`
`
`
`
`
`
`
`
`
`VMware vCloud® Architecture Toolkit™
`for Service Providers
`
`
`
`Public Cloud Service
`Definition
`
`
`Version 2.9
`
`January 2018
`
`
`
`
`
`Adrian Roberts
`
`
`
`WIZ, Inc. EXHIBIT - 1022
`WIZ, Inc. v. Orca Security LTD.
`
`

`

`Public Cloud Service Definition
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` ©
`
` 2018 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
`intellectual property laws. This product is covered by one or more patents listed at
`http://www.vmware.com/download/patents.html.
`
`VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other
`jurisdictions. All other marks and names mentioned herein may be trademarks of their respective
`companies.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`VMware, Inc.
`3401 Hillview Ave
`Palo Alto, CA 94304
`www.vmware.com
`
`
`
` 2 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`Contents
`
` Introduction ............................................................................................. 5
`
`1.1 VMware Powered Public Cloud Overview .......................................................................... 5
`
`1.2 Deployment Model .............................................................................................................. 6
`
`1.3 Service Model ..................................................................................................................... 7
`
`1.4 VMware Technology Mapping ............................................................................................ 8
`
`1.5 Service Characteristics ....................................................................................................... 9
`
`1.6 Service Development Methodology .................................................................................. 10
`
`1.7 Concepts and Terminology ............................................................................................... 11
`
`1.8 Target Markets .................................................................................................................. 12
`
` Service Definition Considerations ......................................................... 13
`
`2.1 Service Objectives ............................................................................................................ 13
`
`2.2 Use Cases ......................................................................................................................... 14
`
`2.3 User Management and Identities ...................................................................................... 16
`
`2.4 Metering and Service Reporting ....................................................................................... 19
`
`2.5 Security, Compliance, and Cyber Risk ............................................................................. 19
`
`2.6 Capacity Distribution and Allocation Models ..................................................................... 24
`
`2.7 Service Catalog ................................................................................................................. 26
`
`2.8 Service Continuity and Recoverability .............................................................................. 27
`
`2.9 Service Migration and Mobility .......................................................................................... 28
`
`2.10 Service Lifecycle .......................................................................................................... 29
`
`2.11
`
`Interoperability and Integration .................................................................................... 29
`
`2.12 Service Level Agreements ........................................................................................... 30
`
` VMware Powered Public Cloud Service Examples ............................... 31
`
`3.1 Virtual Private Cloud On-Demand Offering ....................................................................... 31
`
`
`
`
`
`
`
` 3 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`List of Figures
`
`Figure 1. Deployment Models ....................................................................................................................... 7
`
`Figure 2. Service Models .............................................................................................................................. 8
`
`Figure 3. Technology Mapping ..................................................................................................................... 9
`
`Figure 4. Service Characteristics ................................................................................................................ 10
`
`Figure 5. Example Service Lifecycle ........................................................................................................... 29
`
`
`
`List of Tables
`
`Table 1. Example: Use Case 1 ................................................................................................................... 14
`
`Table 2. Example: Use Case 2 ................................................................................................................... 14
`
`Table 3. Example: Use Case 3 ................................................................................................................... 15
`
`Table 4. Example: Use Case 4 ................................................................................................................... 15
`
`Table 5. Example: Use Case 5 ................................................................................................................... 16
`
`Table 6. Workload Virtual Machine Sizing and Cost Examples .................................................................. 19
`
`Table 7. Example Definition of Resource Pool and Virtual Machine Split .................................................. 25
`
`Table 8. Workload Virtual Machine Sizing and Utilization Examples.......................................................... 25
`
`Table 9. Service and Application Catalog Example .................................................................................... 26
`
`Table 10. Resource Allocation Settings Example – VPC On-Demand Service Offering ............................ 31
`
`Table 11. VPC On-Demand Service Offering Catalog Example ................................................................. 32
`
`Table 12. vCloud Director Event Triggers and States ................................................................................ 33
`
`
`
`
`
`
`
` 4 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`Introduction
`
`The VMware Cloud Provider™ Program is a global network of approximately 4,000 service providers who
`have built their cloud and hosting services on VMware software. These service providers deliver world-
`class cloud and hosting services to their customers across the globe, offering value-add and differentiated
`services that support a wide choice of compliance requirements, performance, scale, market coverage,
`functional features, and so on. In this way, service providers give existing and new VMware enterprise
`customers many options when they choose to build out their unified hybrid cloud strategy.
