VMware today launched the VMware Cloud ProviderTM Hub for VMware Cloud Provider Program partners. Cloud Provider Hub is a platform for partners providing end-to-end customer lifecycle management including purchase, provisioning and management of VMware XaaS services. Cloud Provider Hub is the evolution of the Managed Services Platform 1.x.
With this release, VMware is enabling our partners to expand their managed services portfolio with VMware XaaS offerings. Assisting their multi-cloud service offering journey by providing access to services, that advance their hybrid cloud opportunities and address the needs of native public cloud operations.
New features available on Cloud Provider Hub can be split on the key three areas as below and the features in each area are described below
Transact new cloud services
Services available for Provisioning
VMware Cloud on AWS
Earlier this year, VMware released Managed Service Provider (MSP) platform with support for VMware Cloud on AWS service so partners could extend their managed services portfolio, beyond their on-prem deployments, into an ‘asset light’ VMware deployment in the cloud.
VMware Cloud on AWS, now live in all major global geographies, offers providers the most complete hybrid cloud solution, jointly engineered with AWS and running within their world class global cloud.
VMware Hybrid Cloud Extension bundled with VMware Cloud on AWS can be used to connect across the hybrid cloud and deliver migration at massive scale for production workloads, even across diverse VMware environments. VMware Log Intelligence audit log collection capabilities for VMware cloud on AWS service at no additional cost.
VMware Cost Insight also bundled with VMware Cloud on AWS, provides migration assessment and cost analysis to run workloads on VMware Cloud on AWS.
Learn about the new features recently announces for VMware Cloud on AWS here.
VMware Log Intelligence
VMware Cloud Services are a key part of how VMware adds value to partners implementing Hybrid Cloud.
VMware Log Intelligence provides a simple but powerful log collection and analytics tool that can be used to troubleshoot SDDC technologies, on premise or in the public cloud. VMware Log Intelligence supports vSphere, VMware Cloud on AWS, AWS and VMware vCloud Director.
Providers can configure Log Intelligence service at tenant level, end points at tenants, create dashboards, alerts and view at tenant specific level. They can also view all the tenant logs at provider level giving them the flexibility to monitor and creating unified dashboard.
Learn more about Log Intelligence and features it supports here.
Transaction method for these services
Services are available in the Cloud Provider Hub use commitment-based constructs, the same method as in MSP 1.x.
Each service must have a separate commit contract. VMC MSP commit contract is for transacting in VMware Cloud on AWS. We now have a new ‘CMS’ commit contract that must be created and active for transacting in VMware Log Intelligence. When the commit contract (s) are active, services associated with these contracts will be available for provisioning for that provider.
If you have only one commit contract – CMS MSP commit contract, you will only see the Log Intelligence service tile available for provisioning, when logging into VMware Cloud Services.
If you have both commit contracts – VMC commit contract and CMS commit contract, you will see both the service tiles available for provisioning.
Please refer to my upcoming blog series for details on how to transact using these commit contracts
How to access these services
Services can be accessed based on the role and permissions that have been assigned to you.
- Services, when activated, can be accessed from the Open in service tile.
- In the case of VMware Cloud on AWS only;
- The Add-ons or any other service, for example VMware Cost Insight, will be available under My Services using header icon
- Some services as Hybrid Cloud Extension and Site Recovery are already available as Add-On tile using the SDDC provisioned in VMware Cloud on AWS. Log Intelligence and Cost Insight are planned to be available and an Add-On tile soon.
Providers need to provision different services for differing tenants at any time. Previously a provider needed to request service invitation, using the invitation email received, create tenant organization, onboard services, then deploy and configure. This was cumbersome and now simplified with automation – the provisioning of services for the tenants is now just a few clicks and is customizable to your needs. No more hassles requesting service invitations, waiting for the invitations and searching for the emails to do tenant onboarding or having to deal with expired invitations.
Service activation for the tenant can be done with few steps as below:
- Any service provider with Provider Administration, Provider Operations Administrator and Provider Account Administrator rights can create a tenant org for their tenants
- Once a tenant org is created, the service needs to be activated
- Then the access level for the user organization for the service needs to be provided
We can see the simplified and faster flow below:
- From the list of services available for provisioning, service providers can enable one or more services for each of their tenants. Service Providers need to provision the service for each tenant by using the Open button.
- At this time, there are no tenants for this service provider
So we need to add a tenant using Tenant Management , which results in a tenant org being created with all the metadata provided.
