Multitenancy: Provide exclusive management environment to your tenants

NetScaler MAS provides multitenancy functionality where you can configure the system for multiple tenants. Each tenant can add their network instances, manage, and monitor these instances and applications, and create their own users and groups. No tenant has visibility into the instances and applications of the other tenants. Only the system admin has visibility into the instances, applications, and reports of all the tenants. However, the system admin cannot create users for the tenants. Only the system admin can perform the system-level tasks.

Consider a scenario where an organization such as has an infrastructure group and multiple business units within it. They want to centrally manage all instances in their network. However, they want to provide exclusive environment to each business unit.

The following image shows how the organization infrastructure group is structured. They want each of the four business units to have exclusive management environments. This image also shows the number of instances each business unit wants to manage.

localized image

Chris, the ADC group head, is the system admin of NetScaler MAS. Chris creates two tenants for the two business units, Example-online and Example-Retail, and assigns two users as administrators of these tenants. Each tenant administrator can now add more users, add instances they want to manage, and create subtenants within their tenant environment.

The following image shows the tenants and users that are created in NetScaler MAS for this example.

localized image

Adding tenants

In this example, Chris, the system admin creates two tenants: example-online and example-retail. While creating the tenants, Chris also creates a default admin user for each tenant.

To add tenants:

  1. Navigate to System > Tenants, and click Add.

  2. On the Create Tenant page, specify the tenant name and the tenant user name whom you want to assign as the administrator for this tenant. Also, provide the password.

  3. Click Create.

    localized image

    On the Tenants page, you can view the list of tenants that are created.

    localized image

    You can also view the list of admin users for each tenant on the System > User Administration > Users page.

    localized image

    When you create the tenants, two default system groups are created: admin group and read-only group for each tenant as shown in the image as follows. For example, example-online_admin_group and example-online_readonly_group are created for tenant example-online.

    localized image

Logging on to NetScaler MAS as a tenant user

After the tenants are created, a tenant user can log on to NetScaler MAS using the tenant user credentials. To do so, a tenant has to provide both the domain name and the user name, for example, example-online\John.

localized image

Adding instances as a tenant user

After a tenant logs on, NetScaler MAS prompts the tenant to add instances. Click + New to add the instances you want to manage. Alternatively, you can click Do it. Later and add the instances later from the Infrastructure tab. For details, see Adding an Instance to NetScaler MAS.

localized image

In this example, John adds two NetScaler SDX instances.

Specify the instance type, the IP addresses (separated by comma), and the profile name that NetScaler MAS can use to access the instances. Then, click OK.

localized image

Creating a user

John, the tenant admin, now wants to create a user for David so that David can monitor all the instances and applications of this tenant. However, Chris does not want David to perform any configuration task on the instances or change any system settings for the tenant. So, Chris creates a user david with read-only permissions.

To create a user:

  1. Navigate to System > User Administration > Users and click Add.

  2. On the Create System User page, specify the user name and password for the user you want to create.

  3. Under Groups, select the group you want to assign to this user. In this example, the example-online_readonly_group is assigned to user david.

    localized image

Creating tenants within tenants

As a tenant administrator, you can create subtenants if you want to partition your tenant further. However, you can create only one level of subtenants. In this example, John creates two subtenants, example-digital and example-ecommerce. While creating these two subtenants, Chris assigns Jane and Mike as the admin user respectively.

To create a tenant within a tenant, follow the steps described in Adding Tenants.

You can view the tenants created on the Tenants page.

localized image

You can also view the permissions assigned to the users. Navigate to System > User Administration > Users, select a user, and click Edit.

On the Configure System User page, under Groups, you can view the groups assigned to that user. In this example, you can see that example-digital_admin_group is assigned to Jane.

localized image

As a tenant admin, if you have already added instances to NetScaler MAS, you can assign the instances to users in your tenant or subtenants for management and monitoring. For example, John can assign one VPX instance to Jane for management purposes.

  1. Navigate to System > User Administration > Group.

  2. Select the group to which the user is assigned and click Edit.

    localized image

  3. On the Modify System Group page, on the Users and Instances tab, clear the All Instances check box.

  4. Under Instances, select the instance you want the user to manage as shown in the following figure:

    localized image