Skip to main content
Outside service Partner
Hitachi Vantara Knowledge

Managing tenants

Creating an HCP tenant


You create HCP tenants in the System Management Console. Once an HCP tenant exists, tenant administrators can use the Tenant Management Console to create namespaces for the tenant.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

HCP tenant properties


When creating an HCP tenant, you specify:

A name for the tenant. This name determines the URL for the tenant.

When naming tenants, keep in mind that each tenant name must be unique within an HCP system. For example, you cannot create a tenant named finance for each of two different customers. You could, however, create a tenant named cust1-finance for Customer 1 and another tenant named cust2-finance for Customer 2.

Also, keep in mind that you cannot replicate a tenant to another HCP system that already has a different tenant with the same name.

You can change the tenant name at any time after you create the tenant, except while the CIFS or NFS protocol is enabled for any of the tenant's namespaces. However, keep in mind that when you change the tenant name, you are also changing the URLs for the tenant and its namespaces.

TipWebHelp.png

Tip: Be sure to notify the tenant contact when you change the name of a tenant.

Optionally, a description of the tenant. For example, you can use a description to specify the name of the organization for which you’re creating the tenant.

You can change this description at any time after you create the tenant.

In an HCP system that uses virtual networking and has the management network enabled at the System Management Console, a management network for the tenant. Clients use this network to access the Tenant Management Console and HCP management API for the tenant. Clients use the domain name associated with this network when sending access requests to the management interfaces (Tenant Management Console and HCP management API) for the tenant.

You need to ensure that requests for access to the Tenant Management Console and HCP management API for the tenant are routable from the clients to the HCP system over the management network that you specify.

If the tenant is configured to allow system-level users to manage it, those users can access its Tenant Management Console directly from the System Management Console even if the tenant management network is not [hcp_system].

You can select a different management network for a tenant at any time. However, when you change the management network, you also change:

oThe IP addresses used to route access requests from clients to the management interfaces (Tenant Management Console and HCP management interface) for the tenant

o The management network domain name included in the tenant URL

TipWebHelp.png

Tip: Be sure to notify the tenant contact when you select a different management network for a tenant.

For information on networks and routability, see About virtual networking with HCP.

In an HCP system that uses virtual networking, a data access network for the tenant. Clients use this network to access the contents of namespaces that the tenant owns. Clients use the domain name associated with this network when sending namespace data access requests to the tenant.

You need to ensure that requests for access to the contents of the namespaces that the tenant owns are routable from the clients to the HCP system over the data access network that you specify.

HCP Data Migrator (HCP-DM) and the Hitachi Data Discovery Suite (HDDS) search facility do not support the use of IPv6 networks for communication with HCP. To enable clients to use HCP-DM to access the contents of namespaces that the tenant owns or to use the HDDS search facility to search and index those namespaces, you need to specify a data access network that has IPv4 addresses assigned to it.

You can select a different data access network for a tenant at any time. However, when you change the data access network, you also change:

oThe IP addresses used to route namespace data access requests from clients to the tenant

oThe domain name included in the URLs for the namespaces that the tenant owns

Changing the IP addresses and domain name used to access the namespaces that a tenant owns causes all CIFS and NFS mounts of those namespaces to be disconnected from HCP.

TipWebHelp.png

Tip: Be sure to notify the tenant contact when you select a different data access network for a tenant.

A hard quota for the tenant. This is the total amount of storage available to the tenant. The tenant allocates this storage to the namespaces it owns by setting a hard quota for each namespace.

You can allocate more total space to your tenants than is actually available for storing objects. HCP warns you when the space used by all tenants is approaching the system storage capacity.

You can change this quota at any time after you create the tenant. However, you cannot specify a quota that is less than the total amount of storage that the tenant has already allocated to its namespaces.

NoteWebHelp.png

Note: HCP checks the amount of data stored in a namespace against the namespace hard quota hourly. If large amounts of data are added rapidly to a namespace, the namespace can store substantially more data than its hard quota allows.

Each namespace managed by a tenant can exceed its hard quota in this way. As a result, the total amount of storage used by all namespaces owned by a tenant can exceed the hard quota for that tenant.

A soft quota for the tenant. This is the percentage point at which HCP should notify tenant administrators that the storage available to the tenant is running low on free space.

You can change this quota any time after you create the tenant.

A namespace quota for the tenant. This is the number of namespaces that HCP reserves for the tenant out of the total number of namespaces that the system can have (10,000).

