So we recently deployed VCF on VxRAIL 3.10 in a Stretched Cluster configuration at a customer and we have the baseline NSX-T configurations setup. We have several internal customers that would like the ability to manage their own networking in the NSX-T environment. We currently have a single stretched Tier 0 between the sites as per the VCF default deployment.
We want the ability for admins of each department to be able to manage their own networking, without being able to touch the rest of the NSX-T environment.
Our plan was to create a Tier 1 for each customer (we have 6 internal departments of "customers") and then give role based access to set of admins managing each group.
I have done a lot of research but I cannot find a lot of good documentation on how to do this. I did find a good article here: https://lucacamarda.blog/2019/09/11/nsx-t-multitenancy-object-based-rbac-with-principal-identities-a...
But from what I see in this article, it seems that this is more of an RBAC approach. It would be great to be able to have each customer able to log into their Tier 1 "sandbox" and manage their own networking, IP ranges (assigned to that Tier 1), etc.
Is this possible? Are their any reference architecture docs for this?
Seems kinda like something for the vCloud Director
It kinda works in a manner you desire - you provide complete IaaS for your customers together with full networking isolation based on NSX-V Edge or NSX-T T1
Unfortunately this just for Cloud Providers and Telcos