Today we took a look at the vShield Products which claim to be able serve tenants/Orgs. I understand that this product suit work very well under vCD and does indeed provide the functionality to tenants to manage their own networking BUT this is not the case in vCenter.

Here is an example. I am a tenant with Native access to vCenter but I can only access my VM, DataStores, PortGroups...etc etc..... Once the vShield plugin has been integrated I have access to the vShield Edge & App tabs which all looks very promising. So I click on one of my port groups and find that I can now configure an Edge with ANY of the port groups on the system!!!! Even ones that I have no permissions for!!!!

Even if the admin configures the edge product for me I am still able to Uninstall it and get access to other port groups.......

The thought of be able to pass off the tenants firewalling, NAT and VPN to the tenant is a promising one, and one we currently have to do in a vRouter for each client......

Get work so far VMware but we really need to see some integration with current permission sets. I am very surprised that we often see plugins that cannot be used because that expose the system in way you may not want your tenants to see. Integrated permissions only seem to be considered as an after though.