You cannot overallocate namespaces. That is, the maximum number of namespaces that you can allocate to tenants is 10,000, or 9,999 if the system includes the default namespace.

You can create tenants that do not have quotas. The total number of namespaces that these tenants can own is equal to the number of unallocated namespaces in the HCP system. If you allocate a total of 10,000 namespaces to other tenants, the tenants that do not have quotas cannot create any namespaces.

You can change the namespace quota for a tenant at any time after you create the tenant, as long as the new quota is not less than the number of namespaces that the tenant currently owns.

NoteWebHelp.png

Note: While an active/passive replication link that includes a given HCP tenant is failed over to the replica, you cannot change the namespace quota for that tenant on the replica. For information on replication links, see Replicating Tenants and Namespaces.

The authentication methods allowed for the tenant. At least one of these authentication methods must be enabled:

oLocal — The tenant supports internal authentication by HCP. To be authenticated, a user must have a locally authenticated HCP user account.

oRADIUS — The tenant supports remote authentication by RADIUS. To be authenticated, a user must have a RADIUS-authenticated HCP user account.

A tenant that supports RADIUS authentication must also support local authentication, Active Directory authentication, or both.

oActive Directory — The tenant supports remote authentication by AD. To be authenticated, a user must have an AD user account.

TipWebHelp.png

Tip: To help ensure that AD authentication is available for those tenants that need to support it, enable AD only for those tenants.

NoteWebHelp.png

Note:  For RADIUS or Active Directory authentication to work for the tenant for:

Access to the Tenant Management Console and HCP management API, the tenant management network must be [hcp_system]

Access to the content of the tenant's namespaces, the tenant data access network must be [hcp_system]

For information on networks, see About virtual networking with HCP.

You can change the allowed authentication methods at any time after you create the tenant. However, you cannot disable local authentication if the only tenant-level account with the security role is a locally authenticated HCP user account. Similarly, you cannot disable AD authentication if the only tenant-level account with the security role is a group account.

If you disable AD authentication for a tenant after the tenant has created group accounts, those accounts continue to exist but are not visible to the tenant. If you subsequently reenable AD authentication for the tenant, the group accounts become visible again.

For information on these authentication methods, see User authentication.

An initial security account for the tenant. This can be a locally authenticated HCP user account or an HCP group account, depending on which authentication methods are allowed for the tenant:

oFor a locally authenticated user account, you specify the account username and password. When HCP creates the tenant, it also creates a tenant-level user account with the specified username and password. This account has only the security role and no data access permissions.

oFor an HCP group account, you select an AD group. When HCP creates the tenant, it also creates a tenant-level group account that corresponds to that AD group. This group account has only the security role and no data access permissions.

For the initial security account to be a group account, Active Directory must be selected as an authentication method for the tenant, HCP must be configured to support AD, and HCP must be able to communicate with AD. For information on this, see Configuring Active Directory or Windows workgroup support.

After creating the tenant, you cannot modify the initial security account configuration from the System Management Console. However, tenant administrators can modify the initial security account configuration in the Tenant Management Console.

For information on user and group accounts, see About user and group accounts.

Optionally, contact information for the tenant. For example, you can specify contact information for the primary person responsible for administering the tenant.

You can change this information at any time after you create the tenant. Tenant-level administrators can also change this information from the Tenant Management Console.

Optionally, tags for the tenant. A tag is an arbitrary text string associated with an HCP tenant. You can associate up to ten tags with any given tenant, and you can use the same tags for multiple tenants.

You can use tags to group tenants and filter tenant lists. For example, if you’ve created multiple tenants for a company named ABC Corporation, you could associate the tag ABC with each of those tenants. Then you could filter a list of tenants to display only the tenants with that tag.

Tags exist only as long as they are associated with at least one tenant. If you remove a tag from the last tenant with which it’s associated, the tag no longer exists.

You can change the tags associated with the tenant at any time after you create the tenant.

Whether the tenant can be replicated.

After creating the tenant, you can change this setting from not allowing replication to allowing replication. However, you cannot do the reverse.

For information on replication, see Replicating Tenants and Namespaces.

If the tenant can be replicated, whether tenant administrators can choose which cloud-optimized namespaces allow erasure coding. If tenant administrators are not allowed to do this, all cloud-optimized namespaces owned by the tenant allow erasure coding.

