Cloud accounts
Summarize
Summary of Cloud accounts
A cloud account in Cloud Provisioning and Governance represents your managed cloud infrastructure, encompassing one or more service accounts from potentially different cloud providers. It allows you to manage cloud resources by grouping specific service accounts along with selected datacenters (logical datacenters or LDCs), which are region-specific virtual clouds hosting your resources.
Show less
Key Features
- Add Logical Datacenters (LDCs): You can associate multiple LDCs with a cloud account, specifying which datacenters to include for resource provisioning.
- Run Discovery: Discover changes in cloud resources within LDCs to keep the CMDB updated with configuration and lifecycle changes.
- Set Capacity Limits: Define limits on cloud services such as virtual machines, CPUs, networks, and storage per LDC to ensure resources are provisioned within appropriate scales. This is particularly important for capacity-constrained environments like private clouds.
- Publish Cloud Accounts: Once configured and after running Discovery, publish cloud accounts to enable business teams to deploy cloud stacks via blueprints or the Cloud User Portal.
- Flexible Structure: You can add multiple service accounts and their respective LDCs to a cloud account with restrictions to avoid overlapping regions across service accounts, maintaining compliance and security policies.
Practical Guidelines
- Keep cloud accounts in Draft state while configuring and only publish them after Discovery to make resources available for deployment.
- Add new logical datacenters to existing cloud accounts as your cloud infrastructure grows.
- Set and manage capacity limits separately for each LDC within a cloud account to control resource usage effectively.
- Understand the supported cloud account structures to avoid conflicts—for example, the same service account can be added multiple times if associated with different LDCs, but the same region (LDC) from different service accounts cannot be added to the same cloud account.
Discovery and Cloud Services
The Discovery process supports identifying AWS and Microsoft Azure cloud services, helping keep your CMDB current with the resources available in these environments.
Why This Matters
Using cloud accounts helps enforce governance, security, and compliance by controlling where and how cloud resources are provisioned. It enables you to manage capacity effectively and provide controlled access to cloud deployments for business teams, ensuring cloud infrastructure is used efficiently and securely.
A cloud account is the logical representation in Cloud Provisioning and Governance of all or part of your managed cloud infrastructure. A cloud account can include multiple service accounts — even service accounts from different providers. For each service account, you specify which datacenters to include in the cloud account.
- Add LDCs. A logical datacenter (LDC) is a region-specific virtual cloud that is associated with a service account. The datacenter hosts your cloud resources.
- Run Discovery on LDCs to update the CMDB with configuration changes or life cycle changes (create/modify/terminate) for each resource in each logical datacenter (LDC) that is associated with the cloud account.
- Set capacity limits on cloud services like virtual machines, virtual CPUs, virtual networks, aggregate storage volume size, and others. Set limits to help ensure that cloud resources are provisioned at appropriate scales. Limits are especially important for capacity-constrained environments like private clouds.
- Publish a cloud account to enable business teams to deploy stacks.
Structure of a cloud account
An advantage of cloud accounts is that you can group specified service accounts with only the regions (datacenters) that you want to allow cloud resources in. For example, your AWS account could have more than a dozen datacenters globally. However, you might use only one or two regions. To conform with your security and compliance rules, you might not want any resources provisioned to additional regions around the world.
| Structure | Supported | Not supported |
|---|---|---|
| Add the same service account as many times as necessary, provided each entry is associated with a different LDC. | X | |
| Add the same LDC from different service accounts in one cloud account. | X | |
| Add different LDCs from different service accounts to a particular cloud
account, provided the regions are not the same. Example: You have us-west-1 in serviceaccount1 and us-west-2 in serviceaccount2. Both can be added to cloudaccount1. However, both us-west-1 in serviceaccount1 and us-west-1 in serviceaccount2 cannot be added to cloudaccount1. |
X |
Update a cloud account
You keep a cloud account in the Draft state until you are ready to make the datacenters and capacity limits available for use — in blueprints and the Cloud User Portal, for example. You can change the state to Published after you run Discovery.
Set up an additional cloud account
Add a datacenter to a cloud account
At any time, you can add a logical datacenter to the cloud infrastructure that is represented by a cloud account. See Add a datacenter to a cloud account.
Set capacity limits on user requests for resources
Capacity limits place restrictions on the attributes of cloud resources such as the number of virtual machines, virtual CPUs, or aggregate storage. You can set limits on resources separately for each logical datacenter in a cloud account.