`
`The VMware vCloud® Architecture Toolkit™ for Service Providers supplies architectural guidance on how
`to build VMware based cloud platforms based on real world service models, implementation examples,
`use cases, and customer requirements.
`
`This document enables service providers to define their cloud service, understand what use cases they
`want to support, and what services they want to take to market. From this document, the desired
`architecture can be positioned to build a VMware Powered Public Cloud service to offer infrastructure as
`a service (IaaS), platform as a service (PaaS), or software as a service (SaaS) to their customers.
`
`This document is intended for those involved in planning, defining, designing, and providing public cloud
`services to consumers. The intended audience includes the following roles:
`
`• Service Providers of VMware powered cloud services.
`
`• Architects and planners responsible for driving architecture-level decisions.
`
`• Technical decision makers who have business requirements that need IT support.
`
`• Consultants, partners, and IT personnel who need to know how to create a service definition for their
`VMware powered cloud services.
`
`1.1 VMware Powered Public Cloud Overview
`
`VMware Powered Public Cloud platforms are built on the same core technology that drives the VMware
`public cloud—VMware vCloud Air™. This enables the provider to offer their customers complete, secure
`multi-tenancy with unparalleled efficiency, security, performance, and scalability expected by cloud
`consumers.
`
`A VMware Powered Public Cloud Is typically built with the following core principles:
`
`• The cloud service must be built with VMware vSphere® and VMware vCloud Director® at its core.
`
`• The vCloud APIs must be exposed to the cloud tenants.
`
`• Cloud tenants must be able to upload and download virtual workloads packaged with the Open
`Virtualization Format (OVF) version 1.0.
`
`Cloud providers can also obtain a certification badge which validates their implementation against a
`number of standards. For more information, go to http://vcloudproviders.vmware.com.
`
`
`
`
`
` 5 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`1.2 Deployment Model
`
`Service providers typically have three different cloud deployment models that they can offer to their
`customers:
`
`• Hosting (managed or unmanaged) – VMware Cloud Provider Program Powered Hosting Services
`offer all the benefits of a dedicated software-defined data center and are engineered on VMware
`vSphere to be fully compatible with customers’ on-premises vSphere environments. This offers a
`unified hybrid cloud experience with the same advantages of improved availability, recoverability,
`performance and scalability to run your business critical applications with confidence. The hosting
`solution can either be managed by the provider or self-managed.
`
`• Private Cloud (managed or unmanaged) – VMware Cloud Provider Program Powered Private Cloud
`Services are engineered on VMware vRealize® Suite, and is fully compatible with customers’ on-
`premises vSphere environments. This provides a unified hybrid cloud experience and dedicated
`software-defined data centers, offering the required self-service consumption, availability,
`performance, and scalability to run your business critical applications in the cloud. The private cloud
`solution can either be managed by the provider or self-managed.
`
`• Public Cloud – VMware Cloud Provider Program Powered Public Cloud Services are engineered on
`VMware vCloud Suite® with vSphere and VMware vCloud Director at the core. This unique
`combination provides complete multi-level security and a multi-tenant architecture that reduces
`complexity and supports policy implementation that can be consistent with your internal data center
`and vCloud Air, offering a unified hybrid cloud experience to the consumers.
`
`All three models can be complimented with associated management services. The service provider can
`offer managed services on top of their core IaaS, PaaS, or SaaS offerings, such as:
`
`• Professional services (managed creation)
`
`• Patching
`
`• SLAs
`
`• Recoverability options
`
`• Monitoring capabilities
`
`This service definition focuses on the public cloud deployment model as shown in the following figure.
`
`
`
`
`
` 6 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`Figure 1. Deployment Models
`
`
`
`
`
`1.3 Service Model
`
`Based on the hybrid model above, public cloud service can offer a multitude of services to customers.
`Typically, services can fall under one of three service models. VMware defines these service layers as:
`
`•
`
`Infrastructure as a Service (IaaS) – Infrastructure containers are presented to consumers to provide
`agility, automation, and delivery of components.
`
`• Software as a Service (SaaS) – Business-focused services are presented directly to the consumer
`from a service catalog.
