Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Creating a tenant

The information you provide when creating the default tenant differs from the information you provide for HCP tenants. This is because:

  • When you create the default tenant, HCP automatically creates the default namespace as well
  • HCP administers storage usage differently for the default tenant

This section contains separate procedures for creating the two types of tenants.

NoteTo create an HCP tenant or the default tenant and namespace, you need the administrator role.

You can create the default tenant and namespace only if allowed to do so by the system configuration.

Creating an HCP tenant

You create HCP tenants in the System Management Console. After an HCP tenant exists, tenant administrators can use the Tenant Management Console to create namespaces for the tenant.

HCP tenant properties

You specify a set of properties when you create a tenant.

You can specify the following tenant properties:

  • A name for the tenant. This name determines the URL for the tenant.

    When naming tenants, keep in mind that each tenant name must be unique within an HCP system. For example, you cannot create a tenant named finance for each of two different customers. You could, however, create a tenant named cust1-finance for Customer 1 and another tenant named cust2-finance for Customer 2.

    Also, keep in mind that you cannot replicate a tenant to another HCP system that already has a different tenant with the same name.

    You can change the tenant name at any time after you create the tenant, except while the CIFS or NFS protocol is enabled for any of the tenant's namespaces. However, keep in mind that when you change the tenant name, you are also changing the URLs for the tenant and its namespaces.

    Be sure to notify the tenant contact when you change the name of a tenant.

  • Optionally, a description of the tenant. For example, you can use a description to specify the name of the organization for which you’re creating the tenant.

    You can change this description at any time after you create the tenant.

  • In an HCP system that uses virtual networking and has the management network enabled at the System Management Console, a management network for the tenant. Clients use this network to access the Tenant Management Console and HCP management API for the tenant. Clients use the domain name associated with this network when sending access requests to the management interfaces (Tenant Management Console and HCP management API) for the tenant.

    You need to ensure that requests for access to the Tenant Management Console and HCP management API for the tenant are routable from the clients to the HCP system over the management network that you specify.

    If the tenant is configured to allow system-level users to manage it, those users can access its Tenant Management Console directly from the System Management Console even if the tenant management network is not [hcp_system].

    You can select a different management network for a tenant at any time. However, when you change the management network, you also change:

    • The IP addresses used to route access requests from clients to the management interfaces (Tenant Management Console and HCP management interface) for the tenant
    • The management network domain name included in the tenant URL.

      Be sure to notify the tenant contact when you select a different management network for a tenant.

  • In an HCP system that uses virtual networking, a data access network for the tenant. Clients use this network to access the contents of namespaces that the tenant owns. Clients use the domain name associated with this network when sending namespace data access requests to the tenant.

    You need to ensure that requests for access to the contents of the namespaces that the tenant owns are routable from the clients to the HCP system over the data access network that you specify.

    HCP Data Migrator (HCP-DM) and the Hitachi Data Discovery Suite (HDDS) search facility do not support the use of IPv6 networks for communication with HCP. To enable clients to use HCP-DM to access the contents of namespaces that the tenant owns or to use the HDDS search facility to search and index those namespaces, you need to specify a data access network that has IPv4 addresses assigned to it.

    You can select a different data access network for a tenant at any time. However, when you change the data access network, you also change:

    • The IP addresses used to route namespace data access requests from clients to the tenant
    • The domain name included in the URLs for the namespaces that the tenant owns

    Changing the IP addresses and domain name used to access the namespaces that a tenant owns causes all CIFS and NFS mounts of those namespaces to be disconnected from HCP.

    Be sure to notify the tenant contact when you select a different data access network for a tenant.

  • A hard quota for the tenant. This is the total amount of storage available to the tenant. The tenant allocates this storage to the namespaces it owns by setting a hard quota for each namespace.

    You can allocate more total space to your tenants than is actually available for storing objects. HCP warns you when the space used by all tenants is approaching the system storage capacity.

    You can change this quota at any time after you create the tenant. However, you cannot specify a quota that is less than the total amount of storage that the tenant has already allocated to its namespaces.

    HCP checks the amount of data stored in a namespace against the namespace hard quota hourly. If large amounts of data are added rapidly to a namespace, the namespace can store substantially more data than its hard quota allows.