You can provide the admin contact at a later time. If an admin contact is provided, the email provided becomes a tenant administrator. If an admin contact is not provided, the service provider managing the service access becomes the Tenant Administrator.
- Once tenant is added, select the tenant and choose Manage Services
- The service provider is switched to a tenant org and selecting Open will do the magic of service activation for the tenant user.
For details on onboarding, refer <here>
Simplified user experience
The Cloud Provider Hub now provides;
- A self-service UI and API for providers to transact multiple cloud services, tenant management, user management, billing and usage and support
- A self-service UI and API for tenants to consume the services that providers have given them access to, view usage and manage their user access to the services
Simplified UI and API for both Billing and usage available for providers and tenants
- Providers can view an aggregated view of usage and effective usage per sku for a given period per organization in provider context
- Providers can view only the aggregated usage and not effective usage per sku for a given period per organization in tenant organization
- Previously in MSP 1.x, usage could be downloaded only using the API. Now we provide the ability to download the usage for the last billing period or selected periods – up to 6 months, as a csv file. This file will provide a detailed view of the usage and effective usage for the selected organization (provider or tenant)
- Providers can also view the payment method – commit contract(s) associated with the provider i.e. the master organization
- Users with roles who can access Billing and Usage
- Users with the roles Provider Administrator, Provider Operations Administrator, Provider Billing User, have the required permissions in provider organization
- A Provider Accounts Administrator has the permission for the assigned tenant accounts only
- A Tenant Administrator and Tenant Billing User
- All the above and more can be achieved using billing API’s
- View an aggregated view of usage per SKU for a given period for just that tenant organization
- Download a detailed view of the usage only for the selected organization
- Users with Tenant Administrator and Tenant Billing User have the permissions for the above operations
Tenants cannot view the payment method – commit contract (s) associated with the provider i.e. the master organizatio
Simplified UI and API for raising support tickets by Provider for any tenant
A cloud provider owns the Terms of Service and manages any support for their end customers. We provide many ways for a provider to extend this support for their customers.
Users with Provider Administrator, Provider Operations Administrator, Provider Accounts Administrator for specific accounts, Provider Support User can use the support feature
- They can perform the following operations create, add comment, close with reasons
- The support tickets can be created for any organization provider / tenant
- Have API support to create, query and patch support requests, which allows you to automate request functions
The Cloud Provider Hub provides additional granular role-based access for end to end customer lifecycle management, with permissions for different operations on the resource (provider organization and tenant organization).
Roles are collections of permissions associated to a user and a resource (resource being provider organization or tenant organization). An example of a role is Provider Administrator in provider org. These roles are specific to the Cloud Provider Hub. Service roles are different and those are based on roles provided by each service
Permissions are actions applied against on a resource, which is organizational. An example is a Provider Administrator in provider organization whom can create and edit tenants. These roles are specific to Cloud Provider Hub. Service roles are different and those are based on roles provided by each service
Roles are typically inherited, which is different from roles offered in MSP 1.x
- Some roles are inherited, which essentially means that if a role is created in provider organization, it is implicitly applicable to the entire hierarchy below the resource.
Provider administrator, Provider Operations Administrator are created hierarchically on provider org and in every descendant organization i.e. tenant organizations. For example: is email@example.com is made a Provider Administrator at a provider level. He is implicitly an administrator all of Acme’s tenant organizations
- Provider Account Administrator can be inherited only by some descendants, the tenant accounts he is assigned to. If Acme has tenant1 and tenant2 and provider account administrator is assigned to tenant2, he implicitly inherits the role in tenant2 only
The different provider roles with permissions at a provider level are:
- Provider Admin – can create/modify Service Provider users and roles, customer organizations, customer users and roles, and service access
- Provider Operations Admin – can create/modify customer organizations, customer users and roles, and service access
- Provider Billing User – can view aggregate and individual customer usage and billing
- Provider Support User – can view/create/edit/delete support tickets for provider organization as well as tenant organizations
- Provider Account Admin – can view and manage operations, services, billing and support for tenants assigned.
The different tenant roles with permissions at a tenant level are:
- Tenant Admin – can create/modify customer users and roles and service access
- Tenant User – Access service that has been granted access by the Tenant Admin
- Tenant Billing User – can view usage for that organization
If you are already in the VCPP MSP program, explore the possibilities of VMware Cloud Provider Hub. If you are not, contact your aggregator or VMware representation and find out about the contract options available to you and become one today.