posted

0 Comments

With the release of vRealize Automation (vRA) 8.1, we are offering support for dedicated infrastructure multitenancy.  This capability is enabled as a separate process in vRealize Suite Lifecycle Manager (LCM) once vRA is installed and configured.  There is no requirement to enable tenancy.  If tenancy is disabled, vRA 8.1 will operate exactly in the same way as 8.0 in terms of access and authorization.  Organizations can choose whether or not to enable tenancy based on the their need for the logical isolation provided by multitenancy.

Enabling tenancy creates a new Provider (default) organization.  The Provider Admin will create new tenants, add tenant admins, setup directory synchronization, and add users.  Tenant admins can also control directory synchronization for their tenant and will grant users access to services within their tenant.  Additionally, tenant admins will configure Policies, Governance, Cloud Zones, Profiles, access to content and provisioned resources; within their tenant.  A single shared SDDC or separate SDDCs can be used among tenants depending on available resources.  In addition to their other privileges, Provider Admins can also act as Tenant Admins.

 

Before enabling tenancy, there are a number of prerequisites covered in the product documentation.   Once the prerequisites are out of the way, you will enable tenancy in LCM.  The initial Provider (default) Organization will change the URL you use to access VMware Identity Manager (aka vIDM and VMware Workspace One Access).  The process to enable tenancy in vIDM and vRA will take about 30 minutes.

 

 

Once Tenancy is enabled, you can now add tenants and allow logical separation within vRA from the Tenant Management portion of LCM.  Clicking Add Tenant starts the tenant creation wizard.  The tenant creation process includes naming the tenant, adding a tenant admin, and the option to sync users from an external directory.  Each tenant will have its own unique configuration, including tenant admin and potentially directory DN to sync users from.  Once the tenants are added, you can navigate back to Tenant Management and manage the configurations as shown in the screenshot below.

 

 

Clicking the Tenant Name opens the tenant management screen.  Here you will have the option to add tenant admins either locally from the system directory or from an external directory such as Microsoft Active Directory.  You can control product associations as well, although only vRA is supported currently.

 

 

As mentioned previously, tenancy allows admins to provide unique configurations on a per tenant basis.  In the example below, different Projects have been created in each tenant to highlight the logical isolation available on a single installed vRA instance.

 

In summary, tenancy offers the ability to create an additional layer of governance and isolation beyond what Projects have provided since the 8.0 release.  The multitenancy capabilities in vRA 8.1 offers the flexibility and control organizations require, while maintaining the same user experience.  You can take advantage of multitenancy today within vRA 8.1!  For a deeper dive on how to install and configure multitenancy check out this blog from VMware SE Maher AlAsfar.