Multi tenancy in Telco space.

Multi tenancy in Telco space.

Multi tenancy in Telco space.

 

Authors: Praveen Batta, Saravanan V

 

Praveen Batta is a senior consultant and CTO-Ambassador in VMware. Serving the Telco Industry, focusing on Kubernetes, cloud technologies and VMware solutions. He has 16 years of experience in multiple technologies, including: Virtualization/Cloud, and SDN, Linux, SAN. In those 15 years, Praveen has held several different roles: System administration, technical support, R&D, solutions architect, and consultant.

 

 

Saravanan V is a consultant in VMware, serving the Telco Industry, focusing on Kubernetes and VMware solutions. He has 11 years of experience in multiple technologies, including: NFV, Virtualization/Cloud, and SDN. In those 11 years, Saravanan has held several different roles: system administration, technical support, & Telco consultant

 

 

What is multi tenancy:

 

When multiple customers are requesting multiple services, each customer is treated as a tenant and multi-tenant concepts are evolved to serve the multiple customers. Its all about sharing the infrastructure in the Data center. To be more specific, tenants can be different customers, Or different teams in the same organization (Sales team, HR team, Development team, Production team etc).

 

 

A multi-tenant architecture is based on central administration, and involves a common code application, operating common instance(s) of applications for multiple tenants. In addition, it also secures private data for each tenant from others.  

 

 

Why multi tenancy:

 

The purpose of multi tenancy came into the picture when we want to share the resources between different parties. That can be infrastructure like hardware (Server, storage and networks), software, services etc in the data center.   

What happens if we don’t follow multi tenant approach? - Obvious result is to maintain multiple infrastructure locations which leads to complexity in maintenance, end up spending too much for each party (customer/team/..).

 

How Multi tenancy:

For simple understanding, In the below picture a server is virtualized and made hypervisor to share the cpu, memory with multiple customers. Virtual machines (VM's) from different customers are deployed on the Hypervisor with proper orchestration. In this way we achieve the optimum utilization of the server resources (CPU/RAM) and it helps to reduce the cost and complementing the CAPEX and OPEX of the organization.

PraveenBatta1_0-1662557671020.png

 

 

Multi tenancy for VMware Telco customers:

 

Telco providers demand for resource isolation when it comes for network functions from different vendors. Service providers need a solution to isolate the resources in an shared environment.

 

In below example, Lets say Nokia and Huawei is sharing the resources and at the same time, it no two tenants can access each other by default.

 

PraveenBatta1_1-1662557671032.png

 

 

In above scenario, respective customer will use its VNF-Manager to deploy the network functions without intervention of the data center admin.

 

In another instance, lets say single customer wants to isolate the resources between the network functions as per the demand of the network functions. In this case Telco vendor can go with tenant creation as per the requirements.

 

Multi tenancy with VMware VCD [vCloud Director]:

 

vCloud Director (vCD) provides multitency with the entity called “Organization” and represent a single logical security unit. A vCD organization typically maps to a Vendor or a VNF. Organizations can use local accounts or distributed directory service accounts for user authentication via LDAP.

 

PraveenBatta1_2-1662557671055.png

 

 

In the above scenario, the physical resources are configured with two different clusters (one for each vendor) and the cluster settings are applied based on vendor requirements. Each cluster is prepared with VCD's pVDC (Provider Virtual Data Center) and each pVDC is associated with respective tenants.

Each tenant accesses & roles are created within organization,

VCD Organization manages the authentication and authorization along with roles for the tenant users. So the users will access their tenant portal during NF life cycle management.

 

An organization can consist of one or more OrgVDCs (Organization Virtual Data Center), The resources for OrgVDC will be allocated from pVDC and the respective resources pool will be created on vCenter.

 

 

 

 

 

 

 

 

 

Multi tenancy with VIO:

VMware Integrated Openstack (VIO) provides multitency with the entity called “Projects”. Projects in OpenStack are equal to tenants in Telco Cloud Infrastructure. A
project is the administrative container where telco workloads are deployed and managed.

Tenant VDCs (VIO):
A Tenant VDC allows creation of virtual data centers for tenants under different compute nodes that offer specific SLA levels for each telco workload. While quotas on projects set limits on the OpenStack resources, Tenant VDCs allow providing resource guarantees for tenants and avoid noisy neighbour scenarios in a multitenant environment

PraveenBatta1_3-1662557671064.png

 

The above diagram illustrates how a fully integrated VMware Integrated OpenStack Compute Zone,
Project and Tenant vDC, NSX-T segments, and Tier-1 gateways can be leveraged to provide a
multitenant environment for deploying VNF in VIO

 

Multi tenancy with NSX-T:

 

Customers / Tenants are more concerned about the network security and network resource utilization. NSX-T provides proper isolation for the SDN (Software Defined Networking) solutions. East – West Tenant traffic is Isolated using the T1 routers in the NSX-T and North-South tenant traffic can be isolated with T0 routers including VRF-Lite.

 

VRF-Lite provides multiple VRF gateways and each tenant can use the dedicated VRF. Below are few more benefits of VRF-Lite.

  • Isolation of tenants with a single Tier-0
  • Overcome network overlapping

 

PraveenBatta1_4-1662557671097.png

 

In the above example, Tenant Nokia will send East-West traffic through Edge Gateway [EGW] of VCD where as it is connected to T1 (Blue) of NSX-T. Similarly other T1 router (Purple) will be used for Huawei Tenant.

 

North-South traffic will be handled a bit differently. T0 has the capability to host multiple VRF instances using VRF-Lite feature in NSX-T. Each VRF-Lite is dedicated to a tenant. In this way single T0 can be used for multiple tenants to provide traffic isolation in North – South scenarios.

 

 

 

 

Multi tenancy with VCD & TCA:

The virtual Infrastructure is the key component in TCA to achieve multi-tenancy. The VCD with Multiple tenants will be integrated with control plane of TCA and virtual infrastructure will be created for each tenant in TCA-Manager.

PraveenBatta1_5-1662557671112.png

 

 

The above diagram illustrates, the VCD (vCloud Director) is integrated with TCA-CP (Telco Cloud Automation - Control Plane) using system administrator account, and each tenant (VCD – Organization) is prepared as Virtual Infrastructure in TCA Manager using Organization Administrator account.

The user accounts for the NF operator are created in SSO of TCA and the roles will get assigned to their respective virtual end point (Ex. VCD-Nokia & VCD-Huawei).

In this scenario, each tenant users will access the TCA-Manager and execute NF Life cycle operation (Onboard, Instantiate, Scale & Terminate) within their virtual infrastructure (Ex. VCD-Nokia & VCD-Huawei) and TCA will perform the action (vAPP creation, modification & deletion) on vCloud Director (VCD).

 

 

 

 

 

 

 

Version history
Revision #:
2 of 2
Last update:
‎09-07-2022 11:18 PM
Updated by:
VMware Employee
 
View Article History
Contributors