VCD’s Progression in direction of Eliminating Local Users… Know More!

By
Ztec 100
-
0
263
VCD’s Progression in direction of Eliminating Local Users… Know More!


When it started?

Starting from model 10.4.1, we declared the deprecation of native customers in VMware Cloud Director. While they’re nonetheless supported throughout this era of deprecation, we strongly advocate that customers start transitioning away from them. Despite this, VMware Cloud Director will proceed to supply full assist for native customers till the ultimate bulletins are made.

In model 10.4.1, you might use the consumer administration API to remap native customers or customers from an current IDP to a brand new IDP supply. You may use this function to remap native customers to any IDP supported by VCD.

What was supported?

Migration of native customers to SAML, LDAP, or OIDC was potential, supplied that the Identity Provider (IDP) is appropriately configured and accessible inside the group. To carry out the migration, API calls are required to switch the consumer information throughout the totally different Identity Providers.

In addition, this function additionally allows cloud directors emigrate customers between totally different Identity Providers (IDPs) which might be supported and configured inside the VMware Cloud Director atmosphere. For occasion, directors can use this function emigrate customers from LDAP to SAML, amongst different IDP varieties.

What prompted this resolution?

Local customers have been a basic function of VCD since its inception with model 1.0. They provide a easy approach to securely retailer usernames and passwords in a hashed format inside VCD. However, the absence of up to date password administration insurance policies similar to password rotation, complexity necessities, and 2FA/MFA choices, amongst others, has highlighted some limitations. As a outcome, this challenge was initiated to deal with these issues.

How is that this announcement progressing?

In VMware Cloud Director 10.4.2, we’ve launched a bulk consumer remapping UI function to assist our clients within the transition from locally-managed customers to an externally-managed identification supplier system. The goal of this function is to make the migration course of smoother and extra simple for our customers.

All concerning the function…

This function known as Bulk User Migration / Remapping.

  • VMware Cloud Director 10.4.2 affords a user-friendly bulk consumer migration choice to simplify the method of remapping customers between totally different Identity Providers (IDPs) from the UI.

User Migration is a 3-step course of:

Step a) Export User: Choose the consumer you want to migrate to a unique Identity Provider (IDP) and export their information to a CSV file. You may apply filters to pick out the precise customers you need to migrate.

Export Users

Step b) Upload CSV: Edit the consumer properties inside the CSV file, after which proceed to add the file with the up to date data.

CSV file with consumer properties
In the image, you may see the identify of the uploaded file, together with the rely of all of the customers detected within the CSV file and a few different particulars.

Please take observe that on this launch, solely modifications made to the username and providerType consumer properties might be acknowledged. Any modifications to different fields won’t be thought of. Additionally, it’s essential to notice that the e-mail ID area continues to be optionally available and never required.

Step c) Update Users: Perform the consumer replace process primarily based on the knowledge supplied within the CSV file.

The picture shows each the progress of User Migration and the rely of customers who has both efficiently migrated, didn’t migrate, or skipped the migration course of. The whole length taken to finish the duty can be displayed.

Here are a couple of key issues to remember:

  1. The consumer migration happens sequentially, with every consumer being migrated one after the other.
  2. There are presently no restrictions on the variety of customers that may be migrated without delay.
  3. Exiting the web page in the course of the migration course of is just not permitted and can lead to a warning message. If the warning is accepted, the migration activity might be cancelled.
  4. Although it’s potential to halt the consumer migration choice, it’s not potential to stop customers who’ve already been migrated.
  5. At the second, it’s not potential to revert again to an area providerType utilizing this instrument if customers are experiencing login difficulties after the consumer migration course of.
  6. If a consumer is migrating to the IDP that already exists in VCD, the migration engine will skip that exact consumer’s migration course of. (The skipped customers rely will improve by one).
  7. During the consumer migration to an IDP, the UserID of the consumer is retained, making certain that each one objects owned by the consumer stay beneath their possession. This is finished mechanically.
  8. In the occasion {that a} consumer is a part of a bunch, the identical group have to be created manually on the supply IDP, and the consumer will mechanically affiliate with the group upon their first login.
  9. Changes made to consumer particulars will take impact both after the scheduled synchronization operation has completed or after the consumer logs in for the primary time. The biographical data of the consumer might be retrieved from the IDP and used to replace the small print of the migrated consumer in VCD.

Troubleshooting:

  • The UI will throw an error if there are any typo or syntax errors within the CSV file.
The providerType was inaccurately specified within the picture

Please be suggested that the providerType worth have to be both LOCAL, LDAP, SAML, or OAUTH as these are the one supported IDPs in VCD.

Please observe that VCD validates the CSV file first earlier than initiating any API calls to hold out the duty.

  • To view data on customers who have been unable emigrate or skipped, you may obtain the Error Report.
  • In the occasion of errors for sure customers in the course of the migration course of, you may resolve them after which rerun the migration course of. Previously migrated customers might be skipped and never affected.
  • For further data, please consult with the final VMware Cloud Director logs.

Scenarios/Questions

Migration takes too lengthy, and the progress stops. Please be sure that the browser window containing the migration course of is just not minimized or made inactive and stays energetic and in focus all through. If the window is minimized or made inactive, you will want to cease the method and start once more.
The migration course of has completed however customers’ information should not up to date from the IDP Please watch for the synchronization course of between VCD and IDP to finish or carry out a guide login utilizing the required consumer credentials.
Can I restart the migration course of with the identical CSV file? That’s appropriate, any customers which have already been up to date might be skipped, and the method will resume from the place it left off.
Can I restart the method for the errored migrations? If an error happens, a obtain hyperlink is obtainable that gives a CSV file containing particulars of the errors. This file can be utilized to make mandatory corrections after which uploaded once more.
Can I revert the method? Automating this course of is just not potential. Basically, it’s a guide course of.

Please be suggested that this report is meant for informational functions solely and represents our greatest effort to offer correct and helpful insights.

LEAVE A REPLY

Please enter your comment!
Please enter your name here