ZStack Cloud Documentation
All
All
ZStack 3.10.0>Product Manuals>Maintenance Manual>Advanced Function (Plus)>Enterprise Management
Get PDF

Advanced Function (Plus)

ZStack provides the following advanced functions:
  • Enterprise Management
  • BareMetal Management
  • Backup Service
  • Migration Service
Advanced functions are provided as separate feature modules. To use an advanced function, purchase both the Base License and the corresponding Plus License. The Plus License cannot be used independently

Enterprise Management

Enterprise Management mainly provides enterprise users with organization structure managements and project-based resource access control, ticket management, and independent zone management. Enterprise Management is a separate feature module. To use this feature, purchase both the Base License and the Plus License of Enterprise Management. The Plus License cannot be used independently.

Enterprise Management Account System

The following are the related definitions:
  • Admin

    A super administrator who owns all permissions. Usually, IT system administrators obtain the permissions.

  • User

    A virtual ID, simply a natural person who is the most basic unit in Enterprise Management. A user has multiple attributes, such as a platform admin, project admin, and head of a department.

  • Local User

    A user that is created in the Cloud. A local user can be added to an organization, added to a project, bound with a role.

  • 3rd Party User

    A user is that is synchronized to the Cloud through 3rd party authentication. A 3rd party user can be added to an organization, added to a project, and bound with a role.

  • Platform User

    A user that is not added to a project yet, including platform admin and the regular platform member.

  • Platform Admin

    A user that has the platform admin role attached. A platform admin who has been allocated a specified zone or all zones manages the data center of the allocated zone or zones.

  • Head of Department

    A user that is responsible for managing departments in an organizational structure. A head of a department has the permission to check department bills.

  • Project Member

    A user who has joined a project, including project admin, project operator, and normal project member.

  • Project Admin

    A user that has the project admin role attached. A project admin is responsible for managing users in a project, and has the highest permission in a project.

  • Project Operator

    A user that has the project operator role attached. A project operator assists project admins to manage projects. One or more project members in the same project can be specified to act as project operators.

  • Member Group

    A virtual ID group that has a group of project members. You can organize project members in groups for better management, and perform permission control by member group.

  • Organization

    The basic unit of an organizational structure in Enterprise Management. You can create an organization or synchronize an organization through 3rd party authentication. An organization can be divided into a top-level department and a normal department. The top-level department is the first-level department in the organization, and can have multi-level subsidiary departments.

  • Project

    The task that related members will be specified to accomplish specified targets with a specified time, resource, and budget. Enterprise Management organizes resources based on projects and allows you to create an independent resource pool for a specific project.

  • Role

    A collection of permissions. You can grant permissions to a user by attaching a role to the user, so that the user can operate on the related resources by calling related APIs.

  • System Role

    A special role preconfigured by the Cloud. As the Cloud upgrades, the permission contents of a system role will be updated, and new permissions will be added automatically. The system role cannot be configured manually.

  • Custom Role

    A custom role that you created in the Cloud. Similar to the system role, the permission contents of a custom role will be updated as the Cloud upgrades. Notice that you need to manually configure the additional permissions after the upgrade.

  • Quota

    A measurement standard that determines the total quantity of resources for a project. A quota mainly includes the VM instance count, CPU count, memory capacity, maximum number of data volumes, and maximum capacity of all volumes.

  • Project Collection Policy
    When you create a project, specify a project collection policy. The project collection policy includes the unlimited collection, specified time collection, and specified spending collection.
    • Unlimited Collection

      After you create a project, resources within the project will be in the enabled state by default.

    • Specified Time Collection
      • When the expiration date for a project is less than 14 days, the smart operation assistant will prompt you for The license will be expired after a project member logs in to the Cloud.
      • After the project expired, resources within the project will be collected according to the specified policy. The policy includes disabling login, stopping resources, and deleting projects.
    • Specified Spending Collection

      When the project spending reaches the maximum limit, resources within the project will be collected according to the specified policy. The policy includes disabling login, stopping resources, and deleting projects.

Account Login in Enterprise Management

  • Admins can log in to the Cloud via Main Login.

    By using Chrome or Firefox, go to the Main Login page via http://your_machine_ip:5000/#/login. To log in to the Cloud, the admin must enter the corresponding user name and password, as shown in Main Login Page.