After creating the tenant, you can change this setting from having all cloud-optimized namespaces allow erasure coding to allowing tenant administrators to choose which cloud-optimized namespaces allow erasure coding. However, you cannot do the reverse.

When HCP is upgraded to release 8.0 or later, preexisting tenants are configured such that tenant administrators cannot select erasure coding for namespaces.

For information on erasure coding, see Protection types.

Whether tenant administrators can select the retention mode for the namespaces that the tenant owns. If this is not allowed, tenant administrators can create namespaces only in enterprise mode.

After creating the tenant, you can change this setting from not allowing tenant administrators to select the retention mode to allowing it. However, you cannot do the reverse.

For retention mode descriptions, see Regulatory compliance.

Whether tenant administrators can enable search for the namespaces that the tenant owns.

After creating the tenant, you can change this setting from not allowing tenant administrators to enable search for the namespaces that the tenant to allowing it. However, you cannot do the reverse.

For information on search, see Search administration.

Whether tenant administrators can associate service plans with the namespaces that the tenant owns. If tenant administrators are not allowed to do this, you need to specify a service plan for the tenant. This specification is not visible in the Tenant Management Console.

After creating the tenant, you can change this setting from not allowing tenant administrators to associate service plans with the namespaces that the tenant owns to allowing it. However, you cannot do the reverse.

For information on service plans, see Working with service plans.

Whether tenant administrators can enable versioning for the namespaces that the tenant owns.

After creating the tenant, you can change this setting from not allowing tenant administrators to enable versioning for the namespaces that the tenant owns to allowing it. However, you cannot do the reverse.

For information on versioning, see Managing a Tenant and Its Namespaces and Using a Namespace.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

HCP tenant creation procedure


To create an HCP tenant:

1.In the top-level menu of the System Management Console, click on Tenants.

2.On the Tenants page, click on Create Tenant.

3.In the Create Tenant panel:

oIf the Make default tenant/namespace option is present, leave it unselected. This option does not appear if the default tenant already exists or if the system does not support creation of the default tenant.

oIn the Tenant Name field, type a unique name for the tenant. HCP derives the hostname for the tenant from this name. The hostname is used in URLs for access to the tenant and its namespaces.

In English, the name you specify for a tenant must be from one through 63 characters long, can contain only alphanumeric characters and hyphens (-), and cannot start or end with a hyphen. In other languages, because the derived English hostname cannot be more than 63 characters long, the name that you specify can be limited to fewer than 63 characters.

Tenant names cannot contain special characters other than hyphens and are not case sensitive. White space is not allowed.

Tenant names cannot start with xn-- (that is, the characters x and n followed by two hyphens).

You can reuse tenant names that are not currently in use. So, for example, if you delete a tenant, you can create a new tenant with the same name that you originally assigned to the deleted tenant.

The following words are reserved and cannot be used as tenant names: admin, cifs, default, fcfs, nfs, scavenging, search, search-api, smb, smtp, snmp, and www.

oOptionally, in the Description field, type a description of the tenant. This text can be up to 1,024 characters long and can contain any valid UTF-8 characters, including white space.

oIn the Management Network field, select the management network for the tenant. The dropdown list of networks does not include empty networks.

The Management Network field is present only if the HCP system is configured to support virtual networking or has the [hcp_management] network enabled.

oIn the Data Network field, select the data access network for the tenant. The dropdown list of networks does not include empty networks.

The Data Network field is present only if the HCP system is configured to support virtual networking.

oIn the Hard Quota field, type the number of gigabytes (GB) or terabytes (TB) of storage to make available to the tenant and select either GB or TB to indicate the measurement unit. Valid values are decimal numbers with up to two places after the period. The minimum is 1 (one) for GB and .01 for TB.

oIn the Soft Quota field, type the percentage point at which you want HCP to notify tenant administrators that free storage space is running low. Valid values are integers in the range 0 (zero) through 100.

oTake one of these actions:

To specify a namespace quota for the tenant, in the Namespace Quota field, type an integer in the range 1 (one) through the current number of namespaces available for allocation.

The number of available namespaces is displayed below the Namespace Quota field. This number is equal to 10,000 minus the number of namespaces currently allocated to HCP tenants, minus the number of namespaces currently owned by HCP tenants that do not have quotas, minus one for the default namespace, if it exists. If any tenants are above their quotas, the number of excess namespaces is also subtracted from the number of available namespaces.

