Multi-Tenancy in HP Matrix Operating Environment Infrastructure Orchestration
16
Multi-Tenancy and IO Template Design
In order for an IO template to be used for provisioning by members of an organization, there must be accessible
resources assigned to the organization. The following are necessary but not sufficient constraints.
Networks:
• In order to have one template assigned to multiple organizations, specify its networks by desired attribute.
o Define a set of networks and assign each to a different organization.
Hint: Use of a naming convention (e.g. mgmt-1, mgmt-2 etc.) with a unique substring will allow the
allocation process to be guided to select one of these networks.
Hint: The Service Provider Admin can use the new Display Name feature in version 7.3 to define
a more user friendly name for a network (shown in the interfaces along with the formal network
name).
o Create Templates that configure networks using “Specify desired attribute” rather than “Select a specific
network”
Hint: Use “Allocation Name Hint” to guide the automatic allocation process to choose networks
with the unique substring. Thus in the example set it to “mgmt-”.)
NOTE: Use of desired attributes means the user cannot customize the network information at the
time of service create; that feature is only available for customizable templates using named
networks.
o As users in each organization create infrastructure Services from these Templates, the networks will be
auto allocated using the one assigned to the user’s organization.
Be aware that the Allocation Name Hint setting is only a hint. Thus if there is no “mgmt-“ network
available for allocation then another network assigned to the organization will be selected. If none
is available then the Create request will fail.
• If a network is specified by name ensure that the network is assigned to the organization.
• By assigning a trunk network to an organization we get trunk level network separation NOT networks on the
trunk, because if an organization is assigned a template that contains a trunk network, organization users
may get unintentional access to more networks than the template allows, because the Matrix IO provisioning
process will NOT check that they have access to the trunk.
Example: Template contains LogicalTrunk1 composed of Red and Blue. Allocation manager picks the
physical network Trunk1 and connects it to the blade because Trunk1 carries Red, Blue and Green
organization users can now snoop Green, even though the template did not allow it.
Virtual Provisioning:
• Ensure that each Insight Control virtualization template or VMware template used in an IO Template is
accessible from at least one of the VM hosts and ESX resource pools assigned to the organization.
Physical Provisioning:
• Each deployable software item must be on a deployment server that uses a deployment network assigned to
the organization. Furthermore at least one of the blades assigned to the organization must be on the
deployment network.
Capacity Pools
IO allows the use of Capacity Pools. There are two types of Capacity Pool, viz. ESX Resource Pools and Cloud
Resources.
An ESX Resource Pool is a type of compute resource that is realized by a VMware Resource Pool. A Resource Pool is
an object in the Virtual Center inventory. It comprises a pool of CPU and memory for virtual machines and is used on
a standalone VMhost or in a VMcluster (group of VMhosts with shared storage). Note that IO does not support child
resource pools, i.e. the parent of an ESX resource pool must be either an ESX cluster or a standalone ESX host.
ESX resource pools are discovered and initially appear in the Service Provider Unassigned Pool. The parent ESX host
(or all the VMhosts in the parent cluster) must be licensed for VMM and IO; ESX resource pools that are parented by
unlicensed hosts are ignored. The parent of an ESX resource pool is shown in the Servers tab Group column.