Skip to content

Tenant#

Configuring Proxy

Using a Proxy grants the ability to use 1 IP address for multiple Tenant environments by mapping FQDN hostnames. This bypasses the need to have 1 IP address per tenant and helps to preserve ipv4 addresses.

Enabling Proxy

  1. From the external network used to access tenant environments: - Select Edit in the left menu. - Enable Proxy. - In most cases, the Proxy Listen Address field can be left blank. This will default to 0.0.0.0, meaning it will listen on all addresses.

For VergeOS verions 4.12.6 and older

'Bind DNS' will need to be temporarily enabled if it is not already in use on the network. This will expose the IP Alias selection in the UI (step 2).

  • Submit the settings but DO NOT RESTART THE NETWORK OR APPLY RULES YET!
  1. From the same external network: - Select IP Addresses in the left menu. - Edit or create an IP Address, setting the Type to IP Alias. - Submit. - Set the external network DNS back to the original setting (Prior to Version 4.12.4). - Select Rules. - Create a new rule that looks like the following image:

proxy_accept_rule.png

  • Restart the network and apply the rules.
  • Test the rule by opening a browser tab and navigating to the URL using the IP Alias address assigned in the previous step. If it works properly, the UI login page will open on the IP Alias address.

Creating a New Tenant with Proxy

  1. Create an A Record for the new tenant in your domain registrar to point to the assigned IP Alias.
  2. Create a new tenant: - Enter all desired settings, leaving the URL blank.
  3. In the UI Management tab of the tenant creation page, select Create a new FQDN.
  4. In the Proxy Tenant Config page: - Select the network the proxy service is running on. - Select the tenant name. - Enter the FQDN of the tenant (the A Record created in step 1). - Submit.
  5. Select Skip at the bottom of the UI Management page to avoid assigning an IP directly to the tenant.

A tenant cannot have a UI IP address AND a proxied FQDN.

  1. In the new tenant dashboard, select Apply Proxy in the highlighted warning.

apply_proxy.png

  1. Start the tenant and navigate to its URL in a browser tab to log in.

Editing an Existing Tenant to use Proxy

  1. Create an A Record for the tenant in your domain registrar to point to the assigned IP Alias (if one does not already exist).
  2. From the tenant dashboard, select Edit in the left menu: - In the UI Address field, select None.
  3. Navigate to the network running the proxy service: - Select Proxy in the left menu.
  4. From the Proxy Dashboard: - Select View Tenants. - Select New.
  5. In the Proxy Tenant Config page: - Select the network the proxy service is running on. - Select the tenant name. - Enter the FQDN of the tenant (the A Record created in step 1).
  6. Navigate to the tenant dashboard and select Apply Proxy in the highlighted warning.

apply_proxy.png

  1. Select the tenant network (highlighted) from the tenant dashboard.

tenant_apply_rules.png

  1. Select Apply Rules in the highlighted warning.

tenant_rules_highlighted.png

  1. Test access to the tenant by navigating to its URL in a browser tab.

Document Information

  • Last Updated: 2024-08-29
  • vergeOS Version: 4.12.6

Virtual Wire Setup and Use

A virtual wire provides a tenant the ability to access a VLAN outside the VergeOS environment without going through routing steps.

Prerequisite Steps

  1. Add the desired VLAN(s) to the appropriate switch ports so they are accessible to the nodes running the VergeOS environment.
  2. Determine whether the tenant will need access to a single VLAN or multiple VLANs. This will determine the virtual wire configuration.

Warning

VLANs 1 & 100-102 cannot be used in a virtual wire capacity. These VLANs are reserved for internal traffic. They can, however, be remapped to another VLAN for tenant consumption.

Info

If a tenant requires access to more than 1 or 2 VLANs, it is recommended to configure the virtual wire in Trunk Mode.