To create the tenant without giving it a namespace quota, select No quota.

oIn the Authentication Methods section, select one or more of these authentication methods for the tenant: Local, RADIUS, and Active Directory. If you select RADIUS, you also need to select one or both of these RADIUS authentication methods: Local or Active Directory.

oIn the Initial Security Account section, select Local or Active Directory to specify the type of initial security account that you want to create for the tenant. Then:

If you selected Local, specify the username and password for the initial HCP user account that you want to create for the tenant:

In the Username field, type a name for the initial HCP user account for the tenant. Usernames must be from one through 64 characters long, can contain any valid UTF-8 characters, and cannot start with an opening square bracket ([). White space is allowed.

Usernames are not case sensitive.

In the Password field, type a password for the initial HCP user account. Passwords can be up to 64 characters long, are case sensitive, and can contain any valid UTF-8 characters, including white space. The minimum length for the password for the initial user account is six characters.

To be valid, a password must include at least one character from two of these three groups: alphabetic, numeric, and other.

In the Confirm Password field, type the password again.

If you selected Active Directory, in the Group field, specify the name of the AD group account whose credentials you want to use for the initial HCP group account that you want to create for the tenant.

oOptionally, specify contact information for the tenant:

1.Click on Contact Information.

2.In the Contact Information panel, fill in the contact information. The table below describes the values that you can specify. Except as indicated, all fields are optional.

Field Description
First Name First name of the tenant contact. First names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
Last Name The last name of the tenant contact. Last names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
Email A valid email address for the tenant contact. Email addresses cannot be more than 254 characters long.
Confirm Email A repeat of the email address for the tenant contact. This field is required if you specify an email address in the Email field.
Phone

A telephone number for the tenant contact. Do not include a telephone number extension. Instead, put the extension, if any, in the Extension field.

Telephone numbers can contain only numbers, parentheses, hyphens (-), periods (.), plus signs (+), and spaces and can be up to 24 characters long (for example, (800) 123-4567).

Extension A telephone number extension for the tenant contact. Telephone number extensions can contain only numbers and can be up to five characters long.
Address Line 1 The first line of an address for the tenant contact. Address lines can be up to 100 characters long and can contain any valid UTF‑8 characters, including white space.
Address Line 2 The second line of an address for the tenant contact.
City The city for the tenant contact. City names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
State/Province The state or province for the tenant contact. State and province names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
Postal Code The postal code for the tenant contact. Postal codes can be up to 64 characters long and can contain only alphanumeric characters and hyphens (-).
Country The country for the tenant contact. Country names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.

oOptionally, associate tags with the tenant:

1.Click on Tags.

2.For each tag you want to associate with the tenant:

a. In the field in the Tags section, type a text string to be used as a tag. Tags must be from one through 64 characters long, can contain any valid UTF-8 characters except commas (,), and are not case sensitive. White space is allowed.

b. Click on Add Tag.

To remove a new tag, click on the delete control (DeleteControl.png) for the tag.

oOptionally, select Replication to allow the tenant to be replicated. This option is present only if the HCP system supports replication.

If you select Replication, take one of these actions:

To have all cloud-optimized namespaces that the tenant owns allow erasure coding, select All cloud-optimized namespaces.

To allow tenant administrators to choose which cloud-optimized namespaces allow, select Selected namespaces.

oOptionally, select Retention Mode Selection to allow tenant administrators to select the retention mode for the namespaces that the tenant owns.

oOptionally, select Search to allow tenant administrators to enable search for the namespaces that the tenant owns.

oTake one of these actions:

To allow tenant administrators to associate service plans with the namespaces that the tenant owns, select Service Plan Selection.

To associate a service plan with the tenant, leave Service Plan Selection unselected. Then either type the name of an existing service plan in the accompanying field or click on the arrow control (UpRightArrowControl.png) for the field. If you click on the arrow control:

1.In the Service Plans window, select the service plan that you want to assign to the tenant.

2.Click on Apply Service Plan.

oOptionally, select Versioning to allow tenant adminstrators to enable versioning for the namespaces that the tenant owns.

4.Click on Create Tenant.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Creating the default tenant and namespace


You create the default tenant and namespace in a single operation in the HCP System Management Console. The name of the default tenant is always Default. Similarly, the name of the default namespace is always Default.

You can create the default tenant and namespace only if allowed to do so by the HCP system configuration.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Default tenant and namespace properties


When creating the default tenant and namespace, you specify:

Optionally, a description of the tenant. For example, you can use a description to specify the purpose of the tenant.

