Tag Archives: Tenant

Tenant Self-Service Dashboards

This post continues from the Operationalize Your World post. Do read it first so you get the context.

A common request among VMware Admin is to give their customers a self service access to their own VMs. The VM Owners should be given a simple portal, where they can easily see all their VMs and its performance. The solution in this blog is inspired by the work done in this video and this paper. We’ve reduced the visibility and supply a custom dashboard with super metric.

Naturally, VM Owners do not have access to vSphere, as that’s to deep into the kitchen. We are also not assuming that you have vRealize Automation or vCloud Director in-place. So this is just using vR Ops.


  • Tenant can only see her own VMs.
  • Tenant cannot see the underlying infrastructure. It is both irrelevant and not something you’re comfortable disclosing.

This is what the dashboard looks like. It has a simple ReadMe to guide tenant.


We’ve added visibility into how the IaaS is serving the VM. Provide that transparency to your customer, and you have a major advantage over the public cloud.

The tenant has very limited access to vR Ops. The following 3 screenshots show what have been removed.





As you can guess, there are 2 parts to the implementation:

  • One-time setup.
    • A general set up you do that is applicable to all tenants
    • You develop your dashboards here.
  • Per Tenant work.
    • A tenant-specific setup that you need to do for each tenant.
    • Things like creating an account for that tenant belongs here.

One-Time Setup

Create a role called Tenants. Purpose is to limit what features it can access


The tenant needs only 2 access, as shown below:


Create a group called Tenants. Only share the “My Virtual Machines” dashboard to this group. As a result, this group can’t see any other dashboards.

Ensure the group Everyone has 0 dashboards

Purpose is to limit what objects it can see. To recap, the Roles limits what features can be seen, while Group limits the objects.


Click the Objects, then select the Tenants role (which you created earlier). Do not provide any more access. So none of the object hierarchy is selected.


Create a group type. Call it Tenants. Each tenant will have 1 group and 1 group only.


Download the files. Import the dashboard and super metrics.


Create the Text Widget file and Resource Kind file. See the screenshot below as guide. The name has to be identical, and it is Case Sensitive.

[2 Nov 2016: Thank you Patrick Nganga for spotting that I miss 2 files. There are 4 that you need]


That’s all you need as the base. All the work below is now per tenant. So if you have 10 tenants, you need to repeat 10x. I know…

Per-Tenant Setup

Create a group that contains all the VMs of a single Tenant. Best is to use the Tenant Name as the group name. If you organize the VMs properly in vCenter, by using vSphere Tags or Folders, you can take advantage of that. The example below is using vSphere Folder.


Once created, the group will appear under the Tenants group type. I’ve created 2 examples. Ensure the no of VM matches what it should be.


Create an account for each tenant. Give is full Administrator access. Just for temporary.

Login using this newly created account. I’d use another browser, and I do not want to logout from my administrator account. Go to Dashboard, select all dashboards except the one you want to show, and remove them from Home. See how it’s done below. Once done, the Visible on Home will show it’s not to be shown.


Log out the tenant account. Or simply close the browser.

Switch back to your administrator account. Remove the tenant administrator privilege, and map it to the Tenants role, as shown below.

Map the account to the associated group, and only to this group. This limits the visibility. Yes, this is how the “security” is done. I’m not sure if this is honoured by the API, but you can block the tenant ID from accessing via API.



  • Tenant can only have 1 group. The Total is based on super metric that adds per group. It cannot add multiple groups as it does not know which groups to select.
  • Alerts are not implemented yet.
  • Tenant cannot change the alerts. For example, they cannot change their own threshold.

Hope you find the material useful. If you do, go back to the Main Page for the complete coverage of SDDC Operations. It gives you the big picture so you can see how everything fits together. If you already know how it all fits, you can go straight to download here.

Tenant Utilization Report

A common request from Tenant of IaaS business is Utilization Report. If a Tenant or Customer has 100 VMs, she wants to see the summary of the VMs utilization. You need to sum up the utilization amount.

