by Rich Bourdeau
In many cases, businesses set up private or hybrid clouds that can be shared by a number of groups within a company. However, in shared cloud environment, where multiple companies, divisions or independent groups are using a common infrastructure fabric, sometimes it is necessary to set up virtual private clouds where authentication, resources, policy and even look and feel can be customized to the needs of each group.
vRealize Automation has a concept called Tenants that can be used to provide isolation between independent groups in shared cloud environment, where multiple companies, divisions or independent groups are using a common infrastructure fabric, Tenants are useful for isolating the users, resources and services from one tenant from those of other tenants.
Tenant Concepts
Each tenant has unique configuration policies that are specific to that tenant. Let’s look as some of the attributes that define a tenant.
- Each tenant has one or more identity stores that are used to authenticate users. These identity stores can be either Active Directory or any Open LDAP directory service.
- The management portal can have its own URL. and the portal can have unique branding specific to that tenant
- Each tenant can also have their specific email servers
- Tenants can also be divided up into smaller organizations called Business Groups
- Service Entitlement polices control which services and day-2 actions each tenant, business group, or user can access.
Managing Multiple Tenants
If additional tenants are added, by default, they will inherit the configuration and policies of the default tenant. They will have the same URL, branding, email server and authentication identity store unless they are specifically customized. Each tenant admin can override the default tenant settings. For example: they can have their own unique branding and URL with the tenant name as part of the URL. They can also have their own identity stores and email servers.
If you want to have multiple tenants each with their own branding, URL, identity store and email servers it is best not to customize the default tenant. Best practice is to use the default tenant for attributes which will span multiple tenants. Then you can create separate tenants for the Green Company and Purple Limited. Each tenant has a unique branding, portal URL address and identity store, but share a common email server. In addition each tenant and business group can have their own dedicated or shared infrastructure resources.
Learn More
- Video: vRealize Automation Organizational Grouping and Roles (5:23 min)
This video provides an overview of both system wide and tenant specific organizational grouping capabilities. In addition we will explore the different administration and user roles as well as the scope of their authority. - Video: vRealize Automation Managing Tenants (8:38 min)
Most companies will likely only have a single tenant. This video demonstrates the best practices for configuring and managing one or more tenants. - Paper: vRealize Automation Application Services : New Capabilities to Support Multi-Tenancy
vRealize Automation Application Services, beginning with the 6.1 release, has added many new capabilities to its multi-tenancy support to better align it with vRealize Automation tenant policies and give users a more uniform experience across infrastructure and application services. This paper illustrates the changes in multi-tenancy support by working through an example.
If you know of any additional material on vRealize Automation (formerly vCloud Automation Center) multi-tenancy please let me know and I will add it to this post.