You can change this description at any time after you create the tenant and namespace.

Optionally, contact information for the tenant. For example, you can specify contact information for the primary person responsible for administering the default tenant and namespace.

You can change this information at any time after you create the tenant and namespace. You can change it either from the System Management Console or from the Tenant Management Console for the default tenant.

The cryptographic hash algorithm used to calculate the hash value for each object in the namespace. After creating the tenant and namespace, you cannot change the hash algorithm.

For information on hash algorithms and values, see Content verification service.

The retention mode for the namespace — either enterprise or compliance. Tenant administrators can use the Tenant Management Console to change this setting from enterprise to compliance. However, they cannot do the reverse.

For retention mode descriptions, see Regulatory compliance.

Whether the namespace is search-enabled. Tenant administrators can use the Tenant Management Console to change this setting at any time.

For information on enabling one or more search facilities on an HCP system, see Configuring search.

The service plan for the namespace. Tenant administrators can change use the Tenant Management Console to change this setting at any time.

For information on service plans, see Working with service plans.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Default tenant and namespace creation procedure


To create the default tenant and namespace:

1.In the top-level menu of the System Management Console, click on Tenants.

2.On the Tenants page, click on Create Tenant.

The Create Tenant panel opens.

3.In the Create Tenant panel, select Make default tenant/namespace.

The Create Tenant panel changes to show the applicable options for the default tenant.

4.In the Create Tenant panel:

oOptionally, in the Description field, type a description of the tenant. The description can be up to 1,024 characters long and can contain any valid UTF-8 characters, including white space.

oOptionally, specify contact information for the tenant:

1.Click on Contact Information.

2.In the Contact Information panel, fill in the contact information. The table below describes the values that you can specify. Except as indicated, all fields are optional.

Field Description
First Name First name of the tenant contact. First names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
Last Name The last name of the tenant contact. Last names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
Email A valid email address for the tenant contact. Email addresses cannot be more than 254 characters long.
Confirm Email A repeat of the email address for the tenant contact. This field is required if you specify an email address in the Email field.
Phone

A telephone number for the tenant contact. Do not include a telephone number extension. Instead, put the extension, if any, in the Extension field.

Telephone numbers can contain only numbers, parentheses, hyphens (-), periods (.), plus signs (+), and spaces and can be up to 24 characters long (for example, (800) 123-4567).

Extension A telephone number extension for the tenant contact. Telephone number extensions can contain only numbers and can be up to five characters long.
Address Line 1 The first line of an address for the tenant contact. Address lines can be up to 100 characters long and can contain any valid UTF‑8 characters, including white space.
Address Line 2 The second line of an address for the tenant contact.
City The city for the tenant contact. City names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
State/Province The state or province for the tenant contact. State and province names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
Postal Code The postal code for the tenant contact. Postal codes can be up to 64 characters long and can contain only alphanumeric characters and hyphens (-).
Country The country for the tenant contact. Country names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.

oIn the Hash Algorithm field, select the cryptographic hash algorithm for the default namespace.

oFor Retention Mode, select either Enterprise or Compliance to set the retention mode of the default namespace.

oOptionally, select Enable Search to enable search for the default namespace.

oIn the Service Plan field, specify the service plan for the default namespace. To do this, either type the name of an existing service plan in the accompanying field or click on the arrow control (UpRightArrowControl.png) for the field. If you click on the arrow control:

1.In the Service Plans window, select the service plan that you want to assign to the default namespace.

2.Click on Apply Service Plan.

5.Click on Create Tenant.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Modifying a tenant


After creating a tenant, you can modify some of its properties. You do this in the Settings panel for the tenant.

RoleWebHelp.png

Roles: To view the Settings panel, you need the monitor or administrator role. To modify a tenant, you need the administrator role.

These considerations apply to modifying HCP tenants:

You can enable AD authentication for a tenant only while HCP can communicate with AD.

When you rename a tenant for which AD authentication is enabled, AD authentication is automatically disabled for that tenant. After the operation is complete, you need to manually reenable AD authentication for the tenant.

You cannot rename a tenant while the only account with the security role defined for the tenant is a group account.

You cannot rename a tenant while the CIFS or NFS protocol is enabled for any namespaces owned by that tenant.

