Join a Tenant to Tenant Broker
Once the Tenant Farm is operational, you can join one or more sites in it to the Tenant Broker.
There are two ways you can join a Tenant: (1) Using an invitation hash or (2) Using a shared secret key. The difference between the two is as follows:
- Invitation hash. An invitation hash is an automatically generated encrypted string that can be used to join a single Tenant to Tenant Broker. Invitation hash is a property of a Tenant object, which is created in the Tenant Broker console. You email the hash to the Tenant Farm administrator, so they can use it to join the Tenant Broker. Once used, an invitation hash cannot be used again by any other Tenant.
- Shared secret key. A shared secret key is similar to an invitation hash, with one important difference. It can be used to join an unlimited number of Tenants. A Tenant object is not pre-created for a secret key in the Tenant Broker. Instead, the object is created when the key is used to join a Tenant. Because of its unlimited usage capability, only the Tenant Broker admins should have access to a shared secret key. This scenario is useful when there are multiple Tenants, all managed by the same Tenant Broker administrator.
The invitation hash scenario is described below. For the secret key scenario see Joining with a secret key.
First, you need to generate an invitation hash and create a Tenant object on the Tenant Broker side:
- Log in to the Tenant Broker.
- In the RAS Console, navigate to Farm > Tenants.
- Click Tasks > Add.
- In the Tenant properties dialog, specify the following:
- Name: Type a Tenant name (this can be any name that you like).
- Public domain address: If you've already assigned a public domain address to the Tenant, specify it here. If not, you can leave it blank. The address is not required for the Tenant to join the Tenant Broker. However, without the address specified here, end users will not be able to connect to the Tenant, so you will need to come back and fill it in later. For details, see Assign a public domain address.
- Description: Type an optional description.
- Connection Brokers: This filed is disabled and will be populated automatically when the Tenant joins the Tenant Broker. See more in Tenant configuration.
- Tenant invitation hash: This is the hash that the admin of the Tenant Farm will need to use to join the Tenant Broker. A hash is generated automatically when you open this dialog. To generate a new hash, click Create new hash.
- Send via email. You can give the invitation hash to the Tenant admin directly or you can use this button to send it via email. When you click the button, you'll see a dialog where you can enter the recipients and where you can review and modify the email message. By default, the message contains instructions on how to join the Tenant Broker. Please note that SMTP settings must be configured in the RAS Console before you can use the email option. You can configure SMTP first and then return to this screen to complete this step.
- Click OK to close the Tenant properties dialog. The new Tenant will appear in the Tenants list in the console. At this time, the Tenant is not joined yet. Read on to learn how to join it.
To join the Tenant to the Tenant Broker:
- Log in to the Tenant Farm.
- In the RAS console, navigate to Farm > Site. Note that you are joining a Site to the Tenant Broker, not the whole Farm, so if you have more than one Site, you need to join them one by one.
- Click Tasks > Join Tenant Broker.
- In the Join Tenant Broker dialog, enter the invitation hash that you obtained from the Tenant Broker in the previous steps (or, if you are an admin of a Tenant Farm, the one your received in the invitation email).
- Click Join.
On successful join, you will see a message welcoming you to the Tenant Broker. If the primary Connection Broker in your Tenant Farm can't reach the Tenant Broker, you will see a corresponding error message. Make sure that the Tenant Broker computer is reachable from the machine where you have the Tenant's RAS Connection Broker running.
Overriding Tenant Broker IP address
The Tenant Broker IP address is detected automatically when you generate an invitation hash (or a secret key) and is embedded into the hash. If a Tenant can't reach the Tenant Broker using this address, you have the ability to override it as follows:
- Log in to the Tenant Broker.
- In the RAS Console, navigate to Farm > Settings and click the Tenant broker tab.
- Select the Override Tenant Broker address in tenant invitations and secret keys option.
- Enter the desired IP address in the field provided.
When done, the specified IP address will be used instead of the auto-detected address when generating an invitation hash or secret key. When the hash is used on the Tenant side to join the Tenant Broker, the Tenant will use this address to connect to the Tenant Broker.
Once used on the Tenant side, an invitation hash binds the Tenant Farm to the corresponding Tenant object in the Tenant Broker and the tenancy becomes effective.