Be careful not to bill based on Utilization. A tenant in SDDC or Private Cloud looks at things from different view. She does not care about the infrastructure as it’s a service to her. From a business viewpoint, she pays either based on Utilization or Configuration.

I encourage based on Configuration as Utilization can lead to argument.

  • She may question why you are charging her more when her application is hardly doing any business transactions. You end up digging into the VM Utilization even though you have no access to the VM, nor understand the application behaviour.
  • Utilization varies per minute. It can even spike within a minute. Do  you bill per second, minute, hour, day, month…? Where do you draw the line for fair charging without spending a lot of money calculating the bill? 1 month has 30 days or 720 hours. If you do hourly charge, you perform the calculation 720x in a month.

Ok, enough about money. Money can certainly give headache 🙂 Let’s talk something technical instead 🙂

We will discuss how to report Total VM utilization. This is a common requirements. Money aside, a Tenant Management certainly wants to know how much work is done. That’s a fair request.

High Level Requirement: Show Total Utilization across all VMs every month.

To present a monthly chart that strikes a balance between accuracy and usability, you need to roll up the data. 1 month has 720 hours. A data at 5-minute average will be way too details and unreadable. Hourly is in fact relatively very accurate. On the other hand, averaging at hourly means a 10 minute spike will not appear. In the example below, the 2 peak will be lost when you average all the numbers.

roll up hourly not daily

When it comes to utilization, Peak is important. So what you should do is roll the 5-minute peak into each hour.

Overall Steps

The steps are not straightforward, so I’ll give a summary first.

  1. Create a group per Tenant
    1. The group simply has all the VMs of 1 tenant. If you have a proper naming convention, you can create a dynamic group.  Any VM that you add/remove from the group will automatically be included/excluded from the calculation.
  2. Create summary values
    1. The value you want are:
      1. The total CPU Utilization for all VMs.
      2. The total RAM Utilization for all VMs
    2. Create super metric for each.
      • For CPU, you need to take into account the number of vCPU. A 16-vCPU VM running at 10% consumes more CPU than a 1-vCPU VM running at 100%.
      • Since what you want is a %, not GHz, you need to divide with the Total Capacity.
  3. Create a View widget
    1. The View widget allows data transformation. The metric chart does not allow that.
    2. Roll up the data every hour. This makes the chart readable.
    3. Default the View to monthly data
  4. Create a Dashboard
    1. Ideally, you want this to be a report so it can be automatically sent for each Tenant.

Detail Steps

To create a group, use the screenshot below as your guide. You can mix the dynamic members and static members. Create 1 per tenant.


Once you created the groups, you end up with something like this. You can park the group under any group type. It does not have to be Environment as shown below. You should create a group type called Tenant.


Create the super metrics, using the screenshot as a guide. You should create the following:

  1. Sum of all VM vCPU. The unit is no of vCPU.
  2. Sum of all VM CPU Demand. The unit is MHz
  3. Sum of all VM CPU Configured. The unit is MHz.
  4. Sum of all VM CPU Demand / Sum of all VM CPU Configured. This gets you a %, which is what you want to report.


The last super metric is derived from super metric no 3 and 4. I’ve shown the formula below.


When a Tenant has a lot of VM, the sum can be a big number. If you want to assure yourself that you got the right sum, you can use the View widget to show you the expected total. As you can see from the following screenshot, it can do a summation.


Now that you have the super metric, time to plot into a chart. Here is where you do the roll up in the View widget.


The roll up smoothens the chart, which makes it easier to read. The example below shows how an hourly roll up makes the chart more readable. I could only show 1 day data, not 1 month, as it’s too dense without the roll up.


Once the line chart is done, it’s a matter of putting into a dashboard. There are many guides in creating dashboards, so I will just provide a simple screenshot below.


Hope you find it useful!