When it started?
Ranging from model 10.4.1, we declared the deprecation of native customers in VMware Cloud Director. Whereas they’re nonetheless supported throughout this era of deprecation, we strongly advocate that customers start transitioning away from them. Regardless of this, VMware Cloud Director will proceed to supply full assist for native customers till the ultimate bulletins are made.
In model 10.4.1, you could possibly use the consumer administration API to remap native customers or customers from an current IDP to a brand new IDP supply. You may use this characteristic to remap native customers to any IDP supported by VCD.
What was supported?
Migration of native customers to SAML, LDAP, or OIDC was attainable, offered that the Identification Supplier (IDP) is appropriately configured and accessible throughout the group. To carry out the migration, API calls are required to switch the consumer information throughout the completely different Identification Suppliers.
As well as, this characteristic additionally permits cloud directors emigrate customers between completely different Identification Suppliers (IDPs) which can be supported and configured throughout the VMware Cloud Director setting. As an example, directors can use this characteristic emigrate customers from LDAP to SAML, amongst different IDP sorts.
What prompted this resolution?
Native customers have been a elementary characteristic of VCD since its inception with model 1.0. They provide a easy solution to securely retailer usernames and passwords in a hashed format inside VCD. Nonetheless, the absence of up to date password administration insurance policies comparable to password rotation, complexity necessities, and 2FA/MFA choices, amongst others, has highlighted some limitations. In consequence, this mission was initiated to deal with these issues.
How is that this announcement progressing?
In VMware Cloud Director 10.4.2, we now have launched a bulk consumer remapping UI characteristic to assist our clients within the transition from locally-managed customers to an externally-managed id supplier system. The aim of this characteristic is to make the migration course of smoother and extra easy for our customers.
All concerning the characteristic…
This characteristic is known as Bulk Person Migration / Remapping.
- VMware Cloud Director 10.4.2 presents a user-friendly bulk consumer migration choice to simplify the method of remapping customers between completely different Identification Suppliers (IDPs) from the UI.
Person Migration is a 3-step course of:
Step a) Export Person: Select the consumer you want to migrate to a unique Identification Supplier (IDP) and export their information to a CSV file. You too can apply filters to pick out the precise customers you need to migrate.
Step b) Add CSV: Edit the consumer properties throughout the CSV file, after which proceed to add the file with the up to date info.
Please take word that on this launch, solely adjustments made to the username and providerType consumer properties might be acknowledged. Any modifications to different fields is not going to be thought of. Moreover, it’s vital to notice that the e-mail ID discipline continues to be non-obligatory and never required.
Step c) Replace Customers: Carry out the consumer replace process primarily based on the knowledge offered within the CSV file.
Listed here are just a few key issues to bear in mind:
- The consumer migration happens sequentially, with every consumer being migrated one after the other.
- There are presently no restrictions on the variety of customers that may be migrated directly.
- Exiting the web page in the course of the migration course of just isn’t permitted and can end in a warning message. If the warning is accepted, the migration activity might be cancelled.
- Though it’s attainable to halt the consumer migration possibility, it’s not attainable to stop customers who’ve already been migrated.
- In the intervening time, it’s not attainable to revert again to an area providerType utilizing this software if customers are experiencing login difficulties after the consumer migration course of.
- If a consumer is migrating to the IDP that already exists in VCD, the migration engine will skip that individual consumer’s migration course of. (The skipped customers depend will improve by one).
- Through the consumer migration to an IDP, the UserID of the consumer is retained, making certain that each one objects owned by the consumer stay underneath their possession. That is executed robotically.
- Within the occasion {that a} consumer is a part of a gaggle, the identical group have to be created manually on the supply IDP, and the consumer will robotically affiliate with the group upon their first login.
- Modifications made to consumer particulars will take impact both after the scheduled synchronization operation has completed or after the consumer logs in for the primary time. The biographical info of the consumer might be retrieved from the IDP and used to replace the main points of the migrated consumer in VCD.
Troubleshooting:
- The UI will throw an error if there are any typo or syntax errors within the CSV file.
Please be suggested that the providerType worth have to be both LOCAL, LDAP, SAML, or OAUTH as these are the one supported IDPs in VCD.
Please word that VCD validates the CSV file first earlier than initiating any API calls to hold out the duty.
- To view info on customers who have been unable emigrate or skipped, you may obtain the Error Report.
- Within the occasion of errors for sure customers in the course of the migration course of, you may resolve them after which rerun the migration course of. Beforehand migrated customers might be skipped and never affected.
- For added info, please consult with the overall VMware Cloud Director logs.
Situations/Questions
| Migration takes too lengthy, and the progress stops. | Please be certain that the browser window containing the migration course of just isn’t minimized or made inactive and stays energetic and in focus all through. If the window is minimized or made inactive, you’ll need to cease the method and start once more. |
| The migration course of has completed however customers’ information will not be up to date from the IDP | Please anticipate the synchronization course of between VCD and IDP to finish or carry out a guide login utilizing the desired consumer credentials. |
| Can I restart the migration course of with the identical CSV file? | That’s right, any customers which have already been up to date might be skipped, and the method will resume from the place it left off. |
| Can I restart the method for the errored migrations? | If an error happens, a obtain hyperlink is out there that gives a CSV file containing particulars of the errors. This file can be utilized to make crucial corrections after which uploaded once more. |
| Can I revert the method? | Automating this course of just isn’t attainable. Mainly, it’s a guide course of. |
Please be suggested that this report is meant for informational functions solely and represents our greatest effort to supply correct and helpful insights.
