What is an Organization
In RightScale, the Organization (formerly known as an Enterprise) concept was introduced in early 2017 with the release of Governance module. An Organization is a container for users, permissions, RightScale accounts, cloud accounts, and allows customers to monitor the cloud related activity across all RightScale accounts. All RightScale accounts belong to an organization.
The RightScale organization allows you to:
- Aggregates RightScale and cloud accounts
- Manage Bill data from public cloud providers
- Manage security and access controls
- Implement managed SSH login
- Leverage audit trails for governance and compliance
- Chargeback and showback via Billing Centers
A typical RightScale organization:
Master account is the very first account that gets created automatically when you join RightScale. It does not have any other specific significance but it's important to note that Master account can not be moved between RightScale organizations.
The user with
enterprise_manager role is responsible for managing all the above mentioned features and has complete control of the organization and all its accounts. The organization must have at least one
enterprise_manager user. Enterprise Managers access organization settings in Cloud Management under Settings > Organization. They will also have access to the Governance module for IAM.
Read more about our Governance module to learn more about how to manage users, groups, and roles.
You must be very careful when granting another person
enterprise_manager role because they will have the ability to change your permissions, including removing you from the organization.
How to setup your organization
It is really important to plan out your RightScale organizational structure before configuring your cloud setup. The following is a set of best practices recommended by RightScale based on various real world scenarios that we see. Please don't hesitate to discuss this with our support or sales team.
The general approach is to create a RightScale organization for every business entity that will be using RightScale. In most cases, this means that each Organization maps to one Company. No RightScale organization should contain data or accounts from multiple companies.
A payer account and all its linked cloud accounts should be connected to same RightScale organization.
Scenario: Single payer account
This is the most basic scenario for a customer with payer accounts from any of the public cloud providers (AWS, Azure or Google). It gives you complete control and visibility, including creating Billing Centers for chargeback and showback, in the same organization.
Scenario: Multiple payer accounts
This scenario applies to large company that has multiple business units (or departments), with separate payer accounts. In this scenario, we recommend having a single RightScale Organization that contains all these payer accounts to ensure not only central management but also ability to do chargeback and showback via Billing Centers.
If you have a use case to connect separate payer accounts in separate RightScale organizations, you can choose to do so but please note that it creates minor management overhead (e.g.: SSO) and you will not be able to create Billing Centers across multiple organizations.
Scenario: Resellers (partners)
For cases where a reseller (MSP, SP etc) is managing or reselling RightScale to their clients, each client should have their own RightScale organization. Doing so creates a minor management overhead (e.g.: SSO), but ensures that the platform will behave as expected in most cases.
A future roadmap capability will provide features that will allow large enterprises and MSP's to manage multiple RightScale organizations seamlessly.
Setting up an Organization
Please contact our sales team at email@example.com or by phone at (866) 787-2253.
Actions and Procedures
Connect cloud billing accounts
Create a new Account
- RightScale API: Our v1.5 API offers a Child Accounts API controller which can be used to create a new account within your Organization. General examples of API 1.5 use can be found in the API 1.5 Examples Guide.
- Cloud Management: You can create accounts from within Cloud Management by accessing Settings > Organization > Account.
- Contact your Account Manager or our Sales team at firstname.lastname@example.org or by phone at (866) 787-2253
Invite a User to Join an Organization
Follow the instructions to Invite users to RightScale
Manage IP Whitelists for the Organization
You can manage IP whitelists by adding, modifying, or deleting Dashboard and API IP access rules that have been created on Rightscale accounts. All account holders of an organization have the ability to create a range of IP Whitelists. This feature is beneficial if account administrators would like to enable access to RightScale through a company's IP address, essentially blocking traffic from any other IP address. For more information, see Add an IP Whitelist Range.
To be able to properly manage this feature, Enterprise account managers can modify, add, or delete an IP Whitelist range that has been set from accounts of the Organization. The instructions below explain how to use this feature.
enterprise_manageruser role privileges Enterprise Edition account to configure this feature. Contact your account manager or email@example.com for more details.
- Go to Settings > Organization > IP Whitelists
Add a New Rule
- To add a new IP Range, click on New Rule
- Enter in the following details:
- IP Range (CIDR): Specify the IP Range in CIDR notation to control the range of IP addresses that will be allowed access for your account. 0.0.0.0/0 (default) allows access to any IP address whereas 0.0.0.0/32 denies access to all IP addresses. If you enter a range that does not include your own IP address, you may be denied access to your account.
- Description (Optional): This is a user-defined description to help describe the purpose of the IP Range.
- Accounts: A collection of one or more accounts to which the IP Whitelist will apply. Users with IP addresses outside of the whitelist range will not be able to access these accounts.
When you add an IP Whitelist Range, it will be viewable from the Access Controls tab (Settings > Account Settings > Access Controls).
Edit an IP Whitelist Range
When accont memebers of the Organization add an IP Whitelist Range from the Settings > Account Settings > Access Controls , the range will be viewable from the Enterprise IP Whitelists section. If you would like to modify this range, select the IP Whitelist Range and click Edit in the Selected Item window.
You will have the ability to modify the IP Range (CIDR), Description , and the Accounts of the selected range.
Delete an IP Whitelist Range
Additionally, if you would like to remove this range, you can do this by selected the IP Whitelist Range, clicking Actions, and then Delete.
Once you delete an IP Whitelist Range, it will be removed from the Access Controls tab (Settings > Account Settings > Access Controls) of the account user that has access to view the tab.
Update Organization name
Ensure the name of your organization is meaningful to your users. You need to have
enterprise_manager role in order to perform this action.
Select any account in the Organization that you wish to update from the account selector.
Under Settings, select Organization
At the top, click anywhere on the existing name above the dotted line
Enter new name and click OK to save
The new name will now be displayed