VMware Networking Community
niceguy001
Enthusiast
Enthusiast
‎11-04-2019 11:07 PM

NSX-v multitenancy and administrator permission

Hi

I just saw this figure about the NSX-v multi-tenant design https://www.nts.eu/wp-content/uploads/2018/05/4-1.png

and would like to know if the NSX datacenter is designed in such way for tenants to use,

then, the detailed permission and right that covered NSX objects(such as ESG) should be configured in vSphere for each tenant administrator to restrict them in their domain?

Since NSX-v does not have multi-tier routing and service/distributed router design, is it a big disadvantage?

Reply
0 Kudos
1 Reply
Sreec
VMware Employee
VMware Employee
‎11-05-2019 01:21 AM

Most likely this will fit for a service provider design , SP will have the full control on the Perimeter edge and tenants leverage their own set of routers . Scaling is also a factor that you should be well aware of , want to stick with default interfaces or sub interfaces ? Need overlapping subnet configurations with NAT? ,basic questions that should consider while doing such design. Last but on the least, when you do upgrades we will end notifying all the tenants considering the provider edge design same goes for any potential failures. May be you could use provider edge only for shared monitoring environment/design and steer the traffic to right appliances and you can have dedicated data traffic edges for tenants as well. I will not say NSX-v doesn't have multi tenancy ,we can certainly do it, but don't compare with NSX-T service router contexts

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos