cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clayton Weise <cwe...@iswest.net>
Subject RE: Cloudstack 4 - Accounts Isolation in a Domain
Date Wed, 23 Jan 2013 16:14:21 GMT
Asmita, you are correct unless you created a network that belongs to the domain and not the
account (which is not what CloudStack does by default).  In the case of an advanced zone,
each account would have their own isolated network and would not be able to see each other.
 In the case of a basic zone there is a network shared between ALL accounts in that zone.

Assuming you're doing advanced networking there is a way for two accounts to share resources
and that's through the use of projects.  If both accounts are in the same domain, you could
create a project which is shared by both accounts.  Any resources created within that project
are owned _by_ the project and so multiple accounts can share the same set of resources.

-----Original Message-----
From: Asmita Vagyani [mailto:Asmita.Vagyani@sigma-systems.com] 
Sent: Wednesday, January 23, 2013 5:17 AM
To: 'cloudstack-users@incubator.apache.org'; 'Nitin.Mehta@citrix.com'
Subject: Cloudstack 4 - Accounts Isolation in a Domain

Hi ,

I read in a blog : (Source - http://docs.cloudstack.org/index.php?title=CloudStack_Documentation/FAQ:_CloudStack/How_are_users%2C_accounts%2C_and_domains_handled_in_CloudStack%3F&action=source)
It says:

CloudStack platform users are assigned accounts. 
An account is typically a customer of the service provider or a department in a large organization.

Accounts are the unit of isolation in the cloud. Accounts are grouped by domains.
Domains usually contain accounts that have some logical relationship to each other and a set
of delegated administrators with some authority over the domain and its subdomains. 
For example, a service provider with several resellers could create a domain for each reseller.

My question is, 

In a domain D1, I have two accounts A1 and A2 in D1. 
Account A1 has a VM1 assigned and Account A2 has a VM2 assigned.
If the accounts are said to be in isolation ,then the VM1 used by account A1 and VM2  used
by account A2 will not be able to talk to each other?
Is my understanding correct?
Or is the communication between VM1 and VM2 possible since they in the same domain?
Please clarify.

Thanks and Regards.

Asmita Patil Vagyani.

-----Original Message-----
From: Nitin Mehta [mailto:Nitin.Mehta@citrix.com] 
Sent: 22 January 2013 PM 03:57
To: cloudstack-users@incubator.apache.org; Sailaja Mada
Subject: Re: Issue in Creating instance on Cloudstack 4

Key thing to understand is that the ownership of resources is tied to an account. Users are
mere synonyms for accessing the account resources. So any vm is also owned by an account and
not a user.
All the users of the account have visibility to the resources of the account.

Little more reading on
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Accounts,+Domains,+a
nd+Admin+explained

On 22/01/13 3:49 PM, "Asmita Vagyani" <Asmita.Vagyani@sigma-systems.com>
wrote:

>Hi all,
>
>I have a doubt.
>The functionality of my application is :
>There will be lots of companies approaching my application to create 
>VMs for its employees.
>
>I have created one account for one company on CS4.
>And the company can have many employees, so is my account having many 
>users added for each employee.
>Is there any way in CS4 to associate a VM instance for a particular 
>user inside the same account?
>I mean one account will have many VMs created, each VM assigned to a 
>unique user, basically 1:1 association betwn user:VM.
>
>While creating a VM(deployVirtualMachine) I cannot pass the userId in 
>that to say only user with userId "**" can use this vm.
>I can pass only the account with domain name, what does this indicate , 
>what is the relation of vm with account?
>Does that mean all users belonging to that account and domain can use 
>this vm.
>
>Thanks and Regards.
>
>Asmita Patil Vagyani.
>
>




Mime
View raw message