    Figure 1. Main Login Page


  • For users (platform admin, platform user, project admin, project operator, or regular project member), log in to the Cloud via Project Login.
    By using Chrome or Firefox, go to the Project Login page via http://your_machine_ip:5000/#/project. To log in to the Cloud, enter the corresponding user name and password. Specifically, the Cloud has two login entrances for Project Login as follows:
    • Local user: the user created on the Cloud. Log in to the Cloud via Local User.
    • AD/LDAP user: the 3rd party user synchronized to the Cloud via the 3rd party authentication. Log in to the Cloud via AD/LDAP User, as shown in Project Login Page.
    Figure 2. Project Login Page


Three Subfeatures of Enterprise Management

The Enterprise Management mainly includes four subfeatures, including project management, ticket management, independent zone management, and third-party authentication
  • Project Management:

    The project management is project-oriented to plan for resources. Specifically, you can create an independent resource pool for a specific project. Project lifecycles can be managed (including determining time, quotas, and permissions) to improve cloud resource utilizations at granular, automatic level and strengthen mutual collaborations between project members.

    For more information, see Project Management.

  • Ticket Management:

    To better provide basic resources efficiently for each project, project members (project admins, project operators, or regular project members) can apply for tickets to obtain cloud resources. Tickets are reviewed and approved according to custom ticket review processes of each project. Finally, admins or project admins approve the tickets. Currently, five types of ticket are available, including applying for VM instances, deleting VM instances, modifying VM configurations, modifying project cycles, and modifying project quotas.

    For more information, see Ticket Management.

  • Platform Management:

    To effectively manage the Cloud, the platform user (platform admin/regular platform member) can cooperate with the super administrator to manage and operate the Cloud together. ZStack provides various system roles such as Platform Admin Role and Dashboard Role. Also, you can satisfy various usage scenarios by creating custom roles at the API level.

    For more information, see Platform Management.

  • Independent Zone Management:

    Usually, a zone corresponds to an actual data center in a place. If you isolated resources for zones, you can specify the corresponding zone admins for each zone to achieve independent managements of various machine rooms. In addition, admins can inspect and manage all zones.

    For more information, see Independent Zone Management.

  • 3rd Party Authentication:

    The 3rd party authentication is a third-party authentication service provided by ZStack. ZStack lets you seamlessly access the third-party login authentication system. The corresponding account system can directly log in to the Cloud to conveniently use cloud resources. Currently, you can add an AD/LDAP server.

    For more information, see 3rd Party Authentication.


Organization

Enterprise Management provides an organization management feature for enterprise users, where an organizational structure tree is displayed in cascade and you can directly get a complete picture of the enterprise organization structure. Enterprise Management mainly includes the following concepts:
  • Organization

    The basic unit of an organizational structure in Enterprise Management. You can create an organization or synchronize an organization through 3rd party authentication. An organization can be divided into a top-level department and a normal department. The top-level department is the first-level department in the organization, and can have multi-level subsidiary departments.

  • User

    A virtual ID, simply a natural person who is the most basic unit in Enterprise Management. A user has multiple attributes, such as a platform admin, project admin, and head of a department.

  • Head of Department

    A user that is responsible for managing departments in an organizational structure. A head of a department has the permission to check department bills.

Organization Tree

  • The organization tree is displayed in hierarchy and allows you to view the whole picture of the enterprise structure.
  • The organization can be divided into top-level department and department. Specifically, the top-level department, the first level department, can have multi-level departments.
  • In the organization tree, the head of department for the top-level department or department has a red star icon at the lower right.
  • The organization synchronized via the 3rd authentication lets you create an organization tree independently.
  • You can add multiple organization trees. Notice that the users under the different organization trees are invisible from each other.
  • The admin or platform admin can view all the organization trees, while the platform users can only view their own organization trees.

Organization Operations

An organization includes two types of add method: manual addition and 3rd party authentication. Organizations of different add methods support different operations.

Operations Supported by Cloud Organization
An admin, platform admin, or regular platform user can perform the following operations for an organization in the Cloud:
  • Add organization: Create an organization tree.
  • Change parent department: Change the parent department for the organization. Notice that the top-level department does not support this operation.
  • Change department head: Respecify the head of department.
  • Create subsidiary department: Create a subsidiary department under the organization.
  • Delete subsidiary department: Delete the subsidiary department under the organization. Notice that the organization without any subsidiary department does not support this operation.
  • Add user: Add a new user to the organization.
  • Remove user: Remove a user from the organization.
    Note: If the user is the head of department, removing this user will also remove its identification as the head of department.
  • Delete: Delete the specified organization.
    Note: Exercise caution. Deleting an organization will also delete all its subsidiary departments.
3rd Party Authentication Synchronization Operations
An admin, platform admin, or regular platform user can perform the following operations for the synchronized 3rd party organization:
  • Add user: Add a new user to the organization.
  • Remove user: Remove a user from the organization.
    Note: If the user is the head of department, removing this user will also remove its identification as the head of department.
  • Delete: Delete the specified organization. Deleting the specified organization will also delete the 3rd party server. Notice that this organization cannot be deleted independently.

