Management Function

Overview

With Enterprise Cloud 2.0, you can check the usage status of the service and use various management functions for using the service on the portal page or from the API.
This section provides an overview of the management functions provided by the Enterprise Cloud 2.0 and the information that is essential for using them.

Subscription Method

This section describes how to apply for the Enterprise Cloud 2.0 service (hereinafter referred to as this service).

For Customers Who Have NTT Com Business Portal Subscription

First, Customers need to request a creation of Business Portal account to their Business Portal administrator.
You can start using this service online by logging in to the business portal with the created account.
You can apply for multiple services from one business portal.
Please contact NTT Com sales team for further information.

For Customers Who Do Not Have NTT Com Business Portal Subscription

First, Customers need to sign up for Business Portal for subscription.
Please contact NTT Com sales team for more details on Business Portal subscription.
After starting to use the business portal, you can start using this service as described above.

Needed Information on Subscription

The following information (contract information) is required when applying for the Enterprise Cloud 2.0 service, so please have it ready in advance. The following contract information can be referred to on the portal after application.

Category

Item

Contract Information

Postal Code

 

Address

 

Address (e.g. building name)

 

Department

 

PIC Name

 

Phone Number

 

Email Address

 

Sales Channel Code

Billing Information

Postal Code

 

Address

 

Address (e.g. building name)

 

Company Name

 

Department

 

PIC Name

 

Phone Number

 

Email Address


GUI/API

The Enterprise Cloud 2.0 service provides two types of interfaces, GUI and API.
GUI/API enables Customers to utilize various management functions, as well as resource management of each menu of ECL2.0.

GUI

GUI Configuration

The GUI configuration provided by the Enterprise Cloud 2.0 service is as follows.
GUI
Customers can single sign-on to the Enterprise Cloud 2.0 Portal by logging in to the NTT Communications Business Portal (hereinafter referred to as the Business Portal).
The Enterprise Cloud 2.0 portal mainly provides management functions related to the entire contract.
By specifying the control panel for each menu from the Enterprise Cloud 2.0 portal, you can use the resources of each menu such as Baremetal Server, Server Instance, and Monitoring.
You can also use the Cloud Management Platform and ticket system from the link on the Enterprise Cloud 2.0 portal.
Following are the details of available functions for each GUI screen.

GUI

Function

Overview

Enterprise Cloud 2.0 Portal

Workspace management

You can select the workspace to operate. If you are an admin user, you can add / delete workspace and specify who can access each workspace.

 

User Management

You can refer to the user information. (Displayed only on the admin user page)

 

Billing Management

Customers can view the detais of billing statement. (For Super User only)

 

Profile Management

ustomers can view their profile information such as login ID. They can also check the API key information.

 

Contract Management

You can refer to contract information. (It is displayed only on the Contract Owner screen)

 

Notifications

We issue notifications regarding Enterprise Cloud.

Ticket System

Ticket System Inquiry Management

Customers can create inquiry tickets to contact the support center regarding failures and technical support.

Control Panel for Each Menu

Operation of each menu, resource management

You can check the resource usage status of each menu and add / delete / change resources. It is managed by each tenant in the workspace.
Please refer to the respective service descriptions for details on how to use each menu.

Terms and Conditions of Use

Item

Contents

Available Browses

Mozilla Firefox (the latest version)
Google Chrome (the latest version)

Available Languages

English, Japanese (Language is automatically selected depending on the browser settings.)

API

With the Enterprise Cloud 2.0 service, most functions of the service can be controlled by the API by using the API according to the purpose.
API enables Customers to control resources, and utilize management functions such as checking billing status via API.
These kind of operations can be performed via control panel of GUI, but API allows Customers to further automate their operations.
For detailed information about the API, please check the API Reference

API Configuration

Both “API key” and “API secret key” are required for API usage. Both of them are assigned per user.
Additionally, Customers can control their API requests via the Internet by accessing to API endpoint.

