Cloud Services

Enterprise Marketplace

Alibaba Cloud integration
Published On Jul 25, 2024 - 6:35 AM

Alibaba Cloud integration

Alibaba Cloud can be integrated with your tenant so you can provision services from Alibaba Cloud.
Alibaba Cloud can be integrated with Enterprise Marketplace, which allows your users to provision services from Alibaba Cloud. It can also be integrated with Cost & Asset Management, which allows you to monitor those provisioned services.  However, before your users can provision services from Alibaba Cloud, you must create accounts on the Alibaba website and link to those accounts from Enterprise Marketplace. For more information, see the Alibaba Cloud Official Website.
You must create a Billing Account on the Alibaba Cloud website. You can use the Billing Account to link to Enterprise Marketplace, but more likely you will want to use one or more Resource Access Management (RAM) Accounts to allow access:
  • Billing Account:
     This is the main account that your business will have with Alibaba Cloud. It contains your payment information that Alibaba will use to charge you. For more information, see Creating a Billing Account.
    Although this account can be used to link to Enterprise Marketplace, doing so will give everyone in your company full access to everything available from Alibaba.
  • Resource Access Management (RAM) Account:
     These are subaccounts within your Alibaba Billing Account that allow you to grant different types of access to different teams and individuals. For example, you could create a Storage Team RAM Account that only allows the team to provision Alibaba storage. For more information, see Creating a RAM Account.

Creating a Billing Account

Complete the following steps to create a Billing Account in Alibaba. If your organization already has an Alibaba Billing Account, contact your Alibaba Billing Account Administrator to be added to that account.
Review your organization’s security compliance guidelines for providing access to Enterprise Marketplace. Enterprise Marketplace does not require access to your Billing Account for Enterprise Marketplace provisioning or pricing. A RAM user is sufficient. Other applications such as Cost & Asset Management might require such access when Alibaba is supported on those applications in the future.  To do this, complete the following steps:
  1. Navigate to Alibaba Cloud at https://www.alibabacloud.com/.
  2. Click
    Sign Up
    .
  3. Click
    Contact Sales
     and get their guidance in setting up your account.
You can also sign up for a free account to start with by completing the following steps:
  1. Navigate to Alibaba Cloud at https://www.alibabacloud.com/.
  2. Click
    Free Account
    .
  3. Select your geographical location, enter your email and a password, agree to the terms and conditions, and click
    Confirm
    .
  4. In the
    Verification
     window, select whether to have the confirmation code sent to your email or your phone, and then click
    Send
    .
  5. Enter the verification code that you received and then click
    Verify
    .
  6. On the
    Account Successfully Created
     page, select either
    Enterprise Account
     or
    Individual Account
    , depending on your needs. For most purposes, you will want to create an enterprise account.
  7. Enter the following information for your company and then click
    Submit
    :
    • Company Name    
    • Address   
    • City   
    • State/Province   
    • Country/Region: This should be auto filled by your selection from the previous page.   
    • First Name   
    • Last Name   
    • Identity verification by phone: Enter a valid phone number and click
      Verify
       to ensure that it works properly.
  8. On the
    Payment information
     tab, enter the required information and click
    Submit
    .
Before you can provision Alibaba Cloud services using Catalog, you need to integrate the two systems.

Creating a RAM Account

Complete the following steps to create RAM Accounts:
  1. Navigate to Alibaba Cloud at https://www.alibabacloud.com/.
  2. Click
    Login
    .
  3. Enter the
    Username
     for the account you want to use and click
    Next
    . This can be the Billing Account or a RAM Account that has admin privileges.
    Using RAM Accounts increases security because each RAM user can have their own permissions. Generally, set up a separate non-login RAM user for configuring provider accounts for Enterprise Marketplace.
  4. Enter the
    Password
     for the account and then click
    Log On
    .
  5. Click the
    Actions
     icon in the upper left side of the screen.
  6. From the list of available services, click
    Resource Access Management
     in the
    Monitor and Management
     section.
  7. On the
    Account Overview
     page, click
    Users
     from the left navigation bar.
  8. Click
    Create User
    .
  9. On the
    User Account Information
     page, enter the
    Logon Name
     and the
    Display Name
    .
  10. Select the
    Programmatic Access
     check box to enable access using your
    AccessKeyID
     and
    AccessKeySecret
    . This information is used to add user details in the Enterprise Marketplace portal.
  11. Click
    OK
    .
  12. The next page displays your newly created user information. Make sure to save this information in a secure location immediately because the
    Logon Password
     and
    AccessKeySecret
     will not be available again after the dialog box is closed. You can either click
    Copy
     under the
    Actions
     menu or click
    Download CSV file
    .

