Create a PrivateCloud instance by using an account different from that for a CEN instance -

This topic describes how to create a PrivateCloud instance when a virtual private cloud (VPC) and a Cloud Enterprise Network (CEN) instance belong to different accounts.

Description

To create a PrivateCloud instance by using an account different from that for a CEN instance, you must click the Cross account tab in the Network configuration section on the Create a PrivateCloud page in the Alibaba Cloud VMware Service (ACVS) console. The PrivateCloud instance to be created and the VPC belong to the same account, but a CEN instance and a transit router of another account are configured in the Network configuration section. In this topic, the account used to create a PrivateCloud instance is specified as Account A. The account that authorizes Account A to use the CEN instance and transit router is specified as Account B.

Prerequisites

You have performed the following operations by using Account A: Log on to the ACVS console. In the Network configuration section of the Create a PrivateCloud page, click the Cross account tab, and submit an application to apply for authorization to create a PrivateCloud instance by using an account different from that for a CEN instance. The application is approved.
You have completed the preparations by using Account A. For more information, see Before you begin. In this example, the CEN instance and the transit router of Account B are used. Therefore, you do not need to perform the tasks of creating a CEN instance and creating a transit router by using Account A, as described in the Before you begin topic. However, you must create a VPC.
You have created a CEN instance and a transit router by using Account B.
You have performed the following operations by using Account A: Log on to the VPC console. Find the VPC created by performing the steps described in the Before you begin topic. On the Authorize Cross Account Attach CEN tab, click Authorize Cross Account Attach CEN. In the dialog box that appears, enter the UID of Account B and the ID of the CEN instance that you want to authorize to Account A, and select the payer. Then, click OK.
Note
For more information about the payer of cross-account authorization of CEN, see Billing rules.
You have performed the following operations by using Account B: Log on to the ACVS console. Click Cross-Account Authorization in the left-side navigation pane. On the Cross-Account Authorization page, click Add Authorization. In the dialog box that appears, enter the UID of Account A and the ID of the VPC, and select the CEN instance of Account B that needs to be authorized to Account A.
Note
After you perform the preceding operations, the following service-linked role (SLR) is automatically created:
- Role name: AliyunServiceRoleForACVSCenResourceConfiguration
- Policy: AliyunServiceRoleForACVSCenResourceConfiguration
- Permission description: The permission granted in the preceding operation allows ACVS to access resources in your CEN instance and Resource Orchestration Service (ROS) and allows the role to perform ACVS-related configurations.
- References: Service-linked roles for ACVS

Tasks

Create a PrivateCloud instance by using an account different from that for a CEN instance

Procedure

1. Log on to the ACVS console by using Account A.

2. Click Create a PrivateCloud in the upper-right corner of the console.

3. On the Create a PrivateCloud page, set the related parameters, and click Preview and create.

4. Check that the parameters are correctly set. Then, click Submission.

Parameters for creating a PrivateCloud instance

Section	Parameter	Description
Payment model	Year and month	Only the subscription billing method is supported for PrivateCloud instances.
Purchase configuration	Region	Select the region and zone where the PrivateCloud instance is to be deployed. Note PrivateCloud instances are available in the following regions and zones: China (Shanghai) Zone L, China (Beijing) Zone L, and China (Shenzhen) Zone F.
	Host type	Select a host type for the PrivateCloud instance. For more information about host types, see Host types.
	Number of hosts	The number of hosts in the default cluster. Valid values: 3 to 16. Note The number of hosts in the default cluster. The minimum number of hosts is 3, and the maximum number of hosts is 16. For a PrivateCloud instance, the maximum number of hosts in all clusters (including the default cluster) is 64. After you create a PrivateCloud instance, a default cluster is created. The default cluster contains the management components such as vCenter and NSX Manager. The number of hosts that you specified indicates the number of hosts in the default cluster. If needed, you can add hosts to the default cluster by performing the Add host operation. For a PrivateCloud instance with a default cluster that has only one host, you can only purchase the instance for one month for testing purposes. You cannot add clusters or hosts to the instance. Alibaba Cloud does not provide service level agreement (SLA) commitments for such an instance. Such an instance is automatically released upon expiration and cannot be renewed.
	Duration of purchase	Select a subscription duration. Note Only the subscription billing method is supported for PrivateCloud instances.
Network configuration	VPC instance	VPC that is interconnected with your PrivateCloud instance. Select the ID of the VPC created in Before you begin. If no VPC is created, click New VPC to create a VPC. Note If a Basic Edition transit router is used in the CEN instance authorized by Account B to Account A, the VPC must be attached to the Basic Edition transit router of Account B before the PrivateCloud instance is created. For more information about how to attach a VPC to a transit router, see Connect VPCs.
	CEN instance	Used for the communication between your PrivateCloud instance and the selected VPC. Select the ID of the CEN instance authorized by Account B.
	PrivateCloud network segment	The network segments of the PrivateCloud instance, including the ESXi management, vMotion, and vSAN subnets. You can use the following private CIDR blocks defined in RFC 1918: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Only 20-bit and 21-bit subnet masks are supported.
Dedicated VMware environment configuration	Name	Name of the PrivateCloud instance. It must start with a letter and cannot start with http:// or https://. The name can contain letters, digits, colons (:), underscores (_), periods (.), and hyphens (-). The name must be 2 to 128 characters in length.
	vCenter password	Set the logon password for the VMware management component vCenter. The username is cloudadmin@acvs.aliyuncs.com. The password must be 15 to 20 characters in length and contain at least one uppercase letter, one lowercase letter, one digit, and one special character. Do not use a password that contains consecutive digits, letters, or a pattern. We recommend that you generate a random password to prevent a failure to create a PrivateCloud instance due to insufficient password strength.
	NSX-T Manager password	Set the logon password for the VMware management component NSX-T Manager. The username is cloud_admin. The password must be 15 to 20 characters in length and contain at least one uppercase letter, one lowercase letter, one digit, and one special character. Do not use a password that contains consecutive digits, letters, or a pattern. We recommend that you generate a random password to prevent a failure to create a PrivateCloud instance due to insufficient password strength.
	Resource Group	Select the resource group to which the PrivateCloud instance belongs. You can select the default resource group or create a resource group. For more information about resource groups, see What is Resource Management?