Re: Advantages of Configuring Tenants. (721 Views)
Reply
Respected Contributor
Bharath M R
Posts: 410
Registered: ‎03-10-2010
Message 1 of 12 (859 Views)
Accepted Solution

Advantages of Configuring Tenants.

Hi all,

 

           Please let me know the advantages of Tenants , i want to know, when security groups are there .. what 

is the advantage of configuring tenants.

 

 

 

Thanks,
Bharath
Valued Contributor
ARUNPRAKASH
Posts: 119
Registered: ‎01-27-2011
Message 2 of 12 (855 Views)

Re: Advantages of Configuring Tenants.

Hi Bharath,

 

We can assign separate group devices to separate users. 

In a single NNMi server, we can do monitor separate groups and assign devices to the users with multi tenancy.

 

Cheers..!

Arun  :) 

Respected Contributor
Bharath M R
Posts: 410
Registered: ‎03-10-2010
Message 3 of 12 (852 Views)

Re: Advantages of Configuring Tenants.

[ Edited ]

hi..

 

 

  yes correct , i know that.. but what exactly "Tenant" Concept differs from "Security" group configuraton  ???.

Thanks,
Bharath
Regular Advisor
Navarath
Posts: 88
Registered: ‎06-27-2011
Message 4 of 12 (837 Views)

Re: Advantages of Configuring Tenants.

I guess both are one & the same.

 

You can get tenants concept using  Security Groups configuration.

 

 

Good Luck!!!

Occasional Contributor
syeds
Posts: 6
Registered: ‎04-13-2012
Message 5 of 12 (835 Views)

Re: Advantages of Configuring Tenants.

Hi,

 

Can we grant admin rights to these security group users as well so that they can manage there own devices separately.

 

Regards,

SYED

Honored Contributor
AndyKemp
Posts: 751
Registered: ‎05-17-2010
Message 6 of 12 (751 Views)

Re: Advantages of Configuring Tenants.

Oh they are not the same.  Security addresses which out of a user group can do what to which devices, while tenants is more along of the lines of what devices/events are visable to which customer, logical topology is limited to individual tenants, not security groups.

 

Think of multitenancy along the lines of a service provider running a single instance of the application but providing vuisibility to each customer of only thier nodes, how they are connected to each other, and only events concerning those devices.

Have a nice day :)

Andy Kemp,  CISSP
HP Expert
fariassolis
Posts: 750
Registered: ‎03-13-2012
Message 7 of 12 (747 Views)

Re: Advantages of Configuring Tenants.

Hello Baharat

 

How are you doing , I hope everything is going well on your end, for tracking purposes , I was wondering if this thread was already answer if yes please mark as accepted solution.

 

Please visit our new customer forum if you have a valid SAID  support contract at the following link.



http://h30499.www3.hp.com/t5/Network-Node-Manager-Support/bd-p/network-node-mgr-support-cust-forum#....



HP Support

The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of HP

If you find this or any post resolves your issue, please be sure to mark it as an accepted solution.

Honored Contributor
Ian_4
Posts: 3,738
Registered: ‎10-04-2000
Message 8 of 12 (739 Views)

Re: Advantages of Configuring Tenants.

Tenants:   The NNMi tenant model adds the idea of an organization to the security configuration. Each node in the NNMi topology belongs to only one tenant. The tenant provides logical separation in the NNMi database. Object access is managed through security groups.

 

For each node, the initial discovery tenant assignment occurs when the node is first discovered and added to the NNMi database. For seeded nodes, you can specify the tenant to assign to each node. NNMi assigns all other discovered nodes (those included in an auto-discovery rule but not seeded directly) to the Default Tenant. An NNMi administrator can change the tenant for a node at any time after discovery.

 

Each tenant definition includes an initial discovery security group. NNMi assigns this initial discovery security group to the node along with the initial discovery tenant. An NNMi administrator can change the security group for a node at any time after discovery

 

The NNMi Tenant Model: The NNMi tenant model provides strict segregation of topology discovery and data into tenants, also called organizations or customers. This model is appropriate for use by service providers, especially managed service providers, and large enterprises. The NNMi tenant model has the following benefits:

- Marks the organization to which each node belongs.