Notice

The visibility of the organization tree is different from different angles as follows:
  • An admin or platform admin can view all organization trees.
  • A regular palindrome user, project admin, or project operator can only view its own organization tree.
  • A regular project member cannot view the organization tree.

User

A user (virtual ID) is simply a natural person who is the most basic unit in Enterprise Management. A user has multiple attributes, such as a platform admin, project admin, and head of a department.

ZStack provides the following two types of user classification:
  • Classification by source
    • Local User

      A user that is created in the Cloud. A local user can be added to an organization, added to a project, bound with a role.

    • 3rd Party User

      A user is that is synchronized to the Cloud through 3rd party authentication. A 3rd party user can be added to an organization, added to a project, and bound with a role.

    Note: Users in Enterprise Management can log in to the Cloud via Project Login, while local users can log in to the Cloud via User Login. Besides, third-party users can log in to the Cloud via AD/LDAP User.
  • Classification by project
    • Platform User

      A user that is not added to a project yet, including platform admin and the regular platform member.

    • Project Member

      A user who has joined a project, including project admin, project operator, and normal project member.

Notice

  • An admin or platform admin can view a list of all users.
  • If an organization tree is created in the Cloud, a platform user can only view the user list of its own organization. If no organization tree is created in the Cloud, a platform user can view all users.
  • If an organization tree is created in the Cloud, a project admin or project operator can only view the users under its own organization tree.
  • If no organization tree is created in the Cloud, a project admin or project operator can view all users.
  • To create users with a template, note the following:
    • Existing organizations are required. Notice that these organizations must be separated by "/", such as Company/Dev.
    • If the organization path duplicates, attach the UUID of a top-level department, such as Company(f11444d42701483791370e9f8b9300b9)/Dev.
    • If a user is added to multiple organizations simultaneously, separate these organizations by "&&", such as Company/Dev&&Company/QA.
    • A project is required. When a single project is added, enter the project name directly, such as project-01.
    • If a user is added to multiple projects simultaneously, separate these projects by "&&", such as project-01&&project-02.

User Operations

Operations between a local user and a 3rd party user are little bit different.

Local User Operations
An admin, platform admin, or regular platform user supports the following operations for a local user:
  • Create user: Create a local user based on the basic employee information.
  • Change user name: Change the user name. The user name that is the login name must be unique.
  • Change password: Change the login password for the local user.
  • Change personal information: Change the full name, phone number, email address, and identifier.
  • Join department: Add the local user to one or more departments.
  • Remove from department: Remove the local user from the department.
    Note: If the local user is the head of department, removing this local user from the department will also remove its identification as the head of department.
  • Join project: Add the local user to one or more projects.
  • Remove from project: Remove the local user from the project.
    Note:
    • If the local user is the project admin or project operator, removing the local user from the project will also remove its identification as the project admin or project operator.
    • If the local user is part of a ticket process, the ticket process will be unavailable after you remove the local user from the project. Also, the tickets related to the process will be all recalled.
  • Delete: Delete the local user.
    Note:
    • If you delete the local user that acts as the head of department, project admin, or project operator, deleting the local user will also delete its identification as the head of department, project admin, or project operator
    • If you delete the local user that is part of ticker process, the ticket process will be unavailable after you remove the local user from the project. Also, the tickets related to the ticket process will be all recalled.
  • Audit: Check the related operations of the local user. These operations are performed by the admin or platform admin.
3rd Party User Operations
An admin, platform admin, or regular platform user support the following operations for a 3rd party user:
  • Join department: Add the 3rd party user to one or more departments.
  • Remove from department: Remove the 3rd party user from the department to be selected.
    Note: If the 3rd party user is the head of department, removing the 3rd party user from the project will also remove its identification as the head of department.
  • Join project: Add the 3rd party user to one or more projects.
  • Remove from project: Remove the 3rd party user from the project.
    Note:
    • If the 3rd party user is the project admin or project operator, removing the 3rd party user from the project will also remove its identification as the project admin or project operator.
    • If the 3rd party user is part of ticket process, the ticket process will be unavailable after you remove the 3rd party user from the project. Also, the tickets related to the ticket process will be all recalled.
  • Delete: Delete the 3rd party user.
    Note:
    • If you delete the 3rd party user that acts as the head of department, project admin, or project operator, removing the 3rd party user will also remove its identification as the head of department, project admin, or project operator.
    • If you delete the 3rd party user that is part of a ticket process, the ticket process will be unavailable after you remove the 3rd party user from the project. Also, the tickets related to the ticket process will be all recalled.
  • Convert to local user: After you synchronize an AD server, the non-existent 3rd party user will be changed to the deleted state and cannot log to the Cloud. At this time, the 3rd party user can be converted to a local user, while the AD user that is in the deleted state can be changed to the local user in the Cloud.
    Note:
    • After you convert a 3rd party user to a local user, the original data of the 3rd party user will be inherited, such as the belonged project and the acquired permissions.
    • After you convert a 3rd party user to a local user, verify that you perform Change Password. Then, the converted local user can log in to the Cloud normally.