Creating a 1:1 Virtual Wire

  1. Ensure the VLAN(s) have been created in the VergeOS UI. If not, follow the steps to create VLAN(s) here.
  2. From the Main Dashboard, select Networks in the left menu to open the Networks Dashboard.
  3. Select Virtual Wires in the left menu to view all virtual wires in the environment.
  4. Select New to create a new virtual wire.
  5. Enter the following settings: virtual-wire-create-settings.png

Info

  • The Network dropdown will list all networks inside the environment. Choose the network with the corresponding VLAN to pass into the tenant.
  • The Destination Wire dropdown will automatically select Empty List if no unconnected virtual wires are detected.
  • Leave the PVID field set to 1.
  1. Submit your changes and return to the virtual wires list view.
  2. Select New to create the second half of the virtual wire.
  3. Enter the following settings: virtual-wire-create-settings-tenant.png

Info

  • In the Network dropdown, select the tenant network that the VLAN will be passed to, typically named tenant_'$TENANTNAME'.
  • The Destination Wire dropdown will automatically select the other half of the virtual wire created earlier.
  • Change the PVID field to the actual VLAN ID of the network being attached.
  1. Submit your changes.
  2. Navigate to the Networks Dashboard, select Networks, and apply the rules for the networks connected by the virtual wires.

Creating a Trunk Mode Virtual Wire

Warning

To use Trunk Mode Virtual Wires, the corresponding "Physical Network" (tied to node NICs) must be set to bridge mode.

Warning

If the external network is in a VLAN and the physical NIC that the external network references is in bridge mode, trunking a virtual wire from the bridge will not work.

Setting a Physical Network to Bridge Mode

  1. Navigate to Networks in the left menu to access the Networks Dashboard.
  2. Select Networks again to view all networks in the environment.
  3. Double-click the Physical Network (NIC) that the VLANs are trunked to on the physical switch. !!! info A "Physical Network" typically has "Switch" appended and represents a physical NIC on a node.
  4. Select Edit to enter the network configuration page.
  5. In the configuration page, enable Physical Bridged to activate Bridge Mode. network-bridge-mode.png

The "On Power Loss" setting can remain as Last State or Power On.

  1. Submit your changes.
  2. Reboot the necessary nodes for Bridge Mode to become active.

Configuring a Trunk Mode Virtual Wire

  1. Ensure the "Physical Network" is set to Bridged Mode and is powered on.
  2. From the Main Dashboard, select Networks and then Virtual Wires.
  3. Select New to create the first half of the virtual wire.
  4. Enter the following settings: vw-trunk-host.png

Info

  • Select the corresponding Physical Network in the Network dropdown.
  • Set the PVID field to 0.
  • Enter the allowed VLANs in the Allowed VLAN List, comma-delimited and with ranges as necessary.
  1. Submit your configuration.
  2. Select New to create the second half of the virtual wire.
  3. Enter the following settings: vw-trunk-tenant.png

Info

  • Select the tenant network in the Network dropdown.
  • Set the PVID field to 0.
  • Enter the allowed VLANs in the Allowed VLAN List.
  1. Submit your changes.
  2. Apply the rules for the connected networks as described above.

Adding VLANs Inside the Tenant

  1. Navigate to the tenant UI and log in.
  2. From the Main Dashboard, navigate to Networks, then select New External.
  3. Enter the following settings: virtual-wire-network-in-tenant.png

For the interface network, select Physical.

  1. Submit your configuration.
  2. Attach workloads to the network for Layer 2 access to networks outside of Verge.io.

Troubleshooting Steps

Traffic is not reaching the virtual machine

  • Confirm firewall rules related to the virtual wire have been applied.
  • Verify the destination tenant network and VLAN network are in the "Running" state and reside on the same physical node.
  • Ensure VLANs are trunked to the correct physical node ports.

Document Information

  • Last Updated: 2024-09-03
  • VergeOS Version: 4.12.6

Allow Root to Tenant Site Connection

Overview

Important

Adding this rule will allow tenants to connect on the DMZ network. By default, this is disabled for security reasons.

This guide provides instructions on how to connect a root system to a tenant site in VergeOS. The Sites feature is typically used to connect two VergeOS sites together, but to extend this functionality to a tenant site, you’ll need to add a specific rule on the root system's External network.

