Using Commander in a Multi-Tenant Environment

Multi-tenancy is the principal technology that clouds use to share IT resources cost effectively and securely. An apartment building is a useful analogy. Many tenants in an apartment building share the common infrastructure of the building, but walls and doors give them privacy from other tenants. Likewise, a cloud uses multi-tenancy technology to share IT resources securely among multiple applications and tenants (such as businesses and organizations) that use the cloud.

Multi-tenancy often divides users into two groups: producers and consumers. Producers are those who provide service to consumers — typically an IT organization within an enterprise, or an IT service provider. Producers configure a multi-tenant cloud model using the Commander console. Consumers manage their IT assets and request additional cloud services using the Service Portal.

Commander allows you to configure fine-grained access control for both producers and consumers. The Superuser and Administrator roles allow producers to configure multi-tenancy in the Commander console, while various Service Portal roles ensure that consumers can see and do only what you allow.

Organizations: The basis of the Commander multi-tenant model

An organization is just a group of consumers with a common business purpose. Organizations allow you to:

  • segregate data for your consumer groups
  • delegate administrative tasks to consumers
  • set up distinct cloud automation configurations for your consumer groups

Distinct configuration through organizations

Organizations allow you to set up completely distinct configurations for your consumer groups. In the multi-tenant Commander model, the entire service request process is unique to each organization.

You assign service ownership at the organization level (ownership can be assigned automatically during provisioning). You can also configure the following capabilities per organization:

  • Resource-based and cost-based quotas
  • Service catalog entries
  • Service request forms
  • Service request approval workflows
  • Deployment destinations
  • Service ownership
  • Command workflows
  • Usage-based service cost allocation
  • Media library
  • Maintenance window

Delegated administration through organizations

You can optionally delegate administrative tasks to one or more organization managers, allowing you to lighten the load on the Commander administrator.

Typically the person responsible for a business unit, the organization manager has extended permissions for managing an organization's members and assets. You can tailor these permissions to the technical abilities of your organization managers.

The tasks that can be delegated through permissions include:

  • adding and removing members
  • modifying members' roles
  • assigning the primary contact for an organization
  • managing the media library
  • assigning quotas to members
  • approving members' service requests
  • monitoring quota usage

Getting started with Commander multi-tenancy

For new installations of Commander, start here:

Now you're ready to configure the other aspects of the Commander multi-tenant model. The order of these steps is not important.

See Walk-through: Configuring Organizations for an end-to-end example.