When you select a different management network for an HCP tenant while any given user is logged into the Tenant Management Console for that tenant, HCP denies any subsequent requests made within the same Console session. To continue using the Console, the user needs to start a new session so that the client can use the new management network to access the Console for the tenant.

When you select a different data access network for an HCP tenant, HCP denies any client requests for access to namespaces owned by that tenant that arrive over the previously selected network.

When a tenant is replicated from one system to a second system, if the management or data access network selected for the tenant on the first system does not exist on the second system, the applicable field in the tenant Settings panel on the second system shows the network name enclosed in angle brackets (for example, <ten1_data>). This network is not included in the dropdown list for the field, so if you select a different network in that field, you cannot then select the undefined network.

You can change the service plan that’s assigned to a specific tenant by modifying the tenant to select the new service plan or by modifying the new service plan to assign it to the tenant. You can also modify a service plan to assign it to multiple tenants at the same time.

To modify the configuration settings for an individual tenant, including selecting a new service plan for that tenant, follow the procedure outlined below.

For more information on modifying a service plan to assign one or more tenants to it, see Working with service plans.

To modify an existing tenant:

1.In the top-level menu of the System Management Console, click on Tenants.

2.In the list of tenants, click on the name of the tenant that you want to modify.

3.In the row of tabs below the tenant name, click on Settings.

4.In the Settings panel, make the changes you want.

To remove a tag from an HCP tenant, in the Tags section in the Settings panel, click on the delete control ( DeleteControl.png ) for the tag. The row with the tag turns red. To revert the removal before submitting your changes, click again on the delete control.

For information on the fields and options in this panel, see Creating an HCP tenant or Creating the default tenant and namespace, as applicable.

5.Click on Update Settings.

If all of these are true, a confirming message appears:

oYou changed the name of the tenant.

oThe tenant supports AD authentication.

oHCP cannot communicate with AD.

In response to the confirming message, click on Update Settings.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Resetting HCP tenant security


HCP ensures that each HCP tenant always have at least one:

Locally authenticated HCP user account with the security role

Group account with the security role

For a given tenant, it is highly improbable that all locally authenticated users with the security role will forget their passwords at the same time. However, should this happen, if the tenant does not have a group account with the security role, the tenant would have no administrators who could manage user and group accounts.

To resolve this issue, you can use the System Management Console to restore access to the tenant for locally authenticated users with the security role. You can do this in one of two ways:

Reset the passwords for all locally authenticated user accounts with the security role. When you do this, you specify a single password for all affected accounts.

Grant the security role to a new or existing group account. A new group account will have only the security role and no data access permissions. An existing group account will have the security role plus whatever roles and data access permissions it currently has.

You can grant the security role to a group account only if the tenant is configured to support AD authentication, HCP is configured to support AD, and HCP is to communicate with AD. For more information, see Configuring Active Directory or Windows workgroup support.

RoleWebHelp.png

Roles: To reset security for an HCP tenant, you need the administrator role.

To reset security for an HCP tenant:

1.In the top-level menu of the System Management Console, click on Tenants.

2.In the list of tenants, click on the name of the tenant for which you want to reset security.

3.In the row of tabs below the tenant name, click on Settings.

4.In the Settings panel, click on Reset Security.

5.In the Reset Security window, select Local to reset the passwords of all locally authenticated HCP user accounts with the security role, or select Active Directory to grant the security role to a new or existing group account. Then:

oIf you selected Local:

In the Password field, type a new password for the locally authenticated user accounts with the security role. Passwords can be up to 64 characters long, are case sensitive, and can contain any valid UTF-8 characters, including white space. The minimum length for a password is the tenant-specific minimum password length.

To be valid, a password must include at least one character from two of these three groups: alphabetic, numeric, and other.

In the Confirm Password field, type the password again.

oIf you selected Active Directory, in the Group field, enter the name of the AD group account that corresponds to the new HCP group account that you want to create or the existing HCP group to which you want to grant the security role.

6.Click on Reset Security.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Deleting a tenant


You can delete an HCP tenant only if it doesn’t currently own any namespaces. You cannot delete the default tenant.

RoleWebHelp.png

Roles: To delete a tenant, you need the administrator role.

To delete a tenant:

1.In the top-level menu of the System Management Console, click on Tenants.

2.In the list of tenants, click on the delete control ( DeleteControlOrangeWhiteBG.png ) for the tenant that you want to delete.

3.In response to the confirming message, click on Delete.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.