`
`• Platform as a Service (PaaS) – Technology-focused services are presented for application
`development and deployment to application developers from a service catalog.
`
`This service definition primarily focuses on Infrastructure as a Service. A service provider can, however,
`include additional “as a Service” offerings on top of the core cloud platform.
`
` 7 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`Management Services
`
`Hosting
`
`Private
`Cloud
`
`Public
`Cloud
`
`Hybrid Cloud
`
`Customer
`
`Customer
`
`Customer
`
`

`

`Public Cloud Service Definition
`
`Figure 2. Service Models
`
`
`
`1.4 VMware Technology Mapping
`
`The following list highlights the recommended VMware products required to build and operate a VMware
`powered public cloud platform:
`
`
`
`•
`
`vSphere
`
`• VMware vSAN™
`
`• VMware NSX® for vSphere
`
`• VMware vRealize Orchestrator™
`
`•
`
`vCloud Director for Service Providers
`
`• Custom portal or third-party
`
`• VMware vRealize Operations Manager™
`
`• VMware vRealize Log Insight™
`
`• VMware vRealize Business™
`
`• VMware Site Recovery Manager™
`
`• VMware vCloud Connector®
`
`Although this list is the recommended solution stack, some of the components are optional. For example,
`vSAN is not required and can be substituted by a traditional FC, ISCSI, or NFS-based storage array.
`
` 8 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`Infrastructure as a
`Service (IaaS)
`
`Platform as a Service
`(PaaS)
`
`Software as a Service
`(SaaS)
`
`

`

`Public Cloud Service Definition
`
`Figure 3. Technology Mapping
`
`
`
`
`
`VMware vCloud Director for Service Providers 8.0 and forward requires vRealize Business for
`chargeback/showback functionality. Pre-8.0 releases of vCloud Director for Service Providers can
`leverage VMware vCenter® Chargeback Manager™.
`
`1.5 Service Characteristics
`
`The NIST defines the following essential cloud service characteristics:
`
`• Broad network access – Capabilities are available over the network and accessed through standard
`mechanisms that promote use by heterogeneous thin-client or thick-client platforms.
`
`• Rapid elasticity – Capabilities can be provisioned to scale out quickly and to be released rapidly, in
`some cases, automatically. Rapid elasticity enables resources to both scale out and scale in quickly.
`To the consumer, the capabilities available for provisioning often appear to be unlimited and can be
`purchased in any quantity at any time.
`
`• Measured service – Cloud systems automatically control and optimize resource usage by leveraging
`a metering capability at a level of abstraction appropriate to the type of service. Resource usage can
`be monitored, controlled, and reported, providing transparency for both the provider and the
`consumer of the utilized service.
`
`• On-demand self-service – A consumer can unilaterally automatically provision computing capabilities
`as needed without requiring human interaction with each service’s provider.
`
`• Resource pooling – The provider’s computing resources are pooled to serve multiple consumers,
`using a multi-tenant model with different physical and virtual resources dynamically assigned and
`reassigned according to consumer demand. A sense of location independence results because the
`subscriber generally has no knowledge of or control over the exact location of the provided resources,
`but the subscriber might be able to specify location at a higher level of abstraction.
`
` 9 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`The following figure shows the relationships among service characteristics.
`
`Figure 4. Service Characteristics
`
`
`
`
`
`To deliver business solutions using VMware public cloud services, the cloud infrastructure must have the
`following additional essential characteristics:
`
`• Standardized – Homogeneous infrastructure delivered as software services across pools of standard
`x86 hardware. Homogeneity eliminates unnecessary complexity caused by operating system silos
`and the redundant tools and skill sets associated with them. It also eliminates costly, special-purpose
`hardware and enables a single, scalable approach to backup and recovery.
`
`• Holistic – A platform optimized for the entire data center fabric, providing comprehensive
`infrastructure services capable of supporting any and all applications. A holistic infrastructure can
`support any workload, with complete flexibility to balance the collective application demands,
`eliminating the need for diverse technology stacks.
`
`• Adaptive – Infrastructure services are provided on demand, unconstrained by physical topology and
`dynamically adapting to application scale and location. The infrastructure platform configures and
`reconfigures the environment dynamically, based on collective application workload demands,
`enabling maximum throughput, agility, and efficiency.
`
`• Automated – Built-in intelligence automates provisioning, placement, configuration, and control,
`based on defined policies. Intelligent infrastructure eliminates complex, brittle management scripts.