    Each namespace managed by a tenant can exceed its hard quota in this way. As a result, the total amount of storage used by all namespaces owned by a tenant can exceed the hard quota for that tenant.

  • A soft quota for the tenant. This is the percentage point at which HCP should notify tenant administrators that the storage available to the tenant is running low on free space.

    You can change this quota any time after you create the tenant.

  • A namespace quota for the tenant. This is the number of namespaces that HCP reserves for the tenant out of the total number of namespaces that the system can have (10,000).

    You cannot overallocate namespaces. That is, the maximum number of namespaces that you can allocate to tenants is 10,000, or 9,999 if the system includes the default namespace.

    You can create tenants that do not have quotas. The total number of namespaces that these tenants can own is equal to the number of unallocated namespaces in the HCP system. If you allocate a total of 10,000 namespaces to other tenants, the tenants that do not have quotas cannot create any namespaces.

    You can change the namespace quota for a tenant at any time after you create the tenant, as long as the new quota is not less than the number of namespaces that the tenant currently owns.

    While an active/passive replication link that includes a given HCP tenant is failed over to the replica, you cannot change the namespace quota for that tenant on the replica.

  • The authentication methods allowed for the tenant. At least one of these authentication methods must be enabled:
    • Local

      The tenant supports internal authentication by HCP. To be authenticated, a user must have a locally authenticated HCP user account.

    • RADIUS

      The tenant supports remote authentication by RADIUS. To be authenticated, a user must have a RADIUS-authenticated HCP user account.

      A tenant that supports RADIUS authentication must also support local authentication, Active Directory authentication, or both.

    • Active Directory

      The tenant supports remote authentication by AD. To be authenticated, a user must have an AD user account.

      TipTo help ensure that AD authentication is available for those tenants that need to support it, enable AD only for those tenants.

      For RADIUS or Active Directory authentication to work for the tenant to access the Tenant Management Console and HCP management API, the tenant management network must be [hcp_system]. Similarly, for RADIUS or Active Directory authentication to work for the tenant to access the content of the tenant's namespaces, the tenant data access network must be [hcp_system].

      You can change the allowed authentication methods at any time after you create the tenant. However, you cannot disable local authentication if the only tenant-level account with the security role is a locally authenticated HCP user account. Similarly, you cannot disable AD authentication if the only tenant-level account with the security role is a group account.

      If you disable AD authentication for a tenant after the tenant has created group accounts, those accounts continue to exist but are not visible to the tenant. If you subsequently reenable AD authentication for the tenant, the group accounts become visible again.

  • An initial security account for the tenant. This can be a locally authenticated HCP user account or an HCP group account, depending on which authentication methods are allowed for the tenant:
    • For a locally authenticated user account, you specify the account username and password. When HCP creates the tenant, it also creates a tenant-level user account with the specified username and password. This account has only the security role and no data access permissions.
    • For an HCP group account, you select an AD group. When HCP creates the tenant, it also creates a tenant-level group account that corresponds to that AD group. This group account has only the security role and no data access permissions.

      For the initial security account to be a group account, Active Directory must be selected as an authentication method for the tenant, HCP must be configured to support AD, and HCP must be able to communicate with AD.

    After creating the tenant, you cannot modify the initial security account configuration from the System Management Console. However, tenant administrators can modify the initial security account configuration in the Tenant Management Console.

  • Optionally, contact information for the tenant. For example, you can specify contact information for the primary person responsible for administering the tenant.

    You can change this information at any time after you create the tenant. Tenant-level administrators can also change this information from the Tenant Management Console.

  • Optionally, tags for the tenant. A tag is an arbitrary text string associated with an HCP tenant. You can associate up to ten tags with any given tenant, and you can use the same tags for multiple tenants.

    You can use tags to group tenants and filter tenant lists. For example, if you’ve created multiple tenants for a company named ABC Corporation, you could associate the tag ABC with each of those tenants. Then you could filter a list of tenants to display only the tenants with that tag.

    Tags exist only as long as they are associated with at least one tenant. If you remove a tag from the last tenant with which it’s associated, the tag no longer exists.

    You can change the tags associated with the tenant at any time after you create the tenant.

  • Whether the tenant can be replicated.

    After creating the tenant, you can change this setting from not allowing replication to allowing replication. However, you cannot do the reverse.