Item

Descriptions

API Key

This is the ID necessary for authentication to enable API access. Authentication by API key enables Customers to access to each resource via API endpoint, and send API requests.
Unique value per user is assigned, and CUstomers can regenerate it as needed.

API Secret Key

This is the secret key necessary for authentication to enable API access. API secret key is needed in conbination with API key.
Unique value per user is assigned, and Users can regenerate it as needed. Also, the API secret key is displayed only once during generation.

API Endpoint

This is the defined URL for API access.
You can control various resources by accessing this URL.The end point of API depends on each region and menu.

Note

Enterprise Cloud 2.0 recommends regular API key and API private key updates. Please plan from the following procedure and update the API key. API key update procedure

API

Menus providing API

The menu that is provided by the API is API Reference

Terms and Conditions of Use

NTTCom limits the number of API request to ensure the health condition of our infrastructure and Customers’ environment.

  • “200 requests/second/source IP address” or “1,000 requests/minute/user”

Once the number of API request from Customers exceeds the limit, the safeguard runs on against their API requests and restrict them temporally.

Note

Wasabi object storage is not subject to the above restrictions.

Contract Management

Reference / change of contract information

In contract management, you can check and change the information entered by the customer when subscribing to the Enterprise Cloud 2.0 service on the Enterprise Cloud 2.0 portal.

Terms and Conditions of Use

Only Admin User is allowed to use this function.

Workspace management

Workspace

A workspace is a logical management unit for managing various resources provided by the Enterprise Cloud 2.0 service. The workspace internally manages the tenants that belong to the region. All resources such as Baremetal Server, Server Instance, and Logical Network are located in tenants within the workspace. There is only one tenant in the workspace per region.
Customers can create 1 to 100 workspaces within a single Enterprise Cloud 2.0 service contract.
Before using each menu of Enterprise Cloud 2.0, you need to create a workspace.
You can also set the access right to each workspace for each user. When you set access to a workspace, tenants in the workspace are also automatically set to access.
テナント

Workspace management

You can use the workspace management function of the portal to create / delete workspaces and set access rights.
Only the contract owner user has access to the workspace you just created. To grant access to other users, specify the users who are allowed access after creating the workspace on a per-user basis.

Note

A tenant in an existing workspace cannot be placed in another workspace.

Terms and Conditions of Use

The contract owner user has access to all workspaces and cannot change them.
Only Super User is allowed to use this function. Normal User cannot use this.
Tenants in the workspace are automatically created when you select a region in your using menu. If you are using the API, you can create it by specifying the target workspace and region.
You cannot create multiple tenants in the same region in one workspace.

User Management

User Type

When you subscribe to the Enterprise Cloud 2.0 service, one user associated with that contract is created. This first user is called the contract owner user and is a special user who has only one for the contract.
Specifically, the user who first accesses the Enterprise Cloud 2.0 and performs the contract sign-up becomes the contract owner user of the contract.

In Enterprise Cloud 2.0, there are two types of users: administrative users and general users.
Super users have access to administrative functions such as workspace management, API permission management, and billing information. Normal users cannot access the management functions.
Concretely, the user who first accessed ECL 2.0 from the business portal and executed the sign up of the ECL 2.0 contract becomes the admin user (contract owner) of the contract.The user who logged in from the business portal after creating the contract can be called a User (General User) and can create multiple Users within a contract.

User Type

Access Permission to Management Function

Access permission of workspace

Available Number of Users per Contract

Contract Owner (Super User)

Access permissions to all the management function of the contract

Have access permission of all workspaces that belong to that contract

Super User

Access permissions to all the management function of the contract

After creating a user, set access permission for each workspace. Only the workspace for which the permission is set can be accessed

199 (Total with Users)

User

No Access permission to the management function

After creating a user, set access permission for each workspace. Only the workspace for which the permission is set can be accessed

199 (Total with Super Users)

