HP Matrix Operating Environment 7.2 Update 1 Infrastructure Orchestration User Guide
Matrix infrastructure orchestration users and groups
Matrix infrastructure orchestration is integrated with Active Directory, which allows Windows users
groups, as well as individual local users, to be given access to resources. When infrastructure
orchestration is installed, three local user groups (HPIO_Administrators, HPIO_Architects, and
HPIO_Users) are created.
The Windows CMS administrator populates the service provider roles by adding local Windows
users and Active Directory users or groups to HPIO_Administrators, HPIO_Architects, and
HPIO_Users. When an organization is created, two local Windows groups are created with
descriptions indicating the organization’s name. These local groups have names of the form
<organization_id>_Administrators and <organization_id>_Users.
Users can belong to more than one IO Windows group and therefore belong to multiple IO
organizations. Such users can be simultaneously logged in to one or more of the organization
administrator portals belonging to different organizations. If a user is removed from an organization,
the removal takes effect after the user logs out from the organization administrator portal.
A group of users (for example, an Active Directory group) can be authorized to view and perform
lifecycle operations in the same way that users are authorized. For example, a user who is part
of a group can view server pools assigned to a group, assign a group to a server pool, and view
templates assigned to a group. Server pools can be assigned to one or more groups.
A user in a group is authorized based on the group's assignment to an IO role. A change in a
user's group reflects new group assignments on the next login by the user to infrastructure
orchestration.
NOTE: It is possible to view and assign only explicitly named users and groups that are included
in the HPIO_* Windows groups (described in “Matrix infrastructure orchestration roles” (page
17)). Users or subgroups within these named groups are not visible, nor can they be directly
assigned to resources.
• Architect
Uses infrastructure orchestration designer (a graphical designer) to design and publish
infrastructure service templates which capture the requirements to provision the infrastructure
service. During development and design, the architect specifies attributes for the logical
resources, such as minimum memory required, IP address allocation, and the software required
on the boot disk. The architect can also author and attach Operations Orchestration workflows
to a template to automate additional IT tasks during the provisioning and ongoing management
of the infrastructure service.
• Administrator
Uses infrastructure orchestration console in HP Systems Insight Manager to manage the overall
behavior of infrastructure orchestration, including creating IO server pools, creating and
managing organizations, managing the available networks and software inventory, approving
user requests, and modifying the user's infrastructures service as required (for example, to
migrate logical servers between server blades to support maintenance activities on the physical
environment). An administrator also performs manual tasks within a semi-automated operation.
• User
Uses the infrastructure orchestration self service portal to create infrastructure services from
templates. The user initiates the creation of a new infrastructure service by selecting a template
design, selecting one or more assigned server pools to use, specifying a lease period,
specifying a service name, and (depending on the template) specifying a host name completion
string. After the infrastructure service is allocated and provisioned, it is available to the user
for the duration of the lease period. During this time, using the infrastructure orchestration self
service portal, the user can update the service (for example, adding more servers or storage
using infrastructure orchestration requests).
Matrix infrastructure orchestration users and groups 13