`Less manual intervention equates to scalability, speed, and cost savings. Intelligence in the
`infrastructure supports cloud scale operations.
`
`• Resilient – A software-based architecture and approach compensates for failing hardware, providing
`failover, redundancy, and fault tolerance to critical operations. Intelligent automation provides
`resiliency without the need for manual intervention.
`
`1.6 Service Development Methodology
`
`The best practices approach for defining and designing VMware public cloud service:
`
`•
`
`Involves all necessary stakeholders.
`
`• Documents business drivers and requirements that can be translated into appropriate service
`definitions.
`
`• Takes a holistic view of the entire service environment and lifecycle, including:
`
`o Setup, which includes definition and design
`
`o Request and approval
`
`o Provisioning
`
`o Consumption
`
` 10 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`Broad Network
`Access
`
`Rapid
`Elasticity
`
`Measured Service
`
`On-Demand
`Self-Service
`
`Resource Pooling
`
`

`

`Public Cloud Service Definition
`
`o Management and operations
`
`o Transition and termination
`
`There must be a conscious awareness of what consumers and the provider of the service experience
`at each stage of the service lifecycle to create the necessary service definition elements for the
`consumer-facing service level agreement (SLA) and internal-facing operational level agreement
`(OLA) criteria.
`
`• Defines the service scenarios and use cases.
`
`• Understands the service’s components, interactions, and sequences of interrelated actions.
`
`• Defines the users and roles involved with or interacting with the services so that the services created
`are user-centric.
`
`• Defines the SLA for the services and service components in the following areas:
`
`o
`
`Infrastructure
`
`o Application / VMware vSphere vApp™
`
`o Platform
`
`o Software
`
`o Business
`
`• Defines service quality for these areas:
`
`o Performance
`
`o Availability
`
`o Continuity
`
`o Scalability
`
`o Manageability
`
`o Security
`
`o Compliance
`
`o Cost and pricing
`
`• Defines the business service catalog and supporting IT service catalog.
`
`1.7 Concepts and Terminology
`
`Key service terms and concepts are defined as follows:
`
`• Service – A means of delivering value to consumers by facilitating outcomes that they want to
`achieve, without the ownership of specific costs or risks.
`
`• VMware Powered Public Cloud – A model for enabling ubiquitous, convenient, on-demand network
`access to a shared pool of configurable resources that can be provisioned rapidly and released with
`minimal management effort.
`
`• Cloud service provider (or provider) – An entity that provides VMware Powered Public Cloud services
`to consumers.
`
`• Consumer or customer – Someone who consumes VMware Powered Public Cloud services and
`defines or agrees to service-level targets.
`
`• Service-level target – A commitment that is documented in a service level agreement. Service-level
`targets are based on service-level requirements and verify that the cloud service design is fit for its
`
` 11 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`purpose. Service-level targets must be SMART (Specific, Measurable, Actionable, Realistic, Time-
`bound) and are usually based on key performance indicators (KPIs).
`
`• Service level agreement (SLA) – An agreement between a service consumer and the service provider
`that measures the quality and performance of the available services. The SLA is the entire agreement
`that specifies what service is to be provided, how it is supported, time, locations, cost, performance,
`and responsibilities of the parties involved.
`
`• Service level objective (SLO) – A negotiated document that defines the service to be delivered to the
`consumer, with one or more KPIs. It provides a clear understanding of the nature of the service being
`offered, focusing on the contribution of the service to the business value chain. SLOs are specific,
`measurable characteristics of the SLA, such as availability, throughput, frequency, response time, or
`quality.
`
`• Operational level agreement (OLA) – An agreement internal to the service provider that details the
`interdependent relationships among the internal support groups of an organization working to support
`an SLA.
`
`•
`
`vCloud Suite – The suite of VMware technologies that provides the solution for cloud computing.
`
`• VMware vRealize Suite – The suite of VMware cloud management technologies that support the
`VMware Powered Public Cloud implementation model.
`
`1.8 Target Markets
`
`VMware Powered Public Cloud services are designed to provide enterprise-grade unified hybrid cloud
`capabilities to the provider’s customers, offering seamless extension of on-premises data center services
`to the cloud, business mobility options, and support for many different application architectures ranging
`from hybrid applications, development applications, and cloud native applications to Tier 1 business
`critical applications. This offers the customer the correct balance of on-demand agility with all the
`availability, business continuity, security, performance, and scalability that they have come to expect with
`VMware products.