ユーザー管理

Add User

Immediately after the contract is completed, only the contract owner user (administrative user) exists, and there are no general users. After that, access rights are granted on the business portal side, and the user is added as a general user by actually accessing the corresponding Enterprise Cloud 2.0 portal.
The flow from applying for a Enterprise Cloud 2.0 contract from the business portal to creating a general user is as follows.
1.When User A on the Business Portal applies for a Enterprise Cloud 2.0 contract, User A becomes the contract owner user (administrative user) of Enterprise Cloud 2.0 Contract A.
2.By setting the access right to the corresponding Enterprise Cloud 2.0 contract for another user (User B) on the business portal on the business portal, user B can access the Enterprise Cloud 2.0 contract.
3.User B actually accesses the applicable Enterprise Cloud 2.0 contract.
4.You will be added as a user of the applicable Enterprise Cloud 2.0 contract.

ユーザー追加

Note

Business portal users who already have access to all Enterprise Cloud 2.0 contracts will be added as users of that contract when the Enterprise Cloud 2.0 contract is completed. After that, the business portal user who has been granted access to the contract will have the contract at the timing of the first access to the contract or the timing of system synchronization between the business portal and Enterprise Cloud 2.0 (usually once a day). Will be added as a user of.

Note

Customers need the administrative permission of Business Portal for the operation above.


Change of Contract Owner

As mentioned above, the Contract Owner is the only user in the contract, but you can change it to another user if necessary.
To change, specify the user who will newly become the contract owner.
Doing this will change the current contract owner user to a regular user and restrict access to administrative functions.

Change User type

You can change the user type (management user, general user).
Immediately after creating a contract, only the contract owner user can access the management function, but by changing the general user to the management user by changing the user type, the management work of the contract can be shared with other management users. I can do it.
When changing a Normal user to an Super User, all administrative permissions are granted by default, but you can also customize which management functions are allowed to run.

The functions that only Super users can execute are as follows.

Function

Overview

User Management

It is the permission to refer and manage other users in the contract.
Normal User can only manage by itslef.

Workspace management

Permissions to create, delete, and set access permissions for workspaces. User management permission are also required.
Normal users can only browse workspaces for which access permissions have been set.

Manage Billing information

It is permission to refer the billing information.
A Normal User cannot use this function.

API permission management

It is the permission to create, edit, delete, assign and edit IAM group and IAM role. User management permission is also required.
Normal users can only refer to IAM groups and IAM roles they belong to.

Change User type

Permission to edit user type and operation permission. User management permission is also required.
Normal users can only refer to their own user type and operation permission.

Note

  • The Contract Owner is always an Super User with all permission.

  • A user with the permission to change user type has strong permission to arbitrarily change the permission of other users in the contract. Please carefully consider this permission carefully when customizing the authority of the Super User.


API permission management

API permission management provided by Enterprise Cloud 2.0

Enterprise Cloud 2.0 provides a function to control the execution authority of various APIs.
Customers can control the API execution permission of the user by using this function with a variety of conditions.
Example of conditions:
Only specific APIs are executable (Limited to Read Only, etc.)
· Only executable for a particular resource
· A particular transmission can be run, etc only from the original global IP address.

Note

The GUI provided by Enterprise Cloud 2.0 internally realizes on-page operations by executing the API corresponding to the operations. Therefore, by using this API authority management function, the execution authority on the GUI can be restricted as well.


By 3 elements, such as the following, User, IAM (Identity and Access Management) Group, IAM Role, the authority is controlled.

Item

Descriptions

User

Individual users (administrative users or general users) belonging to the Enterprise Cloud 2.0 contract

IAM role

The use terms of API and the conditions to run API are defined in the white list format.
1 IAM role can have multiple authorization API.

IAM Group

Grouping the IAM roles
Serve to characterize the string of the user and the IAM role.

As shown in the following figure, a user can belong to multiple IAM groups, the IAM Group is defined by 1 or multiple IAM roles.

User/Group/Role

Authority definition of IAM role

IAM roles are defined primarily by the following factors.
Information other than the following is held at each API also can be specified as any element, customers can also specify a wild card by specifying the asterisk (*) as the value.

The GUI provides examples of typical role settings as templates, so you can select and configure this template.