  • If the tenant can be replicated, whether tenant administrators can choose which cloud-optimized namespaces allow erasure coding. If tenant administrators are not allowed to do this, all cloud-optimized namespaces owned by the tenant allow erasure coding.

    After creating the tenant, you can change this setting from having all cloud-optimized namespaces allow erasure coding to allowing tenant administrators to choose which cloud-optimized namespaces allow erasure coding. However, you cannot do the reverse.

    When HCP is upgraded to release 8.0 or later, preexisting tenants are configured such that tenant administrators cannot select erasure coding for namespaces.

  • Whether tenant administrators can select the retention mode for the namespaces that the tenant owns. If this is not allowed, tenant administrators can create namespaces only in enterprise mode.

    After creating the tenant, you can change this setting from not allowing tenant administrators to select the retention mode to allowing it. However, you cannot do the reverse.

  • Whether tenant administrators can enable search for the namespaces that the tenant owns.

    After creating the tenant, you can change this setting from not allowing tenant administrators to enable search for the namespaces that the tenant to allowing it. However, you cannot do the reverse.

  • Whether tenant administrators can associate service plans with the namespaces that the tenant owns. If tenant administrators are not allowed to do this, you need to specify a service plan for the tenant. This specification is not visible in the Tenant Management Console.

    After creating the tenant, you can change this setting from not allowing tenant administrators to associate service plans with the namespaces that the tenant owns to allowing it. However, you cannot do the reverse.

  • Whether tenant administrators can enable versioning for the namespaces that the tenant owns.

    After creating the tenant, you can change this setting from not allowing tenant administrators to enable versioning for the namespaces that the tenant owns to allowing it. However, you cannot do the reverse.

HCP tenant creation procedure

Before you begin

To create an HCP tenant or the default tenant and namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the System Management Console, click Tenants.

  2. On the Tenants page, click Create Tenant.

  3. In the Create Tenant panel:

    1. If the Make default tenant/namespace option is present, leave it unselected. This option does not appear if the default tenant already exists or if the system does not support creation of the default tenant.

    2. In the Tenant Name field, type a unique name for the tenant. HCP derives the host name for the tenant from this name. The host name is used in URLs for access to the tenant and its namespaces.

      In English, the name you specify for a tenant must be from one through 63 characters long, can contain only alphanumeric characters and hyphens (-), and cannot start or end with a hyphen. In other languages, because the derived English hostname cannot be more than 63 characters long, the name that you specify can be limited to fewer than 63 characters.

      Tenant names cannot contain special characters other than hyphens and are not case sensitive. White space is not allowed.

      Tenant names cannot start with xn-- (that is, the characters x and n followed by two hyphens).

      You can reuse tenant names that are not currently in use. So, for example, if you delete a tenant, you can create a new tenant with the same name that you originally assigned to the deleted tenant.

      The following words are reserved and cannot be used as tenant names: admin, cifs, default, fcfs, nfs, scavenging, search, search-api, smb, smtp, snmp, and www.

    3. Optionally, in the Description field, type a description of the tenant. This text can be up to 1,024 characters long and can contain any valid UTF-8 characters, including white space.

    4. In the Management Network field, select the management network for the tenant. The dropdown list of networks does not include empty networks.

      The Management Network field is present only if the HCP system is configured to support virtual networking or has the [hcp_management] network enabled.

    5. In the Data Network field, select the data access network for the tenant. The dropdown list of networks does not include empty networks.

      The Data Network field is present only if the HCP system is configured to support virtual networking.

    6. In the Hard Quota field, type the number of gigabytes (GB) or terabytes (TB) of storage to make available to the tenant and select either GB or TB to indicate the measurement unit. Valid values are decimal numbers with up to two places after the period. The minimum is 1 (one) for GB and .01 for TB.

    7. In the Soft Quota field, type the percentage point at which you want HCP to notify tenant administrators that free storage space is running low. Valid values are integers in the range 0 (zero) through 100.

    8. Take one of these actions:

      • To specify a namespace quota for the tenant, in the Namespace Quota field, type an integer in the range 1 (one) through the current number of namespaces available for allocation.

