# Get started with ITCare ## How do I connect to ITCare? It is not possible to create your own ITCare account to access the platform. To receive an ITCare account, your organization's security representative must submit an account creation request. ## How do I request an ITCare account? Please contact your Service Delivery Management or the commercial team at cegedim.cloud. ## How is ITCare authentication handled? ITCare authentication is based on an e-mail address and a password that comply with the standards of the cegedim security policy. API accounts use the OpenID protocol. More information about the ITCare API can be found at [itcare-api-authentication](https://academy.cegedim.cloud/itcare-api/itcare-api-authentication "mention"). ## Is multi-factor authentication available? Multi-factor authentication is available and mandatory for certain high privilege actions. During the on-boarding process, you will be provided with all the information necessary to properly configure the MFA. ## What are the possible privileges in ITCare? ITCare privileges are broken down into roles assigned to profiles. Profiles are assigned to users. ### The roles

Roles	Description
See resources	See all the resources and their informations. Read only
Manage maintenances	Ability to manage maintenances
Modify resources	Ability to modify resources except creation and deletion
Manage resources	Complete resource management

{% hint style="warning" %} MFA must be configured and is mandatory for the following roles: * Manage maintenances * Modify resources * Manage resources {% endhint %} ### The profiles

Profiles	See resources	Manage maintenances	Modify resources	Manage resources
Standard (STD)	true	false	false	false
Maintenance (DTM)	true	true	false	false
Operator (OPE)	true	true	true	false
Power (POW)	true	true	true	true

### Privilege Matrix This non-exhaustive table describes the basic actions allowed by profile:

Features	Label	Available for
Bodies	create-instance	POW
start-instance	OPE
stop-instance	OPE
reset-instance	OPE
resize-compute-instance	OPE
delete-instance	POW
Instance monitoring	enable-monitoring-instance	OPE
disable-monitoring-instance	OPE
Snapshot of instances	create-snapshot	MNT
recover-snapshot	MNT
delete-snapshot	MNT
DNS aliases of instances	create-dns	OPE
delete-dns	OPE
LoadBalancers	create-lb	POW
start-lb	OPE
stop-lb	OPE
delete-lb	POW
Monitoring of LoadBalancers	enable-monitoring-lb	OPE
disable-monitoring-lb	OPE
Manage LoadBalancers	add-member-lb	OPE
delete-member-lb	OPE
update-member-state	OPE
DNS alias of LoadBalancers	create-dns-lb	OPE
delete-dns-lb	OPE
Manage maintenance	create-maintenance	MNT
delete-maintenance	MNT
Indicators	create-indicator	POW
update-indicator	POW
delete-indicator	POW
SMS	subscribe-vortext	POW
Storage Object	create-object-stores	POW
update-object-stores	OPE
delete-object-stores	POW
Storage Object - Users	create-user-objectstores	POW
update-user-objectstores	POW
delete-user-objectstores	POW
K8S Clusters	create-cluster	POW
create-cluster-namespace	OPE
delete-cluster-namespace	OPE
create-cluster-nodes	POW
delete-cluster-nodes	POW

## What are the Regions and Availability Zones in ITCare? The topology of the cegedim.cloud hosting platform is divided into: * **Regions**: a group of low latency data centers ( < 1 ms) * **Availability zones**: a set of dedicated infrastructure components in a data center

### What regions are available? Here is the list of regions available to our customers:

Region	Description	Datacenters
EB	Paris area	EB4 : Boulogne-Billancourt EB5 : Magny-les-Hameaux
ET	Toulouse area	ET1 : Labège ET2 : Balma

Region

Description

Datacenters

Paris area

EB4 : Boulogne-Billancourt

EB5 : Magny-les-Hameaux

Toulouse area

ET1 : Labège

ET2 : Balma

### What Availability Zones are available? #### EB Region

Availability Zone	Description	Datacenter
EB-HDS-A	Client zone	EB4
EB-HDS-B	Client zone	EB4
EB-HDS-C	Client zone	EB5
EB-A	Area reserved for the cegedim group	EB4
EB-B	Area reserved for the cegedim group	EB4
EB-C	Area reserved for the cegedim group	EB5

#### ET Region

Availability Zone	Description	Datacenter
ET-HDS-A	Client zone	ET1
ET-HDS-B	Client zone	ET1
ET-A	Area reserved for the cegedim group	ET1
ET-B	Area reserved for the cegedim group	ET1

## What is an ITCare resource? A resource is an infrastructure or middleware component deployed in the **cegedim.cloud** Information System. It can only belong to one Service (see [#presentationitcare-howaremyitcareresourcesorganized](#presentationitcare-howaremyitcareresourcesorganized "mention") for the definition of a Service) A resource is systematically defined by the following properties: * an **id**: unique identifier of the resource. * a **type**: the type of the resource e.g. virtual instance, Kubernetes cluster, etc. * a **name**: more convenient to handle than an id. * a **status**: defines the state of the resource (active, inactive). * an **environment**: defines the type of environment of the resource (production, qa, dev, test, etc.). * **tags**: allows you to tag your resources with customizable keys/values that are queryable. ## What are the possible statuses for resources? Here are the possible statuses of a resource that are visible by the web UI or returned by the API:

Status	Description	API code
Active	The resource is active and the service is available.	ACTIVE
Preparation	The resource is being installed or configured. The service is not yet available.	PREPARATION
Inactive	The resource is inactive and the service is unavailable.	INACTIVE

## How are my ITCare resources organized? Each cegedim.cloud customer has an **Organization** that materializes its existence within our IS. Multiple **Clouds** can be created within an organization. These allow partitioning of resources and user rights. {% hint style="info" %} By default, only one Cloud is defined for a new Organization.\ Additional Clouds can be created upon request. {% endhint %} You can therefore define, at the level of a Cloud, who has access to what and what actions can be performed. It is therefore possible, for example, to have a Cloud that gives full power to your development teams so as not to disrupt production. Within a Cloud, resources are then grouped into **Services**. The Services allow you to group your resources in a logical way according to several free criteria: * The scope of an application * By environment * Any other free criteria: by customer for example {% hint style="warning" %} The Services do not allow the application of user rights restrictions. {% endhint %} In ITCare, the Services have dedicated pages that allow you to easily consult all the resources attached to them.