Item

Descriptions

ipAddress

Access the original global IP address that is allowed to use

basePath

API name that is permitted to use

path

API resource name that is permitted to use

verb

Method name that is permitted to use


The following is a setting example of a role if you want to set permissions for read-only (Read Only).

IAM_Role #1

Default IAM group, default IAM role

At the time of creating the Enterprise Cloud 2.0 contract, the default IAM group and default IAM role are created by the system, and all users immediately after creation are associated with the default IAM group.
Also, the default IAM role does not define API execution permissions. In the initial state, all users do not have the API execution authority, so if you want to execute the API, you need to create a new IAM group.

The default of the IAM group and the default of the IAM role, can not be deleted.
In addition, the Contract Owner can not be deviated from the default IAM group.

API Availability

Set the API availability on the user’s profile screen.

Judgment of authority

If one user is tied to more than 1 authority setting, based on the following determination method, the authority decision is done.

Note

The permission setting by API IAM management is evaluated together with the permission by user type (super user or normal user) and the permission by workspace access permission. For example, the workspace creation operation requires super user privileges, so even if you grant privileges to normal users with the API IAM management function, you cannot execute them. In addition, operations for resources belonging to tenants in workspaces that do not have workspace access permission can be set, but cannot be executed. See the “User Management” chapter for user types and the “Workspace Management” chapter for workspace access permissions.


1.If a IAM role is composed by multiple authority definitions → A or B

pattern_1

n the following example, a user that is tied to this group, will be set as “Creating a Server Instance (POST), or, edit (PUT) is possible”.

pattern_1_config

2.User belongs to 1 of the IAM group, if IAM group is defined in more than 1 IAM role → A and B

pattern_2

In the following example, the authority specified can be run in the IAM Role #2-1, but by IAM Role # 2-2, customers can set the AND conditions like [the case of a tenant ID is” 123456789 “].

pattern_2_config

3.If a user belongs to more than 1 IAM group, IAM group is defined by a multiple IAM roles → A or B

pattern_3

In the following example, on that granted read-only privileges for the entire contract at the IAM Group # 1, it will be configured to allow the creation and editing Server Instance belonging to the tenant ID 1234567890 by Group # 2.

pattern_3_config

Terms and Conditions of Use

-This function can be set only by Super Users, Normal user can not set it.
-The execution authority of functions that Super Users can only run in this function can not be granted to the Normal Users.
-IAM role as control content is the execution authority of the API request, customers will not be able to limit the execution result of the API request (response).
-For the following menu, this function cannot be used.
Security Menus (Managed Anti-Virus、Managed Virtual Patch、Managed Host-based Security Package、Managed Firewall、Managed UTM、Managed WAF)
Backup local / double storage
Middleware / License
Hybrid Cloud with Microsoft Azure
The Security and Backup menus can be controlled to be shown or hidden on the GUI by each user. The default setting is “Enable”.

Note

Please check for more detailed procedure How to use API authority management function .


Approval Function

Function Overview

The approval function is a function that can issue approval requests and answer approval / rejection of requests.
In the approval function, approval requests for tenants, contracts and users are issued.
For example, all resources are placed in tenants in the workspace, and the range affected by their operation is also limited to tenants, but one user goes beyond the tenant to resources of other tenants. You must obtain permission from the user of the opposite tenant when attempting to perform an operation that affects you.
In this case, the executor of the operation issues a request, which can be realized when the user of the opposing tenant approves it.The approval function can be used beyond the contract.

approval_request

Approval request are provided in the following menus. For details, please refer to the service page of each menu.
  • Cloud/Server Between Tenants Connect

  • Flexible InterConnect

Approval request parameters

Approval requests include the following parameters.
The parameters that can be specified by the user depend on the menu of the side issuing the approval request.

Parameter

Descriptions

request ID

will be automatically granted

Status

Current status of Approval Request
Details will be explained in the next section.

Approval target ID

ID indicating approval target
Specify tenant ID, contract ID, user ID by the following types.