`
`
` 12 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`Service Definition Considerations
`
`Service definition is an important aspect of service design and management. It enables both the
`consumer and the service provider to know what to expect (or not to expect) from a service. Clearly
`defined services help customers understand the scope, limitations, and cost of service offerings.
`
`Take into account the following considerations when developing a service definition. These
`considerations are common to both private and public service definitions unless otherwise noted.
`
`• Service objectives
`
`• Use cases
`
`• User roles that interact with the service
`
`• Consumption model
`
`• Service metering, reporting, and pricing
`
`• Service offering details (infrastructure, applications)
`
`• Other features that vary by offering type (backup, type of storage, availability, performance,
`continuity)
`
`2.1 Service Objectives
`
`Understanding the service objectives is an essential first step to creating a service definition. Service
`objectives must address the specific business challenges. The following are examples of service
`objectives for public cloud services:
`
`• Deliver a fully operational public cloud infrastructure.
`
`• Provide secure multi-tenancy for public cloud infrastructure consumers.
`
`• Provide compliance controls and transparency for the service.
`
`• Maintain IT control of access to the system and resources.
`
`• Provide differentiated tiers of scale to align with business needs.
`
`• Allow for metering of the service for cost distribution.
`
`• Establish a catalog of common infrastructure and application building blocks.
`
`• Provide the following service offerings:
`
`o Virtual private cloud on-demand (pay for resources used)
`
`o Virtual private cloud (allocated resources)
`
`o Dedicated (reserved resources)
`
`• Support a minimum of 1,500 virtual machines across the three service offerings with a plan to grow to
`a minimum of 5,000 virtual machines.
`
`• Provide workload mobility between private and public cloud environments, enabling consumers to
`import and export workloads easily.
`
`• Provide upstream network connectivity for applications with upstream dependencies.
`
`• Provide an isolated network for applications that must be isolated.
`
`• Provide open, interoperable, and Internet-standard protocols for consuming cloud resources.
`
`• Provide workload redundancy and data protection options.
`
` 13 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`2.2 Use Cases
`
`The use cases in the following tables represent business problems (some general and some industry-
`specific) that can be addressed with VMware Cloud Provider Program services and represented by a
`service definition.
`
`Table 1. Example: Use Case 1
`
`Use Case UC_01
`
`
`
`Name
`
`Business continuity and disaster recovery.
`
`Problem Statement
`
`The need to protect existing business services, processes, and
`applications in the event of a disaster.
`
`Description
`
`Business continuity and disaster recovery of business services,
`processes, and applications.
`
`Requirements/Goal
`
`• Protect virtualized infrastructure.
`
`• Protect applications.
`
`• Allow continuity of business processes in event of a disaster,
`
`Risks
`
`• Loss of business capability in the event of a disaster.
`
`• Lack of compliance with disaster recovery mandates.
`
`
`
`Table 2. Example: Use Case 2
`
`Use Case UC_02
`
`
`
`Name
`
`Increase business capacity and scale rapidly.
`
`Problem Statement
`
`The business is unable to scale up its operation because IT cannot scale
`up capacity rapidly to support the business.
`
`Description
`
`IT needs to be able to scale proactively to support seasonal and periodic
`business demand.
`
`Requirements/Goal
`
`• Give consumers access to scale capacity on-demand.
`
`• Enable IT to scale up, down, in, or out to support business demand.
`
`• Scale within a short cycle of days in order to meet projected
`demand.
`
`• Scale to off-premises capacity.
`
`Risks
`
`• Lost revenue due to lack of capacity.
`
`• Lost customers from underperforming business services.
`
`
`
`
`
` 14 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`Table 3. Example: Use Case 3
`
`Use Case UC_03
`
`
`
`Name
`
`Rapid provisioning of development and test services.
`
`Problem Statement
`
`The business cannot develop new products and services rapidly
`because IT takes too long to provision the development and test
`infrastructure.
`
`Description
`
`IT needs to be able to provide on-demand self-service provisioning of
`the development and test infrastructure to support the business to
`rapidly develop new products and services.
