Application Delivery Management

Multitenancy: Provide exclusive management environment to your tenants

Important

Multitenancy is no longer supported for ADM on-premises and service deployments.

Citrix Application Delivery Management (ADM) provides multitenancy functionality where you can configure the system for multiple tenants. Each tenant can add their network instances, manage, and monitor these instances and applications, and create their own users and groups. No tenant has visibility into the instances and applications of the other tenants. Only the system admin has visibility into all instances, applications, and reports of all tenants. However, the system admin cannot create users for the tenants. All system-level tasks can be performed only by the system admin.

Consider a scenario where an organization such as example.com has an infrastructure group and multiple business units within it. They want to centrally manage all instances in their network. However, they want to provide exclusive environment to each business unit.

The following image shows how the example.com organization infrastructure group is structured. They want each of the four business units to have exclusive management environments. This image also shows the number of instances each business unit wants to manage.

Example organization structure

Chris, the ADC group head, is the system admin of Citrix ADM. Chris creates two tenants for the two business units, Example-online and Example-retail, and assigns two users as administrators of these tenants. Each tenant administrator can now add more users, add instances they want to manage, and create subtenants within their tenant environment.

The following image shows the tenants and users that are created in Citrix ADM for this example.

Tenants and users created

Add tenants

In this example, Chris, the system admin creates two tenants: Example-online and Example-retail. While creating the tenants, Chris also creates a default admin user for each tenant.

To add tenants

  1. Navigate to System > Tenants, and click Add.

  2. On the Create Tenant page, specify the tenant name and the tenant user name whom you want to assign as the administrator for this tenant. Also, provide the password.

  3. Click Create.

    Create a tenant

On the Tenants page, you can view the list of tenants that are created.

Tenants page

You can also view the list of admin users for each tenant on the System > User Administration > Users page.

Users page

When you create a tenant, three default system groups are created, admin group, adminExceptSystem_group, and read-only group.

Example:

The Example-online tenant has the following default groups:

  • example-online_admin_group
  • example-online_adminExceptSystem_group
  • example-online_readonly_group

Example online groups

Log on to Citrix ADM as a tenant user

After the tenants are created, a tenant user can log on to Citrix ADM using the tenant user credentials. To do so, a tenant has to provide both the domain name and the user name, for example, example-online\John.

Log in as a tenant user

Add instances as a tenant user

After a tenant logs on, Citrix ADM prompts the tenant to add instances. Click + New to add the instances you want to manage. Alternatively, you can click Do it Later and add the instances later from the Infrastructure tab. For details, see Adding an Instance to Citrix ADM.

Add instances as a tenant

In this example, John adds two Citrix ADC SDX instances.

Specify the instance type, IP addresses (separated by comma), and profile name that Citrix ADM can use to access the instances, and then click OK.

Add an SDX instance as a tenant

Create a user

John, the tenant admin, now wants to create a user for David, so that David can monitor all the instances and applications of this tenant. However, Chris does not want David to perform any configuration task on the instances or change any system settings for the tenant. So, Chris creates a user David with read-only permissions.

To create a user:

  1. Navigate to System > User Administration > Users and click Add.

  2. On the Create System User page, specify the user name and password for the user you want to create.

  3. Under Groups, select the group you want to assign to this user. In this example, the example-online_readonly_group is assigned to user David.

    Create a system user

Create tenants within tenants

A tenant administrator can create subtenants if to partition the tenant further. However, the tenant administrator can create only one level of subtenants. In this example, John creates two subtenants, example-digital and example-ecommerce. While creating these two subtenants, Chris assigns Jane and Mike as the admin user respectively.

To create a tenant within a tenant, follow the steps described in Add tenants.

You can view the tenants created on the Tenants page.

Create tenants within tenants

You can also view the permissions assigned to the users. Navigate to System > User Administration > Users, select a user, and click Edit.

On the Configure System User page, under Groups, you can view the groups assigned to that user. In this example, you can see that example-digital_admin_group is assigned to Jane.

Configure system user

As a tenant admin, if you have already added instances in Citrix ADM, you can assign the instances to users in your tenant or subtenants for managing and monitoring. For example, John can assign one VPX instance to Jane for management purposes.

  1. Navigate to System > User Administration > Group.

  2. Select the group to which the user is assigned and click Edit.

    Edit groups

  3. On the Modify System Group page, on the Authorization Settings tab, clear the All Instances check box.

    Modify system group

  4. Select the instances that you want the user to manage and then click Select Instances.

  5. Click Next and then click Finish.

Multitenancy: Provide exclusive management environment to your tenants