VMware NSX

 View Only
  • 1.  NSX-v multitenancy and administrator permission

    Posted Nov 05, 2019 07:08 AM


    I just saw this figure about the NSX-v multi-tenant design https://www.nts.eu/wp-content/uploads/2018/05/4-1.png

    and would like to know if the NSX datacenter is designed in such way for tenants to use,

    then, the detailed permission and right that covered NSX objects(such as ESG) should be configured in vSphere for each tenant administrator to restrict them in their domain?

    Since NSX-v does not have multi-tier routing and service/distributed router design, is it a big disadvantage?

  • 2.  RE: NSX-v multitenancy and administrator permission

    Broadcom Employee
    Posted Nov 05, 2019 09:21 AM

    Most likely this will fit for a service provider design , SP will have the full control on the Perimeter edge and tenants leverage their own set of routers . Scaling is also a factor that you should be well aware of , want to stick with default interfaces or sub interfaces ? Need overlapping subnet configurations with NAT? ,basic questions that should consider while doing such design. Last but on the least, when you do upgrades we will end notifying all the tenants considering the provider edge design same goes for any potential failures. May be you could use provider edge only for shared monitoring environment/design and steer the traffic to right appliances and you can have dedicated data traffic edges for tenants as well. I will not say NSX-v doesn't have multi tenancy ,we can certainly do it, but don't compare with NSX-T service router contexts