VCD’s Progression towards Eliminating Local Users… Know More!

Posted on By Admin

When it started?

Setting up from model 10.4.1, we declared the deprecation of regional end users in VMware Cloud Director. Even though they are even now supported for the duration of this period of deprecation, we strongly endorse that buyers get started transitioning absent from them. Even with this, VMware Cloud Director will continue to offer you whole assist for area end users right until the remaining bulletins are produced.

In edition 10.4.1, you could use the consumer management API to remap local users or customers from an present IDP to a new IDP source. You could use this characteristic to remap local customers to any IDP supported by VCD.

What was supported?

Migration of local customers to SAML, LDAP, or OIDC was achievable, offered that the Id Provider (IDP) is appropriately configured and available in the business. To execute the migration, API phone calls are necessary to transfer the person data across the different Id Providers.

In addition, this characteristic also permits cloud administrators to migrate end users amongst various Identification Companies (IDPs) that are supported and configured within the VMware Cloud Director environment. For occasion, directors can use this aspect to migrate end users from LDAP to SAML, amongst other IDP kinds.

What prompted this final decision?

Neighborhood customers have been a basic element of VCD since its inception with version 1.. They offer a simple way to securely retail store usernames and passwords in a hashed format within just VCD. On the other hand, the absence of modern day password management policies this sort of as password rotation, complexity demands, and 2FA/MFA selections, among the other individuals, has highlighted some restrictions. As a outcome, this undertaking was initiated to address these considerations.

How is this announcement progressing?

In VMware Cloud Director 10.4.2, we have introduced a bulk person remapping UI feature to support our customers in the changeover from domestically-managed consumers to an externally-managed id provider technique. The goal of this function is to make the migration approach smoother and much more uncomplicated for our consumers.

All about the feature…

This feature is named Bulk User Migration / Remapping.

  • VMware Cloud Director 10.4.2 provides a user-helpful bulk user migration solution to simplify the approach of remapping people among diverse Id Vendors (IDPs) from the UI.

Person Migration is a 3-stage system:

Stage a) Export Person: Decide on the user you wish to migrate to a unique Id Supplier (IDP) and export their info to a CSV file. You can also apply filters to find the precise consumers you want to migrate.

Export Buyers

Action b) Upload CSV: Edit the user houses inside of the CSV file, and then proceed to upload the file with the updated info.

CSV file with person qualities
In the photograph, you can see the title of the uploaded file, along with the count of all the consumers detected in the CSV file and a couple of other particulars.

Remember to get be aware that in this release, only alterations designed to the username and providerType consumer houses will be identified. Any modifications to other fields will not be thought of. Moreover, it’s important to be aware that the e mail ID industry is nonetheless optional and not needed.

Phase c) Update People: Perform the user update method centered on the details furnished in the CSV file.

The picture displays the two the development of User Migration and the count of end users who has either correctly migrated, unsuccessful to migrate, or skipped the migration procedure. The overall duration taken to entire the activity is also shown.

Right here are a couple essential things to retain in intellect:

  1. The person migration takes place sequentially, with just about every user becoming migrated a single at a time.
  2. There are presently no limits on the selection of people that can be migrated at when.
  3. Exiting the web page all through the migration procedure is not permitted and will result in a warning message. If the warning is acknowledged, the migration job will be cancelled.
  4. Even though it is doable to halt the consumer migration alternative, it is not attainable to avoid buyers who have by now been migrated.
  5. At the moment, it’s not doable to revert back to a local providerType using this software if users are encountering login challenges after the person migration method.
  6. If a consumer is migrating to the IDP that now exists in VCD, the migration motor will skip that particular user’s migration process. (The skipped consumers rely will improve by a single).
  7. During the consumer migration to an IDP, the UserID of the person is retained, making sure that all objects owned by the consumer stay under their ownership. This is completed quickly.
  8. In the celebration that a consumer is section of a team, the same team will have to be made manually on the source IDP, and the user will instantly associate with the group upon their 1st login.
  9. Alterations built to user specifics will choose outcome either just after the scheduled synchronization operation has concluded or just after the consumer logs in for the to start with time. The biographical info of the user will be retrieved from the IDP and employed to update the aspects of the migrated user in VCD.

Troubleshooting:

  • The UI will throw an error if there are any variety or syntax problems in the CSV file.
The providerType was inaccurately specified in the impression

Please be encouraged that the providerType worth ought to be possibly Community, LDAP, SAML, or OAUTH as these are the only supported IDPs in VCD.

You should notice that VCD validates the CSV file initial just before initiating any API phone calls to carry out the activity.

  • To see facts on customers who were unable to migrate or skipped, you can down load the Mistake Report.
  • In the function of errors for particular consumers throughout the migration course of action, you can solve them and then rerun the migration course of action. Previously migrated buyers will be skipped and not affected.
  • For added data, remember to refer to the general VMware Cloud Director logs.

Situations/Questions

Migration requires too very long, and the development stops. Make sure you guarantee that the browser window that contains the migration course of action is not minimized or created inactive and remains active and in concentration in the course of. If the window is minimized or produced inactive, you will require to halt the approach and start once more.
The migration procedure has finished but users’ information are not up to date from the IDP Remember to wait around for the synchronization system among VCD and IDP to entire or execute a manual login using the specified person qualifications.
Can I restart the migration process with the identical CSV file? That is correct, any end users that have already been up to date will be skipped, and the process will resume from the place it left off.
Can I restart the procedure for the errored migrations? If an mistake occurs, a down load link is readily available that delivers a CSV file that contains facts of the errors. This file can be made use of to make essential corrections and then uploaded again.
Can I revert the approach? Automating this course of action is not attainable. In essence, it is a manual process.

Be sure to be suggested that this report is meant for informational needs only and signifies our greatest exertion to deliver accurate and helpful insights.

Supply website link

Cloud Computing