Prerequisites

  • Access to the Root system with administrative privileges.
  • A basic understanding of network rules and DMZ interfaces in VergeOS.

Steps

  1. Access External Networks - In the Root system, navigate to Networks and then External Networks. - Double-click on the External network.

  2. Add the Rule - In the left menu, click on Rules. - Before adding a new rule, ensure it doesn’t already exist. - Click New in the left menu. - Enter the following details:

    • Name: Enter a descriptive name such as "Allow Tenant to Root".
    • Action: Translate.
    • Protocol: ANY.
    • Direction: Outgoing.
    • Interface: DMZ.
    • Source: Other Network Address (DMZ).
    • Destination: Any/None.
    • Target: My Router IP.

Rule Configuration

  1. Submit and Apply - Click Submit. - In the left menu or at the top, click Apply Rules to activate the new rule.

After the rule is applied, the root system should now be able to connect to the tenant site.

Testing the Rule

To verify that the rule works, follow these steps:

  1. From the Home screen, click System in the left menu.
  2. Click on Nodes in the left menu.
  3. Double-click on Node1 or select Node1 and click View.
  4. In the left menu, click on Diagnostics.
  5. Change the Query to TCP Connection Test.
  6. Set Host to the UI IP/Host of the tenant system.
  7. Set Port to 443.
  8. Click Send.

Diagnostics

The Response should say Connection successful. If the connection fails, review the rule to ensure accuracy, particularly ensuring that the Interface is set to DMZ rather than Auto.

Troubleshooting

Common Issues

  • Issue: Connection test fails.
  • Solution: Double-check that the rule is configured correctly, especially the interface settings. Also, ensure there are no blocking rules that could prevent the connection.

Additional Resources

Feedback

Need Help?

If you encounter any issues while setting up the root-to-tenant site connection, or have any questions, feel free to contact our support team.

Document Information

  • Last Updated: 2023-09-12
  • VergeOS Version: 4.12.6
  • in Tenant
  • 1 min read

Viewing Tenant Consumption Statistics

This information may not pertain to your particular pricing model. Consult your sales representative for more information.

Tenant Consumption Statistics:

  • Navigate to Tenants Dashboard
  • Browse for your tenant, click View
  • Click on History in the left menu
  • Choose your month/year and click Apply
  • Scroll down to the bottom.

consumptionstats-image_(14).png

RAM Consumption: Total RAM Allocated 95th percentile
Storage Consumption: Tier X (Provisioned) - add up all tiers at the 95th percentile

For RAM, tenants consume everything that they are allocated. If the tenant is not using all the RAM that it is allocated, reduce the RAM allocated amount to lower overall consumption.

Document Information

  • Last Updated: 2024-09-03
  • VergeOS Version: 4.12.6
  • in Tenant, VM
  • 2 min read

How to Share a VM into a Tenant

VergeOS provides an easy way to share a virtual machine (VM) image from a parent environment into a tenant located beneath the current environment. Follow these steps to accomplish the task:

Steps to Share a VM

  1. Navigate to the VM Dashboard: - Go to the VM dashboard of the VM you want to move into a tenant.

  2. Gracefully Power Down the VM: - It is best practice to gracefully power down the VM using the guest operating system's best practices before moving it.

  3. Take a Snapshot: - In the VM dashboard, expand Snapshots in the left navigation menu to access the snapshot commands. - Click Take Snapshot to launch the Machine Snapshot creation screen.

  4. Complete the Snapshot Creation: - At the Machine Snapshot creation screen, fill in the required fields:

    • Machine: The virtual machine you are moving.
    • Name: Provide a unique name for the snapshot.
    • Expiration Date: Set the date/time when the snapshot will automatically be deleted.
    • Click Submit to create the snapshot.

  5. Share the VM Snapshot: - After clicking Submit, you will be taken to the dashboard of the newly created snapshot. - From this view, click on Share VM in the left navigation menu to launch the Shared Objects creation screen.