        The number of available namespaces is displayed below the Namespace Quota field. This number is equal to 10,000 minus the number of namespaces currently allocated to HCP tenants, minus the number of namespaces currently owned by HCP tenants that do not have quotas, minus one for the default namespace, if it exists. If any tenants are above their quotas, the number of excess namespaces is also subtracted from the number of available namespaces.

      • To create the tenant without giving it a namespace quota, select No quota.
    9. In the Authentication Methods section, select one or more of these authentication methods for the tenant: Local, RADIUS, and Active Directory. If you select RADIUS, you also need to select one or both of these RADIUS authentication methods: Local or Active Directory.

    10. In the Initial Security Account section, select Local or Active Directory to specify the type of initial security account that you want to create for the tenant. Then:

      • If you selected Local, specify the user name and password for the initial HCP user account that you want to create for the tenant:
        • In the Username field, type a name for the initial HCP user account for the tenant. Usernames must be from one through 64 characters long, can contain any valid UTF-8 characters, and cannot start with an opening square bracket ([). White space is allowed.

          User names are not case-sensitive.

        • In the Password field, type a password for the initial HCP user account. Passwords can be up to 64 characters long, are case-sensitive, and can contain any valid UTF-8 characters, including white space. The minimum length for the password for the initial user account is six characters.

          To be valid, a password must include at least one character from two of these three groups: alphabetic, numeric, and other.

        • In the Confirm Password field, type the password again.
      • If you selected Active Directory, in the Group field, specify the name of the AD group account whose credentials you want to use for the initial HCP group account that you want to create for the tenant.
    11. Optionally, specify contact information for the tenant:

      1. Click Contact Information.
      2. In the Contact Information panel, fill in the contact information. The table below describes the values that you can specify. Except as indicated, all fields are optional.
        FieldDescription
        First NameFirst name of the tenant contact. First names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
        Last NameThe last name of the tenant contact. Last names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
        EmailA valid email address for the tenant contact. Email addresses cannot be more than 254 characters long.
        Confirm EmailA repeat of the email address for the tenant contact. This field is required if you specify an email address in the Email field.
        Phone

        A telephone number for the tenant contact. Do not include a telephone number extension. Instead, put the extension, if any, in the Extension field.

        Telephone numbers can contain only numbers, parentheses, hyphens (-), periods (.), plus signs (+), and spaces and can be up to 24 characters long (for example, (800) 123-4567).

        ExtensionA telephone number extension for the tenant contact. Telephone number extensions can contain only numbers and can be up to five characters long.
        Address Line 1The first line of an address for the tenant contact. Address lines can be up to 100 characters long and can contain any valid UTF‑8 characters, including white space.
        Address Line 2The second line of an address for the tenant contact.
        CityThe city for the tenant contact. City names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
        State/ProvinceThe state or province for the tenant contact. State and province names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
        Postal CodeThe postal code for the tenant contact. Postal codes can be up to 64 characters long and can contain only alphanumeric characters and hyphens (-).
        CountryThe country for the tenant contact. Country names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
    12. Optionally, associate tags with the tenant:

      1. Click Tags.
      2. For each tag you want to associate with the tenant:
        1. In the field in the Tags section, type a text string to be used as a tag. Tags must be from one through 64 characters long, can contain any valid UTF-8 characters except commas (,), and are not case sensitive. White space is allowed.
        2. Click Add Tag.

          To remove a new tag, click the delete control (Delete Control icon) for the tag.

    13. Optionally, select Replication to allow the tenant to be replicated. This option is present only if the HCP system supports replication.

      If you select Replication, take one of these actions:

      • To have all cloud-optimized namespaces that the tenant owns allow erasure coding, select All cloud-optimized namespaces.
      • To allow tenant administrators to choose which cloud-optimized namespaces allow, select Selected namespaces.
    14. Optionally, select Retention Mode Selection to allow tenant administrators to select the retention mode for the namespaces that the tenant owns.

    15. Optionally, select Search to allow tenant administrators to enable search for the namespaces that the tenant owns.

    16. Take one of these actions:

      • To allow tenant administrators to associate service plans with the namespaces that the tenant owns, select Service Plan Selection.
      • To associate a service plan with the tenant, leave Service Plan Selection unselected. Then either type the name of an existing service plan in the accompanying field or click the arrow control (Arrow control icon) for the field. If you click the arrow control:
        1. In the Service Plans window, select the service plan that you want to assign to the tenant.
        2. Click Apply Service Plan.
    17. Optionally, select Versioning to allow tenant adminstrators to enable versioning for the namespaces that the tenant owns.

