Configuring Multi-Foundation Support in Apps Manager

Page last updated:

This topic describes how to configure multi-foundation support in Apps Manager.

Overview

Configuring multi-foundation support in Apps Manager allows you to search, view, and manage orgs, spaces, apps, and service instances across multiple foundations from a single interface.

Configure Multi-Foundation Support

This section describes the procedures for configuring multi-foundation support in Apps Manager.

Configure TAS for VMs

This section describes how to configure VMware Tanzu Application Service for VMs (TAS for VMs) on a foundation to enable multi-foundation support in Apps Manager.

To configure multi-foundation support in Apps Manager:

  1. In the TAS for VMs tile of one of your foundations, select Apps Manager.

  2. For Multi-foundation configuration (beta), enter a JSON object for each additional foundation that you want to manage. Use the following format for the JSON object:

    {
      "FOUNDATION-NAME": {
        "ccUrl": "https://api.FOUNDATION-SYSTEM-DOMAIN.com",
        "systemDomain": "FOUNDATION-SYSTEM-DOMAIN.com",
        "usageServiceUrl": "https://app-usage.FOUNDATION-SYSTEM-DOMAIN.com",
        "invitationsServiceUrl": "https://p-invitations.FOUNDATION-SYSTEM-DOMAIN.com",
        "logoutUrl": "https://login.FOUNDATION-SYSTEM-DOMAIN.com/logout.do",
        "metricsUrl": "https://metrics.FOUNDATION-SYSTEM-DOMAIN.com",
        "uaaUrl": "https://login.FOUNDATION-SYSTEM-DOMAIN.com"
      }
    }
    

    Where:

    • FOUNDATION-NAME is a name for the foundation.
    • FOUNDATION-SYSTEM-DOMAIN is the system domain of the foundation. The system domain is listed in the Domains pane of the TAS for VMs tile.
    • metricsUrl is an optional field. If App Metrics is installed on the foundation, provide the App Metrics URL.
  3. For Redirect URIs, enter a comma-separated list of the URI for each additional foundation on which you enabled multi-foundation support. Use the following format for each URI:

    https://apps.FOUNDATION-SYSTEM-DOMAIN.com/**
    

    Where FOUNDATION-SYSTEM-DOMAIN is the system domain of the foundation on which you enabled multi-foundation support.

Add Trusted Certificate Authorities

Apps Manager must be able to validate the certificate authorities (CAs) used by all foundations.

If any foundation uses a certificate for TLS termination that is not signed by a globally-trusted CA, add the CA that signed the TLS certificate as a trusted CA on the foundation on which you enabled multi-foundation support.

For more information, see Setting Trusted Certificates.

(Optional) Configure the SAML Identity Provider

VMware recommends that all foundations use the same external SAML identity provider. This allows Apps Manager to automatically authenticate with the identity provider.

To configure all foundations to use the same SAML identity provider:

  1. In the TAS for VMs tile, select Authentication and Enterprise SSO.

  2. Verify that the foundation uses the correct provider for Provider name.

  3. Repeat the above steps for each foundation in your deployment.

For more information on UAA and identity providers, see Identity Providers in UAA.

For more information on how to set up identity providers in UAA, see Adding Existing SAML or LDAP Users to an Ops Manager Deployment.