Role

A role is a collection of permissions used for entitling users to manage resources by calling associated APIs. A role has two types, including system role and custom role.
  • System Role

    A special role preconfigured by the Cloud. As the Cloud upgrades, the permission contents of a system role will be updated, and new permissions will be added automatically. The system role cannot be configured manually.

  • Custom Role

    A custom role that you created in the Cloud. Similar to the system role, the permission contents of a custom role will be updated as the Cloud upgrades. Notice that you need to manually configure the additional permissions after the upgrade.

The role page includes two tab pages: system role and custom role. Specifically, the system role includes the following:
  • Dashboard role:
    After you bind the dashboard role, the dashboard user can only have the permission of the monitoring dashboard. Once you log in to the Cloud, you will go to the dashboard page.
    • The dashboard user does not have the user home page. This user cannot change the password by its own. Notice that only the admin, platform admin, or regular platform user can change the password for the dashboard user.
    • The default language and the theme of the dashboard are consistent with the current configurations of the Cloud. Notice that only the admin, platform admin, or regular platform user can change these configurations for the dashboard user.
    • After the dashboard user logs in to the Cloud, closing the Web browser will still keep the user logging in. If the user wants to log out, access http://management node_ip:port/#/login and then perform the logout operation, such as http://172.20.11.50:5000/#/login.
  • Platform admin role:
    After you bind the platform admin role, the platform admin can act as the platform administrator. The platform admin has the zone attribute, and manipulates the data center of the zone that is allocated to the platform admin.
    • The newly created platform admin defaults to manipulate all zones before zones are allocated.
    • After one or more zones are assigned to the platform admin, this platform admin can only manipulate the assigned zones.
    • One platform admin can manipulate multiple zones while one zone can be manipulated by multiple platform admins.
    • The platform admin needs to log in to the Cloud via Project Login.
  • Project admin role:

    After you bind the project admin role, the project admin can act as the project administrator. The same project can only be assigned to one project admin. Notice that the project admin role can be changed.

  • Project operator role:

    After you bind the project operator role, the project operator can act as the project manager who can assist the project admin to manage projects. One or more project members can act as the project operator within the same project.

Role Operations

An admin, platform admin, or regular platform user can perform the following operations for a role:
  • Bind user: Bind a role to a user. By doing so, the user can own permissions of the related operations.
  • Unbind user: Unbind the user from a role. By doing so, the related permissions owned by the user will be removed.
  • Clone: Clone the role.
  • Delete: Delete the role.
    Note:
    • Exercise caution. After you delete a role, the related user will automatically unbind this role, which will affect directly the normal usage of the related project members.
    • The system role cannot be deleted.

Notice

  • A role has two types: platform and project. The platform role can only be bound to the platform user, while the project role can only be bound to the project member of the project where the project role belongs.
    • The same user can only be bound to one type of role.
    • The same user can be bound to multiple same types of custom role.
    • The project member can only be bound to the custom role of the project where the project member belongs.
  • The role is a collection of permissions base on resources. Dependencies exist among different types of role. We recommend that you use the predefined system role in the Cloud or select all roles.
  • To remove roles, note the following:
    • After a role is removed, the user that binds this role can no longer own the related permissions.
    • Exercise caution. Dependencies exist among different types of role.



Products

Solutions

Help & Support

Contact Us

© 2023, Shanghai Yunzhou Information and Technology Ltd (云轴科技). All Rights Reserved.

Back to Top

Download

Already filled the basic info?Click here.

Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

An email with a verification code will be sent to you. Make sure the address you provided is valid and correct.

Download

Not filled the basic info yet? Click here.

Invalid email address or mobile number.

Email Us

contact@zstack.io
ZStack Training and Certification
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

Email Us

contact@zstack.io
Request Trial
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

Email Us

contact@zstack.io

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder. After receiving the email, click the URL to download the documentation.

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder.
Or click on the URL below. (For Internet Explorer, right-click the URL and save it.)

Thank you for using ZStack products and services.

Submit successfully.

We'll connect soon.

Thank you for using ZStack products and services.