Cloud Computing

VCD’s Development in the direction of Eliminating Native Customers… Know Extra!

June 1, 2023
CT Team


When it started?

Ranging from model 10.4.1, we declared the deprecation of native customers in VMware Cloud Director. Whereas they’re nonetheless supported throughout this era of deprecation, we strongly advocate that customers start transitioning away from them. Regardless of this, VMware Cloud Director will proceed to supply full assist for native customers till the ultimate bulletins are made.

In model 10.4.1, you may use the consumer administration API to remap native customers or customers from an present IDP to a brand new IDP supply. You could possibly use this function to remap native customers to any IDP supported by VCD.

What was supported?

Migration of native customers to SAML, LDAP, or OIDC was potential, offered that the Identification Supplier (IDP) is appropriately configured and accessible throughout the group. To carry out the migration, API calls are required to switch the consumer information throughout the completely different Identification Suppliers.

As well as, this function additionally allows cloud directors emigrate customers between completely different Identification Suppliers (IDPs) which might be supported and configured throughout the VMware Cloud Director setting. For example, directors can use this function emigrate customers from LDAP to SAML, amongst different IDP sorts.

What prompted this determination?

Native customers have been a elementary function of VCD since its inception with model 1.0. They provide a easy technique to securely retailer usernames and passwords in a hashed format inside VCD. Nonetheless, the absence of latest password administration insurance policies equivalent to password rotation, complexity necessities, and 2FA/MFA choices, amongst others, has highlighted some limitations. Because of this, this undertaking was initiated to handle these considerations.

How is that this announcement progressing?

In VMware Cloud Director 10.4.2, we’ve got launched a bulk consumer remapping UI function to assist our prospects within the transition from locally-managed customers to an externally-managed identification supplier system. The aim of this function is to make the migration course of smoother and extra easy for our customers.

All concerning the function…

This function known as Bulk Consumer Migration / Remapping.

  • VMware Cloud Director 10.4.2 provides a user-friendly bulk consumer migration choice to simplify the method of remapping customers between completely different Identification Suppliers (IDPs) from the UI.

Consumer Migration is a 3-step course of:

Step a) Export Consumer: Select the consumer you want to migrate to a special Identification Supplier (IDP) and export their information to a CSV file. You can too apply filters to pick out the particular customers you wish to migrate.

Export Customers

Step b) Add CSV: Edit the consumer properties throughout the CSV file, after which proceed to add the file with the up to date data.

CSV file with consumer properties
Within the image, you may see the title of the uploaded file, together with the depend of all of the customers detected within the CSV file and a few different particulars.

Please take notice that on this launch, solely modifications made to the username and providerType consumer properties can be acknowledged. Any modifications to different fields won’t be thought-about. Moreover, it’s necessary to notice that the e-mail ID area remains to be non-obligatory and never required.

Step c) Replace Customers: Carry out the consumer replace process primarily based on the knowledge offered within the CSV file.

The picture shows each the progress of Consumer Migration and the depend of customers who has both efficiently migrated, did not migrate, or skipped the migration course of. The full length taken to finish the duty can be displayed.

Listed below are a number of key issues to bear in mind:

  1. The consumer migration happens sequentially, with every consumer being migrated one by one.
  2. There are presently no restrictions on the variety of customers that may be migrated directly.
  3. Exiting the web page throughout the migration course of shouldn’t be permitted and can end in a warning message. If the warning is accepted, the migration job can be cancelled.
  4. Though it’s potential to halt the consumer migration possibility, it’s not potential to stop customers who’ve already been migrated.
  5. In the meanwhile, it’s not potential to revert again to a neighborhood providerType utilizing this instrument if customers are experiencing login difficulties after the consumer migration course of.
  6. If a consumer is migrating to the IDP that already exists in VCD, the migration engine will skip that exact consumer’s migration course of. (The skipped customers depend will enhance by one).
  7. Through the consumer migration to an IDP, the UserID of the consumer is retained, guaranteeing that every one objects owned by the consumer stay beneath their possession. That is carried out routinely.
  8. Within the occasion {that a} consumer is a part of a bunch, the identical group have to be created manually on the supply IDP, and the consumer will routinely affiliate with the group upon their first login.
  9. Adjustments made to consumer particulars will take impact both after the scheduled synchronization operation has completed or after the consumer logs in for the primary time. The biographical data of the consumer can be retrieved from the IDP and used to replace the small print of the migrated consumer in VCD.

Troubleshooting:

  • The UI will throw an error if there are any typo or syntax errors within the CSV file.
The providerType was inaccurately specified within the picture

Please be suggested that the providerType worth have to be both LOCAL, LDAP, SAML, or OAUTH as these are the one supported IDPs in VCD.

Please notice that VCD validates the CSV file first earlier than initiating any API calls to hold out the duty.

  • To view data on customers who had been unable emigrate or skipped, you may obtain the Error Report.
  • Within the occasion of errors for sure customers throughout the migration course of, you may resolve them after which rerun the migration course of. Beforehand migrated customers can be skipped and never affected.
  • For extra data, please consult with the final VMware Cloud Director logs.

Eventualities/Questions

Migration takes too lengthy, and the progress stops. Please be certain that the browser window containing the migration course of shouldn’t be minimized or made inactive and stays energetic and in focus all through. If the window is minimized or made inactive, you’ll need to cease the method and start once more.
The migration course of has completed however customers’ information are usually not up to date from the IDP Please anticipate the synchronization course of between VCD and IDP to finish or carry out a handbook login utilizing the desired consumer credentials.
Can I restart the migration course of with the identical CSV file? That’s appropriate, any customers which have already been up to date can be skipped, and the method will resume from the place it left off.
Can I restart the method for the errored migrations? If an error happens, a obtain hyperlink is accessible that gives a CSV file containing particulars of the errors. This file can be utilized to make vital corrections after which uploaded once more.
Can I revert the method? Automating this course of shouldn’t be potential. Principally, it’s a handbook course of.

Please be suggested that this report is meant for informational functions solely and represents our greatest effort to offer correct and helpful insights.

Leave a Reply

Your email address will not be published. Required fields are marked *