CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

Tenant Information


CloudCenter supports a multi-tenant model where each enterprise/department can be modeled as a tenant. All tenants within a cloud region or datacenter can use CloudCenter's multi-tenant, multi‐user architecture and only requires at least one CCM and one CCO per cloud region or datacenter.

Tenant Structure

Tenants have a single root hierarchical tree structure. Each tenant has its' own set of users. When CloudCenter is first installed, it is set up with one root tenant and one root tenant user. This root tenant user is the root administrator and is referred to as the CloudCenter platform administrator. CloudCenter customers must designate an administrative-level user as the CloudCenter platform administrator.

Tenants get complete independence with respect to managing their users and groups. CloudCenter treats tenants as independent organizations, each served by tenant administrator.

Users within a tenant can collaborate with each other.

Users in Tenant A cannot collaborate with users in Tenant B and vice versa.

Tenant Profile Information

Tenant administrators can change their profile by accessing the Admin > Tenant InformationEdit Tenant Information page.

See the following links for additional details:

Additional Self-Service Sign-up Activation Rules

 Admins can configure a different activation profile based on a user-provided promotion code (at sign up time)

  • In the CCM UI > Admin > Tenant Information page, identify the following information:
    • Activation Reference Code: Identify the activation code or rules (Add Activation Rule)
    • Select Activation Profile: Select from a list of pre-configured profiles.
  • In the Admin Console configuration – see SAML SSO, identify the following information:
    • Activation Profiles Reference: Identify an attribute in your metadata to pick an associated activation profile instead of the default profile.

Default Security Group

When deploying a job, every user has a security group created by default (on clouds like AWS and OpenStack). See Security and Firewall Rules for additional context. This security group is attached to every node launched by this user so these nodes can self reference and communicate with each other.

While enabled by default, admins can disable this feature and prevent a user security group being created for each user.

To disable this feature, check the following check box in the Tenant Information page. This puts the onus back on the users to manually set up the inter-node communication for their respective deployments.:

  • CloudCenter 4.8.0: Do not create default user security group check box
  • CloudCenter 4.8.1: Allow launched VMs to communicate with each other check box

Parent Administrator

When creating a new tenant, the parent administrator can configure the tenant logo, change the tenant UI's color and fonts, enable clouds for this tenant.

The parent administrator can control the following information for their tenants:

Tenants administrators can setup additional sub‐tenants as necessary. See Sub-Tenant Configuration.

© 2017-2019 Cisco Systems, Inc. All rights reserved