report properties:

    • Tenant Scope—Sets the report tenant scope:

blank.gif All—Displays all reports, not just tenant reports.

blank.gif All Tenants—Displays all tenant reports.

blank.gif SELECTED—Allows you to select and display reports for individual tenants.

    • Tenant Display—Sets the tenant identifier when displayed in reports, either Name (internal tenant name), or Display Name.

For example, if you set Tenant Scope to All Tenants and Tenant Display to Display Name, then navigate to Reports > Compute > OpenStack > [Ceilometer], you will notice a new Tenant column is displayed with the data for all Tenants.


 

Displaying Alarms and Events by Tenant

Alarms and events have a Tenant attribute that you can use to sort alarms and events by tenant. The Tenant attribute is not displayed by default. To display it, see Adding and Removing Properties from Property Views.

Adding Tenants to Thresholds

Prime Performance Manager thresholds allow you define performance criteria for displaying threshold crossing alert alarms and events. For complete information about Prime Performance Manager thresholds, see Chapter11, “Creating and Managing Thresholds” When you create thresholds, you can apply one, multiple, or all tenants to it.

To add tenants to threshold crossing alerts:


Step 1blank.gif Complete the Creating Thresholds.

Step 2blank.gif Complete the following tenancy fields:

    • Tenancy—Indicates the tenants that should be included in the threshold:

blank.gif ALL—(default) Choose this option if you do not want to assign tenants to the threshold.

blank.gif ALL_TENANTS—Includes all tenants in the threshold.

blank.gif SELECTED—Allows you to choose the tenants added to the threshold

    • Selected Tenants—If you chose SELECTED in the Tenancy field, displays the tenants that added.

To add tenants, click Change then chose the tenants you want in the Select Tenants dialog box using the Add, Add All, Remove, Remove All buttons.


 

Tenant Views

After you integrate Prime Performance Manager with OpenStack tenants, you view information about them in the Data Center > Tenants view. Each tenant view includes the following subviews retrieved from the OpenStack server:

  • Network—Displays information about the tenant VLAN.
  • Compute—Displays the tenant virtual machines. In OpenStack Horizon, these are called instances.
  • Storage—Displays information about tenant storage volumes.

To display tenant details, click the tenant in the View tree. The following tenant details are displayed:

  • Name—The tenant name.
  • Status—The tenant status, either enabled or disabled.
  • Description—A description of the tenant, if added.
  • Tenant Source—The source of the tenant. Currently, this will be OpenStack.
  • Ongoing Tenant Synchronization—Indicates whether regular synchronization occurs between Prime Performance Manager and the OpenStack server, either Yes or No.
  • Last import of tenant—Indicates the data and time of the last tenant information synchronization.