When it started?

Starting up from edition 10.4.1, we declared the deprecation of nearby customers in VMware Cloud Director. Even though they are continue to supported throughout this time period of deprecation, we strongly suggest that end users begin transitioning absent from them. Regardless of this, VMware Cloud Director will proceed to provide comprehensive assist for community buyers until eventually the final announcements are built.

In version 10.4.1, you could use the consumer management API to remap community customers or buyers from an present IDP to a new IDP source. You could use this element to remap neighborhood users to any IDP supported by VCD.

What was supported?

Migration of regional people to SAML, LDAP, or OIDC was achievable, delivered that the Identity Company (IDP) is properly configured and accessible inside the firm. To carry out the migration, API calls are needed to transfer the user data throughout the diverse Identity Companies.

In addition, this characteristic also permits cloud directors to migrate consumers in between different Identification Suppliers (IDPs) that are supported and configured in just the VMware Cloud Director environment. For occasion, directors can use this element to migrate buyers from LDAP to SAML, between other IDP kinds.

What prompted this conclusion?

Neighborhood end users have been a elementary aspect of VCD due to the fact its inception with variation 1.. They supply a straightforward way to securely shop usernames and passwords in a hashed format in VCD. Nonetheless, the absence of modern day password administration guidelines these types of as password rotation, complexity specifications, and 2FA/MFA solutions, between other folks, has highlighted some limitations. As a result, this project was initiated to tackle these considerations.

How is this announcement progressing?

In VMware Cloud Director 10.4.2, we have introduced a bulk user remapping UI element to guidance our customers in the transition from domestically-managed customers to an externally-managed identity company technique. The reason of this element is to make the migration process smoother and additional simple for our people.

All about the feature…

This feature is known as Bulk User Migration / Remapping.

  • VMware Cloud Director 10.4.2 provides a consumer-welcoming bulk user migration solution to simplify the method of remapping end users between unique Identification Suppliers (IDPs) from the UI.

Person Migration is a 3-stage process:

Stage a) Export User: Select the consumer you would like to migrate to a various Identity Provider (IDP) and export their data to a CSV file. You can also utilize filters to pick out the unique end users you want to migrate.

Export End users

Stage b) Add CSV: Edit the user attributes inside the CSV file, and then progress to add the file with the up to date information and facts.

CSV file with user properties
In the picture, you can see the title of the uploaded file, together with the depend of all the end users detected in the CSV file and a pair of other particulars.

Be sure to acquire notice that in this launch, only adjustments made to the username and providerType person properties will be recognized. Any modifications to other fields will not be regarded. Also, it’s critical to note that the e-mail ID discipline is still optional and not expected.

Action c) Update Customers: Execute the consumer update process based on the facts delivered in the CSV file.

The graphic shows equally the development of User Migration and the count of end users who has either effectively migrated, unsuccessful to migrate, or skipped the migration process. The complete duration taken to complete the activity is also displayed.

In this article are a handful of important items to hold in intellect:

  1. The consumer migration occurs sequentially, with each individual user staying migrated one particular at a time.
  2. There are presently no restrictions on the variety of consumers that can be migrated at after.
  3. Exiting the web site during the migration procedure is not permitted and will consequence in a warning concept. If the warning is accepted, the migration process will be cancelled.
  4. While it’s attainable to halt the consumer migration possibility, it’s not probable to avoid people who have currently been migrated.
  5. At the minute, it’s not probable to revert again to a neighborhood providerType making use of this instrument if end users are suffering from login complications right after the consumer migration process.
  6. If a user is migrating to the IDP that currently exists in VCD, the migration engine will skip that particular user’s migration system. (The skipped people rely will improve by just one).
  7. In the course of the consumer migration to an IDP, the UserID of the person is retained, ensuring that all objects owned by the consumer continue being underneath their possession. This is done immediately.
  8. In the event that a consumer is component of a group, the very same group need to be made manually on the supply IDP, and the person will automatically affiliate with the group upon their 1st login.
  9. Modifications made to consumer aspects will acquire impact both immediately after the scheduled synchronization procedure has concluded or just after the consumer logs in for the first time. The biographical information of the user will be retrieved from the IDP and utilised to update the aspects of the migrated person in VCD.

Troubleshooting:

  • The UI will throw an mistake if there are any kind or syntax mistakes in the CSV file.
The providerType was inaccurately specified in the picture

You should be recommended that the providerType benefit need to be either Area, LDAP, SAML, or OAUTH as these are the only supported IDPs in VCD.

You should notice that VCD validates the CSV file to start with prior to initiating any API calls to have out the activity.

  • To look at facts on buyers who were being unable to migrate or skipped, you can obtain the Mistake Report.
  • In the party of glitches for certain users through the migration course of action, you can solve them and then rerun the migration process. Beforehand migrated end users will be skipped and not impacted.
  • For additional information and facts, you should refer to the general VMware Cloud Director logs.

Situations/Questions

Migration requires way too very long, and the development stops. You should make certain that the browser window that contains the migration process is not minimized or built inactive and remains active and in concentrate throughout. If the window is minimized or created inactive, you will need to have to prevent the process and get started all over again.
The migration approach has completed but users’ facts are not current from the IDP Remember to hold out for the synchronization system between VCD and IDP to complete or accomplish a handbook login working with the specified person qualifications.
Can I restart the migration system with the exact CSV file? That’s appropriate, any users that have previously been updated will be skipped, and the system will resume from where it remaining off.
Can I restart the method for the errored migrations? If an mistake occurs, a download backlink is offered that provides a CSV file that contains particulars of the faults. This file can be made use of to make important corrections and then uploaded once again.
Can I revert the method? Automating this approach is not probable. Essentially, it is a handbook approach.

Make sure you be suggested that this report is intended for informational purposes only and signifies our best effort and hard work to present correct and handy insights.

Source link