April 13, 2024

When it started?

Ranging from model 10.4.1, we declared the deprecation of native customers in VMware Cloud Director. Whereas they’re nonetheless supported throughout this era of deprecation, we strongly advocate that customers start transitioning away from them. Regardless of this, VMware Cloud Director will proceed to supply full assist for native customers till the ultimate bulletins are made.

In model 10.4.1, you could possibly use the consumer administration API to remap native customers or customers from an present IDP to a brand new IDP supply. You may use this characteristic to remap native customers to any IDP supported by VCD.

What was supported?

Migration of native customers to SAML, LDAP, or OIDC was potential, offered that the Id Supplier (IDP) is appropriately configured and accessible throughout the group. To carry out the migration, API calls are required to switch the consumer information throughout the completely different Id Suppliers.

As well as, this characteristic additionally permits cloud directors emigrate customers between completely different Id Suppliers (IDPs) which might be supported and configured throughout the VMware Cloud Director setting. For example, directors can use this characteristic emigrate customers from LDAP to SAML, amongst different IDP sorts.

What prompted this determination?

Native customers have been a basic characteristic of VCD since its inception with model 1.0. They provide a easy technique to securely retailer usernames and passwords in a hashed format inside VCD. Nonetheless, the absence of latest password administration insurance policies resembling password rotation, complexity necessities, and 2FA/MFA choices, amongst others, has highlighted some limitations. In consequence, this challenge was initiated to deal with these considerations.

How is that this announcement progressing?

In VMware Cloud Director 10.4.2, we’ve launched a bulk consumer remapping UI characteristic to assist our prospects within the transition from locally-managed customers to an externally-managed identification supplier system. The aim of this characteristic is to make the migration course of smoother and extra easy for our customers.

All concerning the characteristic…

This characteristic is known as Bulk Consumer Migration / Remapping.

  • VMware Cloud Director 10.4.2 presents a user-friendly bulk consumer migration choice to simplify the method of remapping customers between completely different Id Suppliers (IDPs) from the UI.

Consumer Migration is a 3-step course of:

Step a) Export Consumer: Select the consumer you want to migrate to a distinct Id Supplier (IDP) and export their information to a CSV file. You can too apply filters to pick the precise customers you need to migrate.

Export Customers

Step b) Add CSV: Edit the consumer properties throughout the CSV file, after which proceed to add the file with the up to date info.

CSV file with consumer properties
Within the image, you may see the identify of the uploaded file, together with the rely of all of the customers detected within the CSV file and a few different particulars.

Please take notice that on this launch, solely adjustments made to the username and providerType consumer properties might be acknowledged. Any modifications to different fields won’t be thought of. Moreover, it’s necessary to notice that the e-mail ID discipline continues to be non-compulsory and never required.

Step c) Replace Customers: Carry out the consumer replace process based mostly on the knowledge offered within the CSV file.

The picture shows each the progress of Consumer Migration and the rely of customers who has both efficiently migrated, did not migrate, or skipped the migration course of. The entire period taken to finish the duty can be displayed.

Listed here are just a few key issues to remember:

  1. The consumer migration happens sequentially, with every consumer being migrated one by one.
  2. There are presently no restrictions on the variety of customers that may be migrated directly.
  3. Exiting the web page through the migration course of shouldn’t be permitted and can lead to a warning message. If the warning is accepted, the migration job might be cancelled.
  4. Though it’s potential to halt the consumer migration choice, it’s not potential to forestall customers who’ve already been migrated.
  5. For the time being, it’s not potential to revert again to an area providerType utilizing this device if customers are experiencing login difficulties after the consumer migration course of.
  6. If a consumer is migrating to the IDP that already exists in VCD, the migration engine will skip that specific consumer’s migration course of. (The skipped customers rely will enhance by one).
  7. Through the consumer migration to an IDP, the UserID of the consumer is retained, making certain that every one objects owned by the consumer stay underneath their possession. That is finished routinely.
  8. Within the occasion {that a} consumer is a part of a bunch, the identical group have to be created manually on the supply IDP, and the consumer will routinely affiliate with the group upon their first login.
  9. Adjustments made to consumer particulars will take impact both after the scheduled synchronization operation has completed or after the consumer logs in for the primary time. The biographical info of the consumer might be retrieved from the IDP and used to replace the main points of the migrated consumer in VCD.

Troubleshooting:

  • The UI will throw an error if there are any typo or syntax errors within the CSV file.
The providerType was inaccurately specified within the picture

Please be suggested that the providerType worth have to be both LOCAL, LDAP, SAML, or OAUTH as these are the one supported IDPs in VCD.

Please notice that VCD validates the CSV file first earlier than initiating any API calls to hold out the duty.

  • To view info on customers who have been unable emigrate or skipped, you may obtain the Error Report.
  • Within the occasion of errors for sure customers through the migration course of, you may resolve them after which rerun the migration course of. Beforehand migrated customers might be skipped and never affected.
  • For added info, please consult with the overall VMware Cloud Director logs.

Situations/Questions

Migration takes too lengthy, and the progress stops. Please make sure that the browser window containing the migration course of shouldn’t be minimized or made inactive and stays energetic and in focus all through. If the window is minimized or made inactive, you will want to cease the method and start once more.
The migration course of has completed however customers’ information are usually not up to date from the IDP Please await the synchronization course of between VCD and IDP to finish or carry out a handbook login utilizing the required consumer credentials.
Can I restart the migration course of with the identical CSV file? That’s appropriate, any customers which have already been up to date might be skipped, and the method will resume from the place it left off.
Can I restart the method for the errored migrations? If an error happens, a obtain hyperlink is accessible that gives a CSV file containing particulars of the errors. This file can be utilized to make vital corrections after which uploaded once more.
Can I revert the method? Automating this course of shouldn’t be potential. Mainly, it’s a handbook course of.

Please be suggested that this report is meant for informational functions solely and represents our greatest effort to supply correct and helpful insights.