- Provides for filtering the Nodes (All Attributes) inventory view and Network Performance Server reports by tenant and security group.

 

- Meets regulatory requirements for separating operator access to customer data.

 

- Simplifies the configuration and maintenance of node groups that align with the tenant configuration.

- Simplifies configuration of NNMi security.

- Provides for management of overlapping address domains when address translation protocols are used.

 

Use NNMi multi-tenancy to provide different customer views for a service provider that has multiple customers (tenants) managed from the same NNMi management server.

 

Security Groups: In the NNMi security model, user access to nodes is controlled indirectly though user groups and security groups. Each node in the NNMi topology is associated with only one security group. A security group can be associated with multiple user groups. Each user account is mapped to the following user groups:

One or more of the following preconfigured NNMi user groups:

 

- NNMi Administrators

- NNMi Global Operators

- NNMi Level 2 Operators

- NNMi Level 1 Operators

- NNMi Guest Users

 

This mapping is required for NNMi console access and determines which actions are available within the NNMi console. If a user account is mapped to more than one of these NNMi user groups, the user receives the superset of the permitted actions.

 

Hope this helps.

Respected Contributor
Bharath M R
Posts: 410
Registered: ‎03-10-2010
Message 9 of 12 (732 Views)

Re: Advantages of Configuring Tenants.

[ Edited ]

Thanks   Andy,  Ian

 

  But,

 

          NNMi can even limit access to  map, node,  event..  access through security configuration. A user can access the nodes which are in different security groups too.

 

         So with only security NNMi can segregate maps .. etc

 

         Is Tenant configuration is only for assigning security groups in initial discovery ??

         Can NNMi have different admin for different tenant ?? think not !

        

@ Ian :

        "The tenant provides logical separation in the NNMi database. Object access is managed through security groups."

 

 - Any advantage of having logical separation in NNMi db ?

 

 

Thanks,
Bharath
Honored Contributor
AndyKemp
Posts: 751
Registered: ‎05-17-2010
Message 10 of 12 (723 Views)

Re: Advantages of Configuring Tenants.

It seperates topology... there is a seperate topology instance in the database for each tenant so impact analysis and root cause analysis is seperate for each instance.

Have a nice day :)

Andy Kemp,  CISSP
Honored Contributor
Ian_4
Posts: 3,738
Registered: ‎10-04-2000
Message 11 of 12 (721 Views)

Re: Advantages of Configuring Tenants.

In a multi-tenancy environment, each user account can be mapped to one or more custom user groups that provide access to a subset of the topology objects.  The idea is to deploy NNMi to Service Providers (SP), SP will use tenant to create node groups for monitoring and events configuration of a per tenant (per customer) so you can use NNMi to securely manage multiple customer networks form one NNMi system see  http://www.topsession.net/topsession-channel/viewvideo/3229/hp/introduction-to-nnmi-910-multitenancy for more information. 

 

Hope this helps.

Respected Contributor
Bharath M R
Posts: 410
Registered: ‎03-10-2010
Message 12 of 12 (703 Views)

Re: Advantages of Configuring Tenants.

Hi  Ian, Andy

 

                    Thank you very much for your time.

 

I just want to add some more points to thread from the documents,

 

NNMi administrators use Tenant settings to accomplish the following:

 

l.  Identify overlapping address domains in your network so NNMi can avoid duplicate address

problems. An unique Tenant is required for each group of devices configured to use any of the

following address translation protocols:

 

Static Network Address Translation (NAT)

Dynamic Network Address Translation (NAT)

Dynamic Port Address Translation (PAT/NAPT)

 

2. You can manage groups of Nodes even when deployed Subnets conflict within your network management domain. Nodes within a Subnet can belong to different Tenants. NNMi calculates each Tenant's Subnets independently.

 

3. If you configure a Subnet Connection Rule, the rule independently applies to each Tenant.

 

4. Conveniently assign an Initial Discovery Security Group to Seeds before discovery.

 

5. Create Node Groups based on Tenant attribute values. -cia.securityGroup.name

 

6. Configure Incidents based on Tenant attribute values.  - cia.tenant.name

Thanks,
Bharath
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.