Scribd
Upload
330 views10 pages

Multi-Tenancy With Vcloud Director and NSX-T

This document outlines steps to achieve secure multi-tenancy with vCloud Director and NSX-T. It discusses creating two tenants - Tenant A with two VMs and Tenant B with one VM. Network isolation is provided by NSX-T which introduces a two-tiered routing architecture at the provider and tenant levels. The steps create organizations, VDCs, logical switches, routers, and import networks to isolate the network resources and traffic of each tenant.

Uploaded by

Mudassir Iqbal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
330 views10 pages

Multi-Tenancy With Vcloud Director and NSX-T

This document outlines steps to achieve secure multi-tenancy with vCloud Director and NSX-T. It discusses creating two tenants - Tenant A with two VMs and Tenant B with one VM. Network isolation is provided by NSX-T which introduces a two-tiered routing architecture at the provider and tenant levels. The steps create organizations, VDCs, logical switches, routers, and import networks to isolate the network resources and traffic of each tenant.

Uploaded by

Mudassir Iqbal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Multi-Tenancy with vCloud Director and NSX-T

Leave a reply

This blog post walks through the steps on how to achieve secure multi-tenancy with vCloud Director and
NSX-T.  The below reference topology is used to show the network resource isolation. For example, as
shown below we will create 2 Tenants, Tenant A with two VMs and Tenant B with one VM.

Network isolation is achieved with the advanced networking capabilities of NSX-T Data Center that provides a
fully-isolated and secure traffic paths across workloads and tenant switch and routing fabric. As described
in Multi-Tenancy Design Objectives, NSX-T Data Center introduces a two-tiered routing architecture enabling
the management of networks at the provider (Tier-0) and tenant (Tier-1) tiers. As shown in reference topology
above, a provider routing tier is attached to the physical network for North-South traffic, while the tenant
routing context can connect to the provider Tier-0 and manage East-West communications. In vCloud
Director, each Organization VDC will have a single Tier-1 distributed router that provides the intra-tenant
routing capabilities.

 
Step1: From vCloud Director Admin Portal create two Organizations one for each Tenant, Tenant A and
Tenant B.

Step 2: Create two Organization VDCs one for each Tenant, Tenant A and Tenant B using the wizard as
follows:
Step 3: Create two Logical switches using overlay networks and two uplink logical switches using VLAN on
NSX-T one for each Tenants, Tenant A and Tenant B.
Step 4: Create two Tier-0 routers on NSX-T one for each Tenants, Tenant A (High-availability Mode as
Active-Active) and Tenant B (High-availability Mode as Active-Standby).

Step 5: Create two Tier-1 routers on NSX-T one for each Tenants, Tenant A & Tenant B.
Step 6: Create uplink router ports on NSX-T for each of the Tier-0 routers, for both Tenants, Tenant A and
Tenant B virtual machines to connect using the uplink logical switches created earlier.

Step 7:  Enable Route-Redistribution and create a new redistribution-criteria to allow the T0 & T1 sources for
each of the Tier-0 routers, for both Tenants, Tenant A and Tenant B.
Step 8: Create downlink ports for each of the Tier-1 routers which will be used as gateway for both Tenants,
Tenant A and Tenant B virtual machines using the logical switches created earlier.

Step 9: From the vCloud Director Tenant portals of each Tenants import the logical networks corresponding to
each Tenant created in NSX-T and add static IP Pools in that subnet.
Step 10: Create a new vApp for Tenant A by adding two virtual machines for each Tenants as per reference
topology.

Step 11: Add the networks imported from NSX-T into vApp.
Step 12: For each VM in vApp, edit the Network settings for VM-1 in Tenant A to select the newly added
network and Static IP pool we created earlier.

Step 13: Power on the vApp and repeat steps 9 -12 for Tenant B.

Step 14: Now verify the connectivity between virtual machines in Tenant-A. Results show a successful ping
between VM-1 and VM-2 in Tenant-A.

Step 15: Now verify the connectivity between virtual machines in Tenant-A and Tenant-B. Results show that
ping between VMs in Tenant-A and VM in Tenant-B fails confirming secure multi-tenancy between the
Tenants.
Detailed step by step demos can be found on the Telco YouTube channel:

This entry was posted in NFV Deployments, Telco, Telco NFV, VMware vCloud NFV on May 15, 2020 by mmahmoodi.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy