2 Replies Latest reply on Oct 14, 2020 3:26 PM by daphnissov

    Running Multiple Customer Managed Environments in NSX-T 2.5 (VxRAIL on VCF 3.10)

    thecloudcheif Novice

      Hi!

       

      So we recently deployed VCF on VxRAIL 3.10 in a Stretched Cluster configuration at a customer and we have the baseline NSX-T configurations setup. We have several internal customers that would like the ability to manage their own networking in the NSX-T environment. We currently have a single stretched Tier 0 between the sites as per the VCF default deployment.

       

      We want the ability for admins of each department to be able to manage their own networking, without being able to touch the rest of the NSX-T environment.

       

      Our plan was to create a Tier 1 for each customer (we have 6 internal departments of "customers") and then give role based access to set of admins managing each group.

       

      I have done a lot of research but I cannot find a lot of good documentation on how to do this. I did find a good article here: https://lucacamarda.blog/2019/09/11/nsx-t-multitenancy-object-based-rbac-with-principal-identities-and-policy-api/

       

      But from what I see in this article, it seems that this is more of an RBAC approach. It would be great to be able to have each customer able to log into their Tier 1 "sandbox" and manage their own networking, IP ranges (assigned to that Tier 1), etc.

       

      Is this possible? Are their any reference architecture docs for this?


      Many thanks.