VCD’s Development in direction of Eliminating Native Customers… Know Extra!

When it started?

Ranging from model 10.4.1, we declared the deprecation of native customers in VMware Cloud Director. Whereas they’re nonetheless supported throughout this era of deprecation, we strongly advocate that customers start transitioning away from them. Regardless of this, VMware Cloud Director will proceed to supply full help for native customers till the ultimate bulletins are made.

In model 10.4.1, you may use the person administration API to remap native customers or customers from an current IDP to a brand new IDP supply. You can use this characteristic to remap native customers to any IDP supported by VCD.

What was supported?

Migration of native customers to SAML, LDAP, or OIDC was potential, offered that the Id Supplier (IDP) is appropriately configured and accessible inside the group. To carry out the migration, API calls are required to switch the person information throughout the totally different Id Suppliers.

As well as, this characteristic additionally allows cloud directors emigrate customers between totally different Id Suppliers (IDPs) which might be supported and configured inside the VMware Cloud Director atmosphere. As an example, directors can use this characteristic emigrate customers from LDAP to SAML, amongst different IDP varieties.

What prompted this resolution?

Native customers have been a basic characteristic of VCD since its inception with model 1.0. They provide a easy option to securely retailer usernames and passwords in a hashed format inside VCD. Nonetheless, the absence of latest password administration insurance policies akin to password rotation, complexity necessities, and 2FA/MFA choices, amongst others, has highlighted some limitations. In consequence, this challenge was initiated to deal with these considerations.

How is that this announcement progressing?

In VMware Cloud Director 10.4.2, we have now launched a bulk person remapping UI characteristic to help our prospects within the transition from locally-managed customers to an externally-managed id supplier system. The aim of this characteristic is to make the migration course of smoother and extra easy for our customers.

All concerning the characteristic…

This characteristic is known as Bulk Person Migration / Remapping.

• VMware Cloud Director 10.4.2 presents a user-friendly bulk person migration choice to simplify the method of remapping customers between totally different Id Suppliers (IDPs) from the UI.

Person Migration is a 3-step course of:

Step a) Export Person: Select the person you want to migrate to a distinct Id Supplier (IDP) and export their information to a CSV file. It’s also possible to apply filters to pick out the precise customers you wish to migrate.

Step b) Add CSV: Edit the person properties inside the CSV file, after which proceed to add the file with the up to date data.

Please take word that on this launch, solely adjustments made to the username and providerType person properties will likely be acknowledged. Any modifications to different fields is not going to be thought of. Moreover, it’s vital to notice that the e-mail ID discipline continues to be elective and never required.

Step c) Replace Customers: Carry out the person replace process based mostly on the data offered within the CSV file.

Listed below are a number of key issues to remember:

1. The person migration happens sequentially, with every person being migrated one by one.
2. There are presently no restrictions on the variety of customers that may be migrated without delay.
3. Exiting the web page throughout the migration course of will not be permitted and can end in a warning message. If the warning is accepted, the migration job will likely be cancelled.
4. Though it’s potential to halt the person migration possibility, it’s not potential to stop customers who’ve already been migrated.
5. In the intervening time, it’s not potential to revert again to an area providerType utilizing this device if customers are experiencing login difficulties after the person migration course of.
6. If a person is migrating to the IDP that already exists in VCD, the migration engine will skip that exact person’s migration course of. (The skipped customers rely will improve by one).
7. In the course of the person migration to an IDP, the UserID of the person is retained, making certain that every one objects owned by the person stay below their possession. That is completed mechanically.
8. Within the occasion {that a} person is a part of a gaggle, the identical group have to be created manually on the supply IDP, and the person will mechanically affiliate with the group upon their first login.
9. Adjustments made to person particulars will take impact both after the scheduled synchronization operation has completed or after the person logs in for the primary time. The biographical data of the person will likely be retrieved from the IDP and used to replace the small print of the migrated person in VCD.

Troubleshooting:

• The UI will throw an error if there are any typo or syntax errors within the CSV file.

Please be suggested that the providerType worth have to be both LOCAL, LDAP, SAML, or OAUTH as these are the one supported IDPs in VCD.

Please word that VCD validates the CSV file first earlier than initiating any API calls to hold out the duty.

• To view data on customers who have been unable emigrate or skipped, you’ll be able to obtain the Error Report.
• Within the occasion of errors for sure customers throughout the migration course of, you’ll be able to resolve them after which rerun the migration course of. Beforehand migrated customers will likely be skipped and never affected.
• For added data, please seek advice from the final VMware Cloud Director logs.

Situations/Questions

Please be suggested that this report is meant for informational functions solely and represents our greatest effort to supply correct and helpful insights.