Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. From this date, we support two types of subscriptions: Operations for Applications subscriptions onboarded to VMware Cloud services and original subscriptions.
Original subscriptions are the existing ones and they remain as is until onboarded to VMware Cloud services. We are in the process of incrementally onboarding all original subscriptions to VMware Cloud services. For information about original and VMware Cloud services subscriptions and the differences between them, see Differences Between Original and VMware Cloud Services Subscriptions.
VMware Cloud services provides features to your Operations for Applications environment, such as:
- Single sign-on (SSO) with VMware Cloud services accounts.
- SAML 2.0 SSO identity federation with your enterprise identity provider.
- Identity access management (IAM) with built-in and custom service roles.
- Seamless integration with other services from your VMware Cloud services portfolio, for example, VMWare Aria Operations for Logs.
- Billing and Subscriptions
What’s VMware Cloud Services Console?
The VMware Cloud Services Console lets you manage your entire VMware Cloud services portfolio across hybrid and native public clouds. Operations for Applications is one of the many services that you can access, configure, and consume through this console.
To open the VMware Cloud Services Console:
- In a Web browser, go to
- From the Operations for Applications UI, click the VMware Cloud Services Applications Menu icon () in the top-right corner and select Cloud Services Console.
See Using VMware Cloud Services Console in the VMware Cloud services documentation.
What’s a VMware Cloud Services Account?
A VMware Cloud services account is a user (human) account in VMware Cloud services with which you can access all of your service instances, including Operations for Applications. A VMware Cloud services account logs in to VMware Cloud services with an email address and a password. A VMware Cloud services account can be one of the following:
A VMware account (VMware ID) that you create in the VMware Cloud Services Console.
Your corporate account if your enterprise domain is federated. You might still need to create a VMware account and link it to your corporate account if you need to access billing information in the organization. See What is enterprise federation and how does it work in the VMware Cloud services documentation.
What’s a VMware Cloud Organization?
VMware Cloud services uses organizations to provide controlled access to one or more services. The VMware Cloud organization is a top-level construct which owns users and cloud services (subscriptions).
- You can have multiple VMware Cloud organizations.
- Users can belong to multiple organizations.
- Multiple service instances can run in the same or in different organizations.
For example, you can have a multi-tenant Operations for Applications environment with multiple service instances (tenants) in the same organization.
See How do I manage my Cloud Services organizations in the VMware Cloud services documentation.
What’s a VMware Cloud Organization Role?
A VMware account can belong to one or more VMware Cloud organizations. A VMware account belongs to a given VMware Cloud organization if the account has an organization role for that organization. There are three VMware Cloud organization roles:
|Organization Owner||The VMware Cloud Organization Owner role has full administrative access to all resources in the organization. They can invite users to the organization and assign role-based access to all users, including themselves. They can also kick off an enterprise domain federation and invite an Enterprise Administrator. See Setting Up Enterprise Federation with VMware Cloud Services Guide in the VMware Cloud services documentation.
When you create an organization during a service onboarding process, you become its first Organization Owner.
|Organization Administrator||The VMware Cloud Organization Administrator role has limited administrative access. Users with that role can invite and manage only users that have roles with lower administrative permissions. For example, they can grant or manage access for other users and groups who have the Organization Member role, but cannot manage users, groups, or resources who are assigned the Organization Owner or Organization Administrator role.
Users with the Organization Administrator role can have additional access if other permissions are explicitly assigned to them. For example, when the Billing Read-only check box is selected, users with the Organization Administrator role can have read-only access to billing-related information and the option to generate usage consumption reports.
|Organization Member||The VMware Cloud Organization Member role has read-only access to the resources in the organization.
Users with the Organization Member role can have additional access when additional permissions are explicitly assigned to them. For example, when the Access Log Auditor check box is selected, they can access all audit data for the organization in the associated vRealize Log Insight Cloud service instance for their organization.
See What organization roles are available in VMware Cloud Services in the VMware Cloud services documentation.
What Are Service Roles and Custom Roles?
VMware Cloud services includes service-specific built-in roles, including Operations for Applications service roles. A service role is required to grant certain access to the corresponding service instance in the organization.
While the service roles are built-in and not editable, as a VMware Cloud Organization Administrator or Organization Owner, you can create custom roles with service permissions of your choice, including Operations for Application permissions. Custom roles are optional and apply to all service instances for which the target user or server to server app has at least one service role.
What’s a Server to Server App?
If you want to use an application for automating management tasks in your service, for example, in Operations for Applications, your application requires direct access to your service, without user authorization.
For that purpose, VMware Cloud services supports server to server apps, which are based on OAuth 2.0 client credentials grant type. You can configure your application to pass the OAuth 2.0 client credentials (id and secret) to the VMware Cloud services REST API and exchange the credentials for a VMware Cloud services access token. Your application can use the VMware Cloud services access token to interact with the Operations for Applications REST API.
See How to use OAuth 2.0 for server to server apps in the VMware Cloud services documentation.