`
`Requirements/Goal
`
`• Give developers and test users access to a catalog of IT
`infrastructure services that they can rapidly provision and use.
`
`• Provide self-service provisioning, with necessary approvals.
`
`• Reduce time-to-market for products and services.
`
`Products and services are late to market, resulting in loss of customers
`and market share.
`
`Risks
`
`
`
`Table 4. Example: Use Case 4
`
`Use Case UC_04
`
`
`
`Name
`
`Security and compliance assurance.
`
`Problem Statement
`
`The business is concerned about putting crucial financial applications
`and data on public cloud services.
`
`Description
`
`IT must be able to provide secure business services for financial
`applications and data, have controlled access, and be separated from
`other users of the cloud services.
`
`Requirements/Goal
`
`• Provide compliance controls and transparency for the service.
`
`• Provide network isolation for applications that must be isolated.
`
`Risks
`
`Security and compliance breach.
`
`
`
`
`
`
`
` 15 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`Table 5. Example: Use Case 5
`
`Use Case UC_05
`
`
`
`Name
`
`Business market launch.
`
`Problem Statement
`
`The business has insufficient resources and capacity to respond rapidly to
`marketplace needs, including seasonal events, although new opportunities
`have been identified.
`
`Description
`
`IT must be able to move at the speed of the business by rapidly providing the
`necessary infrastructure and services so that new applications, products, and
`services can be launched rapidly.
`
`Requirements/Goal Provide rapid service provisioning to support product and service launch.
`
`Give consumers access to a catalog of IT infrastructure services that they can
`rapidly provision and use.
`
`Risks
`
`Products and services are late to market, resulting in loss of customers and
`market share.
`
`Lost opportunity cost.
`
`
`
`2.3 User Management and Identities
`
`There are several built-in administration and user roles that can be associated with users or groups of
`users within vCloud Director for Service Providers. This is important because the architect must verify that
`appropriate user roles are associated with the correct users so that they can perform their business tasks.
`
`This section discusses the different identity sources, user types, authentication controls, roles, and rights
`present in vCloud Director for Service Providers. An understanding of this information is required to
`properly secure the system and provide the correct access to the appropriate people.
`
`2.3.1 About Users, Groups, Roles, and Rights
`A user is a member of a single Organization or is a provider user. Users are assigned a role, and a role is
`assigned a set of rights. Users can be local users (only stored in the Oracle database) or LDAPv3 users
`imported into the database. Users can also be members of one or more groups imported from an LDAPv3
`directory, potentially assigning an additional role for each group of which they are a member.
`
`No unauthenticated user is allowed to access any vCloud Director for Service Providers functionality,
`whether the access is through the vCloud API or the Web UI. Thus, all individuals that you want to access
`vCloud Director for Service Providers must be imported from LDAP, be members of LDAP groups you
`import into the system, or be managed by an Identity Provider (IdP). Each user authenticates using a user
`name and password. No other authentication methods are supported in this release of vCloud Director for
`Service Providers. It may be possible to proxy or layer a stronger authentication method in front of the
`vCloud API and the Web UI, but these configurations have not been tested by VMware and are not
`supported.
`
`Groups are not created in vCloud Director for Service Providers. Instead, they are imported from the
`LDAPv3 directory associated with the system (provider) level or Organization. Groups allow users to
`authenticate to VMware vCloud Director for Service Providers without the need to create users in the
`database or manually import them from the Directory (LDAPv3) server. Instead, users can log in if they
`are a member of a group already imported from the Directory (LDAPv3) server. A user that is a member
`of multiple groups is assigned all the roles assigned to those groups.
`
` 16 | VMware vCloud® Architecture Toolkit™ for Service Providers
`
`

`

`Public Cloud Service Definition
`
`Roles are groupings of rights that provide capabilities for the user assigned that role. The predefined roles
`are described in the “Roles and Rights” chapter of the VMware vCloud Director Administrator’s Guide.
`The administrator’s guide identifies which rights are assigned to each role to help you choose the
`appropriate role for each type of user.
`
`For example, the vApp user role might be appropriate for an administrator that needs to power on and off
`virtual machines, but if they also need to edit the amount of memory assigned to a virtual machine, vApp
`Author would be a more appropriate role. These roles might not have the exact sets of rights relevant to
`your customers’ organizations, so you also have the ability to create custom roles. A description of what
`specific rights can be combined