Creating the tenant
In the previous steps, a tenant cloud was created and the resources exist to be assigned, but the tenant user provisioning hasn’t occured yet.
The basic steps we’re going to take are
- Create some basic VMs to convert to template VHDX
- Create appropriate VM templates to size the machine and allow the user to deploy from it
- Create a user role appropriate for this tenant and grant it access to resources
Create the template components
The rapid needs user will need a windows 8.1 and 2012 R2 template made available. In the prior steps the ISO was simply copied around to the systems for installation, at this point we’d like to take advantage of sharing the ISOs from the VMM library.
First, each hyper-v host needs to be delegated access to the VMM library servers for CIFS. This is done through Active Directory on the properties of the computer object
Our VMM service is already (from the way we went through the installer) running as a domain service account, so we don’t need to change that. Finally, all they hyper-v computer accounts were put into a group and granted read access to the VMM library shares.
Using VMM, 2 template machines were created with basic specs, and windows installed on the VM. The VM was shutdown at the configuration screen prior to making any local changes. A new VM template was created for each and the sample VM was destroyed when it got imported into VMM as a template.
For these tenant specific systems, the configuration was tweaked to pre-specify the network they can see and the hyper-v compatibility flag was set so it will only be provisioned on hyper-v hosts.
Create the user role
Finally, we’re ready to create the user role. A group was created to assign rights through
Access was scoped specifically to the cloud in question and a quota established.
Next the specific network that the tenant is being restricted to is allocated and the pre-existing resources in the cloud (including some VMs that were made manually earlier) are specified as resources the user can interact with.
Finally we specify permissions specific to this particular cloud (global has none specified).
The tenant administrator account is now able to login and provision a copy of either template. The templates as-is do not auto configure, install any roles, etc but that’s fine in this instance. Smarter templates and more full fledged services will be created down the road to replace the basic templates.