  6. Create the Shared Object: - At the New Shared Objects creation screen, fill in the required fields:

    • Name: Name the snapshot of the VM something unique.
    • Type: Select Virtual Machine.
    • Snapshot: This should match the name provided during the snapshot creation.
    • Recipient: Select the tenant where you want to share the VM.
    • Click Submit to create the shared object.

  7. Access the Tenant Environment: - Using a web browser, navigate to the tenant environment where the snapshot object was shared. - Log in with the proper authentication credentials.

  8. Create a New Virtual Machine in the Tenant: - In the tenant environment, navigate to Machines > Virtual Machines, and click New to begin creating a new virtual machine.

  9. Import from Shared Objects: - At the New Virtual Machine creation screen, under Select Type, choose -- Import from Shared Objects --. - In the Selections Available section, select the shared object created earlier, then click Next.

  10. Complete the Virtual Machine Settings:

    • On the Virtual Machine Settings screen, complete the required fields:
    • Shared Objects: Select the shared object created earlier.
    • Click Submit to create the new virtual machine in the tenant.

---

Document Information

  • Last Updated: 2024-08-29
  • vergeOS Version: 4.12.6

Sharing Media Images to Tenants

Overview

Key Points

  • Service Providers can share files with Tenants
  • Files must already be uploaded to Media Images
  • Process is quick and uses a branch command

This article guides Service Providers through the process of sharing files, specifically media images, with their Tenants in the VergeOS system. This feature allows Tenants to access specific files within their own Media Images section.

Prerequisites

  • Access to the VergeOS system as a Service Provider
  • Files already uploaded to the vSAN
  • Existing Tenants in the system

Steps

  1. Navigate to the Tenants Dashboard - From the Main Dashboard, select "Tenants" on the left menu

  2. Access Tenant List - Select "Tenants" to view a listing of all your Tenants

  3. Select the Desired Tenant - Double click on the Tenant you want to share files with

  4. Access the Add File Feature - Select "Add File" in the left menu

  5. Choose File Type - Select File Type from the dropdown list

Tip

Select "ALL" to get a listing of all files available, regardless of type. This will include .raw files (VM disk images) from the parent VDC.

  1. Select Specific File - Choose the specific file you want to share from the dropdown list

  2. Submit Changes - Click the submit button at the bottom of the page

  3. Confirmation - The process is near-instant as it is done with a branch command - The file is now available to the Tenant within their own Media Images section

Troubleshooting

Common Issues

  • Problem: File not appearing in Tenant's Media Images section

  • Solution:

    1. Verify that the file was successfully uploaded to Media Images
    2. Check if the correct file type was selected
    3. Ensure that the changes were submitted properly

  • Problem: Unable to select a specific file

  • Solution:
    1. Confirm that the file exists in Media Images
    2. Try selecting "ALL" in the File Type dropdown to see if the file appears

Additional Resources

Feedback

Need Help?

If you encounter any issues while sharing media images or have questions about this process, please don't hesitate to contact our support team.

Document Information

  • Last Updated: 2023-08-24
  • VergeOS Version: 4.12.6
  • in Tenant
  • 1 min read

How to Reset a Tenant Administrative Password

If you need to change the administrative credentials for a tenant environment in your VergeOS system, follow these steps:

  1. Log in to the VergeOS environment where the tenant is hosted.
  2. Navigate to the Tenant Dashboard of the tenant for which you need to change the admin password.
  3. In the Tenant Dashboard, click the Edit button in the left navigation menu. This will open the Tenant Edit screen.
  4. In the Tenant Edit screen, type the new password in the Admin User Password field.
  5. Re-enter the password in the Confirm Admin User Password field.
  6. After entering the same password in both fields, click Submit. If the passwords do not match, an error message will appear.
  7. After successfully updating the admin password, open a web browser and navigate to the tenant environment where the password was changed.
  8. Log in as the admin. The username will be admin and the password will be the new password you saved in step 6.

Document Information

  • Last Updated: 2024-08-29
  • vergeOS Version: 4.12.6