Approval type

Actual approval actions can be executed by any user specified by the approval type and the above approval target ID.
The approval types are as follows.

tenant: All users who can access the tenant with the specified tenant ID
tenant_owner: Admin user of the contract with the specified tenant ID
contract: All users belonging to the contract with the specified contract ID
contrct_owner: Admin user of the contrct with the specified contract ID
user: User with the specified user ID

Action

details of action to be execute after approval

Response deadline of approval request

Requests that have expired will be in the status of “expired”, and approval etc. can not be executed.

Approval expiration date

Expiration date of valid period of approved request
The date and time after 30 days from the approval date are registered and can not be changed.
After this deadline, the action once approved is also invalid.

Status of Approval request

The status of the approval request information is as follows.

Status

Descriptions

registered

The state immediately after the approval request is generated by the requesting user

cancelled

the state where the requesting user has canceled the approval request
After changing to this status, you can not change to another status.

approved

A state in which the approval request has been approved by the requesting user
This status is retained until the expiration date expires.

denied

The state where the approval request was rejected by the requesting user
After changing to this status, you can not change to another status.

expired

Approval request expired
if the approval request’s response deadline has passed, approval etc. will not be executed, will shift to this status.

approval_expired

Approval expired
Move to this status if the expiration date of the specified approval has passed.

Notification of approval request

When the approval request is registered, we will send an e-mail notification to the user specified as the request registrant and approver.
Also, even if the request is approved, rejected or canceled, you will be notified by e-mail.


Billing Management

View Billing Statement

You can check the usage charge details of this service from the Enterprise Cloud 2.0 portal.
You can display Billing Information the past 24 months
From November 10, 2021, we will provide two types of statements: Summary format and Detail format.
■Summary format
・The billing information is displayed for each workspace you have used, and is basically based on your actual usage for the previous day.
・You can also get billing information by using API.
■Detail format
・You can download a CSV file that contains detailed information about each menu plan and region id.
・You can also get billing information by using API.
Usage fee format before October 2021 is provided in parallel. (Provided until the end of November 2022)
In order to align the fee calculation with the usage fee format after November 2021, we have made some changes to rounding down timing of the fee calculation and the wording of the menu names. For details, please refer to the ECL 2.0 Billing Changes .
Usage fee format before October 2021
・Displayed per tenant, per menu, and per resource used.
・The Billing information displayed on the screen can be downloaded as a CSV file.
・You can also get billing information by using API.

Terms and Conditions of Use

Only Super User is allowed to use this function. Normal User cannot use this.

Notification settings management

Enterprise Cloud 2.0 will send the following email notifications regarding the service.

Note

This setting may not be applicable to some menus. Please refer to the support information of each menu.

Email notification category

Contract delegate user
Non-contract user
Notification content
Notice / Release Information
Announcement concerning notice of new menu / function addition etc., specification change etc.
Malfunction
○ (Unchangeable)
○※
Notification on Failures
(*) Users other than the contract owner user will be notified if they have access to the corresponding workspace.
maintenance
○※
Notification on Maintenance
(*) Users other than the contract owner user will be notified if they have access to the corresponding workspace.


  • From the initial state above, the user can select the mail that it receives (you can check out the mail you do not want to receive)

  • However, the contract representative user can not change the reception of the failure notification

  • An administrative user with user administration authority can manipulate the reception selection of other users

In addition to the above, we may send a notification email about the terms and conditions and charges to the contract person (the person in charge email address entered on the online sign-up page of the new application for Enterprise Cloud 2.0).


Login history

You can view login events (up to 500) within the past 24 months. The login events can be displayed on the user information page or through the API.
Login events will only be displayed for events that have occurred since the release of this function.

List User’s Login Events information API

The API for getting the login event type, timestamp, and access source IP address of a specified user is List User’s Login Events information .

Login event display

The login event type, time stamp, and access source IP address are displayed at the bottom of the user profile page.

ログインイベント

Logout will be displayed only when you explicitly logout.
(Automatic logout by timeout will not be recorded.)