Multi-tenancy is the principal technology that clouds use to share IT resources cost effectively and securely. Multi-tenancy separates tenants running applications in a shared environment, in much the same way as tenants in an apartment building would share the common infrastructure of the building, but walls and doors give them privacy from other occupants. In a multi-tenant cloud deployment, the resources controlled by one tenant (such as a business or an organization) are physically or logically separated and secured from other tenants and applications that are using the cloud.
This segregation of tenants not only provides enhanced security, easier management, and cost savings, but also enables greater agility and scale, allowing for new capabilities to be rolled out once for the entire infrastructure.
Fine-Grained Access Control
vCommander allows you to configure fine-grained access control for both those who provide the service and configure a multi-tenant cloud model (producers) and those who manage their IT assets and request additional cloud services using the Service Portal (consumers). The Superuser and Administrator roles within vCommander allow producers to configure multi-tenancy in the administration console, while various Service Portal roles ensure that consumers can see and do only what you allow.
An organization, the basis of the vCommander multi-tenant model, is a group of consumers with a common business purpose. Configuring organizations allows you to:
- Segregate data for your consumer groups
- Ensure that consumer groups can access only the resources assigned to them
- Enable a distinct cloud automation configuration for each consumer group
- Delegate administrative tasks to consumers
In the multi-tenant vCommander model, the entire service request process is unique to each organization and the following capabilities can be configured per organization:
- Resource-based and cost-based quotas
- Service catalog entries
- Service request forms
- Service request approval workflows
- Deployment destinations
- Service ownership
- Command workflows
- Usage-based service cost allocation
- Media library
- Maintenance window
Delegated Administrative Tasks
To lighten the load on the vCommander administrator, you can also optionally delegate the administrative tasks to one or more organization managers, providing them with extended permissions for managing an organization's members and its assets. These permissions can be specifically tailored to match the technical abilities of your organization managers.
The tasks that can be delegated through permissions include:
- Adding and removing members
- Modifying members' roles
- Assigning the primary contact for an organization
- Managing the media library
- Assigning quotas to members
- Approving members' service requests
- Monitoring quota usage
Comprehensive Self-Service Provisioning
Once you’ve established your organizations and started providing self-service provisioning to your consumers, you can say goodbye to those days of hastily written emails that provide incomplete details about a VM that just has to be available right now. Senior Storage and Virtualization Specialist Ian Mcbride describes how vCommander helped to streamline decentralized processes at the University of Birmingham: “Prior to implementing vCommander, requests for systems would come in via service tickets, emails or phone calls, and invariably, not all the required information was provided, adding delay in deploying systems.”
Now, using vCommander’s comprehensive self-service provisioning features, your users can find exactly what they need by using a service catalog with blueprint forms, so all the information is gathered upfront. This can be made even easier by creating thoughtful names and descriptions, and using meaningful icons and categories, as discussed in a recent blog article.
The flip-side is that whenever users get used to something being easy, they want more. So maybe it’s not exactly bad news, it’s really just a shift in where your effort as administrator is being spent. Where previously your time would be spent being reactive, trying to keep up with requests coming in, chasing down all of the information you need, or liaising with all the other teams involved in VM provisioning (such as networking, storage and security), your attention can now be focused on being a proactive designer of services that will automatically be provisioned hands-free.
Facilitating Data-Driven Decisions
This means anticipating your users’ needs and continuously adding value to the Service Catalog. And that’s where vCommander helps by facilitating data-driven decisions about which services are being consumed. vCommander allows you to make decisions about which need to be tweaked, and which may be candidates for retirement because they're not being requested.
To access this Service Catalog data, simply log into the vCommander admin console, go to the Service Catalog tab, and switch to Table view.
This way, you don’t have to drill into a service to get at the pertinent details you’ll be considering. If you want to consider one or more categories and exclude the others, check the relevant checkboxes.
Sorting the table by the Completed Requests column provides a popularity ranking for the services. Just by looking at the sorted list you can quickly understand what’s being consumed. Are your Windows services outstripping your Linux ones? Is this because you have fewer distinct services, or are your users more interested in Windows?
It’s also important to examine the Last Request column, so you understand whether a service that has been requested many times is still currently useful. If a service hasn’t been requested in six months, it’s probably unnecessary. You don’t have to delete it — just edit the service and change its visibility settings to Do not publish.
In addition to using this data-driven approach to providing services, don’t forget to talk to the people who will be consuming them, and whose lives can be made easier with your help - the users. Consider running focus groups or workshops to ensure that the Service Catalog continues to be efficient and effective. For example, do users want more support for public clouds, would they like more customization and control over services, and are they routinely installing software manually that could be handled as new services?
Remember, the more your Service Catalog has what your users need, the more likely it is that users can deploy virtual machines without administrative intervention. Self-service provisioning of virtual machines means users don’t have to wait for administrators to deploy their VMs, and also decreases the administrative workload, freeing IT to focus on more strategic business goals.
And if you would like a customized demonstration of vCommander, to see see multi-tenancy in action, and how best to manage it, click on the link below.