  4. Click Create Tenant.

Creating the default tenant and namespace

You create the default tenant and namespace in a single operation in the HCP System Management Console. The name of the default tenant is always Default. Similarly, the name of the default namespace is always Default.

You can create the default tenant and namespace only if allowed to do so by the HCP system configuration.

Default tenant and namespace properties

When creating the default tenant and namespace, you specify:

  • Optionally, a description of the tenant. For example, you can use a description to specify the purpose of the tenant.

    You can change this description at any time after you create the tenant and namespace.

  • Optionally, contact information for the tenant. For example, you can specify contact information for the primary person responsible for administering the default tenant and namespace.

    You can change this information at any time after you create the tenant and namespace. You can change it either from the System Management Console or from the Tenant Management Console for the default tenant.

  • The cryptographic hash algorithm used to calculate the hash value for each object in the namespace. After creating the tenant and namespace, you cannot change the hash algorithm.
  • The retention mode for the namespace — either enterprise or compliance. Tenant administrators can use the Tenant Management Console to change this setting from enterprise to compliance. However, they cannot do the reverse.
  • Whether the namespace is search-enabled. Tenant administrators can use the Tenant Management Console to change this setting at any time.
  • The service plan for the namespace. Tenant administrators can change use the Tenant Management Console to change this setting at any time.

Default tenant and namespace creation procedure

Before you begin

To create an HCP tenant or the default tenant and namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the System Management Console, click Tenants.

  2. On the Tenants page, click Create Tenant.

    The Create Tenant panel opens.
  3. In the Create Tenant panel, select Make default tenant/namespace.

    The Create Tenant panel changes to show the applicable options for the default tenant.
  4. In the Create Tenant panel:

    1. Optionally, in the Description field, type a description of the tenant.

      The description can be up to 1,024 characters long and can contain any valid UTF-8 characters, including white space.

    2. Optionally, specify contact information for the tenant:

      1. Click Contact Information.
      2. In the Contact Information panel, fill in the contact information. The table below describes the values that you can specify. Except as indicated, all fields are optional.
        FieldDescription
        First NameFirst name of the tenant contact. First names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
        Last NameThe last name of the tenant contact. Last names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
        EmailA valid email address for the tenant contact. Email addresses cannot be more than 254 characters long.
        Confirm EmailA repeat of the email address for the tenant contact. This field is required if you specify an email address in the Email field.
        Phone

        A telephone number for the tenant contact. Do not include a telephone number extension. Instead, put the extension, if any, in the Extension field.

        Telephone numbers can contain only numbers, parentheses, hyphens (-), periods (.), plus signs (+), and spaces and can be up to 24 characters long (for example, (800) 123-4567).

        ExtensionA telephone number extension for the tenant contact. Telephone number extensions can contain only numbers and can be up to five characters long.
        Address Line 1The first line of an address for the tenant contact. Address lines can be up to 100 characters long and can contain any valid UTF‑8 characters, including white space.
        Address Line 2The second line of an address for the tenant contact.
        CityThe city for the tenant contact. City names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
        State/ProvinceThe state or province for the tenant contact. State and province names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
        Postal CodeThe postal code for the tenant contact. Postal codes can be up to 64 characters long and can contain only alphanumeric characters and hyphens (-).
        CountryThe country for the tenant contact. Country names can be up to 64 characters long and can contain any valid UTF‑8 characters, including white space.
    3. In the Hash Algorithm field, select the cryptographic hash algorithm for the default namespace.

    4. For Retention Mode, select either Enterprise or Compliance to set the retention mode of the default namespace.

    5. Optionally, select Enable Search to enable search for the default namespace.

    6. In the Service Plan field, specify the service plan for the default namespace. To do this, either type the name of an existing service plan in the accompanying field or click the arrow control (arrow control icon) for the field. If you click the arrow control:

      1. In the Service Plans window, select the service plan that you want to assign to the default namespace.
      2. Click Apply Service Plan.
  5. Click Create Tenant.

 

  • Was this article helpful?