Avi Networks
Request a Demo

BLOG

Multi Tenancy | Avi Cloud Application Delivery Controller Features

Derek Kang
Posted on Jul 31, 2015 2:41:00 PM

Introduction

Avi Cloud Application Delivery Controller (CADP) provides the ability to carve a single load balancing infrastructure into multiple, discrete load balancers.  This multi-tenancy is provided at both the management / control plane and at the data plane layer.  Providing tenancy prevents different tenants from stepping on each other, by guaranteeing resource availability and fault isolation. Should one tenant experience a failure, other tenants should not be impacted.

When a remote authentication is used, Avi CADP can automatically create or import a tenant ready to go. For example, it can import a tenant from OpenStack keystone based on user authentication.

Multi-tenancy Architecture

All management functions of the Avi CADP, whether via CLI, GUI, or API are done via the Controller. The Controller is logically partitioned for each tenant.

By default, each tenant will have its own dedicated micro-load balancers, called Service Engines. The tenant can configure high availability settings desired for each application. Should the Service Engines expereince an issue, such as resource constraint or a complete crash, there is no impact to other tenants.

 

Multi-tenancy Model

Avi CADP's multi-tenancy model consists of tenants, roles, and users to reflect different responsibilities of a user across multiple organizations. 

 

Tenant

A tenant defines an administrative domain and is sometimes called a project. A tenant named “admin” is created by default. Any object created within the scope of the tenant is only available to members of this tenant. This includes Service Engines, network settings, virtual services, pools, and servers. Adding, editing, and removing any of these objects is transparent to all other tenants. 

An Avi CADP can be configured with up to 200 tenants. 

Role

A role defines a set of access rights to different resources related to Avi CADP services. Avi CADP provides pre-defined roles, such as “System Admin”, “Tenant Admin” and “Application Operator”. 

  • System Admin has a complete or write access to all resources of Avi CADP. A user with this role can create a new custom role.

  • Tenant Admin has a write privilege to resources available to the tenant.

  • Application Operator has a read-only privilege to part of resources available to the tenant.  

User

A user is an individual account that consists of login ID and password, and is mapped to a role and a tenant. A user can belong to multiple tenants, each with potentially different roles. A user must belong to at least one tenant. The “admin” user has a special privileges as it belongs to all tenants.

 

Topics: multi-tenants, multi-tenancy, tenants, admin

Subscribe to Email Updates

Recent Posts

Posts by Topic