Unified Portal ZHera

ZHera is the unified entry component of the ZCF platform. It provides single sign-on, unified navigation, and cross-product resource views for enterprise users across multiple product lines. With ZHera, operators can manage ZStack Cloud, ZSphere, ZStone, ZBS, ZSN, and other products from one interface without switching between consoles.

ZHera integrates single sign-on based on OAuth 2.0 / OIDC and supports existing enterprise LDAP, Active Directory, and mainstream identity providers. After signing in once, users can access all authorized product modules without repeated authentication.

• LDAP / AD account integration
• SAML 2.0 / OIDC support
• Optional multi-factor authentication (MFA)
• Configurable session timeout and forced logout policies

Unified navigation brings core operations from each product into one top-level menu. Users see modules based on role permissions. Resource views summarize resources across products, including:

• Compute resources: physical hosts, VMs, and bare-metal instances
• Storage resources: distributed storage pools, volumes, and snapshots
• Network resources: VPCs, subnets, IP pools, and load balancers
• PaaS resources: container clusters, application instances, and service meshes

Resource views support filtering by project, tenant, and tag for easier resource location and management at scale.

ZHera provides a fine-grained RBAC model and supports permission policies across global, project, and resource scopes.

In multi-tenant mode, resources, networks, and quotas are fully isolated between tenants.

ZHera provides customizable operation dashboards with drag-and-drop layouts and multiple chart types such as line charts, pie charts, and heat maps. The alert center aggregates alerts from sub-products and displays, processes, and archives them in ZHera.

The dashboard refresh interval is configurable, defaults to 30 seconds, and supports large-screen mode for NOC monitoring rooms.

ZHera exposes complete REST APIs covering user management, permission configuration, resource queries, and other operations for integration with internal CMDB, ITSM, and automation platforms.

APIs are described with OpenAPI 3.0 and can be debugged online through the built-in API Explorer. All API calls support token-based authentication, including API Key and OAuth 2.0 Client Credentials modes.