Hi, we have the following problem. We want to integrate multiple clouds, for example 1 azure and 3 VMware vCenters in our Morpheus portal (same tenant). We want to separate the tasks and workflow between the individual clouds so that the end user cannot see the workflows on VMware and vice versa from Azure.
We can’t find a way to separate workflows and tasks between different clouds other than creating separate tenants, but this makes the end user’s life very complicated with logging into different tenants.
Let’s assume that an end user has access to 3 large environments - Azure, Private cloud and On-prem (VMWare), when requesting a new VM, he/she can choose where this server will be build, so far there is no problem… Once the server is created there are multiple workflows and tasks that the end user can perform/execute.
The goal is workflows and tasks to be used for the correct cloud and respectively to be hidden from the UI when users are in the scope of the VM and the corresponding cloud.
In my mind, this should be embedded in the design of Morpheus as single pane of glass for multi-cloud, single tenant platform.
Is there a way to separate the workflows and the tasks in the separate clouds?
Kind Regards,
Angel
Hello @AngelPenev,
Due to Morpheus trying to be agnostic across clouds, this means that we intend the same Tasks/Workflows to work across the cloud types. As such, I’m not aware of a “scope for this cloud type” option that can be used.
However, there are other ways to make it more obvious or restrict the access. You could:
- Add an identifier in the Task name
- Add Labels to each task to identify the type of cloud it should be used for, then they can be filtered on at the top of the Tasks tab
- Restrict Tasks in Roles, limiting specific teams (like an Azure team, VMware team, etc.) from accessing the Tasks and only having assume to their particular cloud type
- Create profiles on clouds that have specific key/value pairs that your scripts would check at runtime and determine if they should run
That said, if this is important to you, I’d recommend adding an Idea on in the Ideas section of our forums. Just be sure to upvote it!
To add to Korey’s reply, Morpheus was designed with this in mind to a certain extent. There’s an expectation that the same instance could need different automations in the custom instance type model - where an instance type can have multiple layouts to cater for different clouds and each layout can have specific automations attached.
If you can work within in this, and apply the automations to the layouts, then the manual post provisioning operations and so the manual choice/determination of what workflow to run for a VM in a specific cloud may not be needed.
You may have seen this image but included for community