Adding permissions to your RAM account

Complete the following steps to add permissions to your RAM account:
  1. On the
    Resource Access Management
     page, click
    Users
    . To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. From the list of users created, click the
    Actions
     menu for the user that you want to add permissions to and select
    Add Permissions
    .
  3. Select
    Alibaba Cloud Account
     as your authorized scope.
  4. Go to the
    System Policy
     section and select
    AdministratorAccess
     from the
    Authorization Policy Name
     list.
  5. Click
    OK
    , and then
    Complete
     to finish.
Select
AdministratorAccess
 rather than a specific service level access because the user needs access to the entire catalog in Enterprise Marketplace to be able to provision or manage your catalogs. Individual service level access can still be granted but you would need to select all available
FullAccess
 permissions in every catalog to make it work in Enterprise Marketplace.
Some Kapplications can be used to manage the Alibaba provider account and the resources contained in it. Such management might include creating and modifying user accounts, and provisioning and de-provisioning resources. Therefore, the credentials used to configure provider accounts in Enterprise Marketplace must have the correct level of permissions assigned to them so that these functions are available.
Review your organization’s security compliance guidelines for accessing your Alibaba account. All credentials are securely encrypted and stored in the provider accounts that you configure.
For more information about how system policies work, go to https://www.alibabacloud.com/ and search for Alibaba Cloud services that support Resource Access Management (RAM).

Configuration on your tenant

To configure your Alibaba Cloud account, first follow the steps to create a provider account in Cloud integrations account management, if you have not done so. After you have a provider account with permissions, complete the steps in this section.
Creating an asset account
After you have created a provider account with permissions, complete the following steps:
  1. Navigate to the
    Provider Account
     page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. On the
    Account Management
     page, click the
    Asset Accounts
     tab and then click
    New Asset Account
    .
  3. On the
    New Asset Account
     page, select
    Alibaba Cloud
    .
  4. On the
    Account Details
     page, enter the following information and then click
    Create Account
    :
    • Name
        
    • Description
        
    • Account Number:
       Enter any random group of numbers (must be at least 8 digits). Because Alibaba does not have an account number associated to it, the information that you enter in this field is irrelevant. This is a known issue.   
    • Select Existing Master Account:
       This is not a mandatory field and can be left blank.   
    • Keep the
      Status
       as
      Active
      .
Adding a credential
After you have configured your asset account, click
Add Credential
, enter the following information, and then click
Add
:
  • Name
  • Purpose:
      Select
    Provisioning
     for
    Enterprise Marketplace
    .
    Common Discovery
     is also supported for Alibaba. If you were to use the same account for Common Discovery as well, then you may select
    Asset Ingestion
     or
    Asset Discovery
    .
    Support for Cost & Asset Management is not currently available.
  • Keep the
    Status
     as
    Active
    .
  • Select the
    Create New or Update Credential in Vault
     checkbox to enable the
    Access Key ID
     and
    Secret Key ID
     fields.
    Optionally, in the
    Credential Reference ID
     field, you can enter an existing credential stored in the system.
  • Enter the
    Access Key ID
     and
    Secret Key ID
     that you created previously in Creating a RAM Account.
  • In the
    Associate this credential with a business entity
     section, select the
    Associate
     checkbox and make your desired selections. Depending on the type of restrictions that you want for this account, you need to associate only those business entities that you want to give access to.
For example, if you require certain organizations or teams to use different credentials, configure as many provider accounts as you need and assign them to specific organizations, teams, or custom contexts. Only users from these organizations and teams are able to use these provider accounts.
Do you have two minutes for a quick survey?
Take Survey