Multitenancy
Virtuozzo Hybrid Infrastructure uses the administrative hierarchy of domains and projects (tenants) with Role-Based Access Control (RBAC) to manage virtual objects of the compute cluster, such as virtual machines, volumes, and virtual networks. A domain is an isolated container of projects and users with assigned roles. Each project and user can only belong to one domain. A project is an isolated container of virtual objects with defined limits for virtual resources, such as vCPU, RAM, storage and floating IP addresses, and assigned users. A role is global and defines all of the possible tasks the user may perform at the level of the entire infrastructure, a specific domain, or project.
According to these levels, there are three user roles in Virtuozzo Hybrid Infrastructure: a system administrator, a domain administrator, and a project member. The following chart shows typical users with these roles working at service providers and enterprises, along with their workspaces: admin or self-service panels.
-
A system administrator can perform system administration tasks, depending on the assigned permissions and has access to the admin panel. This role also enables user and project management in the admin panel. Additionally, a system administrator with domain permissions can manage the Default domain in the self-service panel.
System administrators are usually infrastructure administrators of an SP or MSP, or the main IT department of an enterprise, depending on your business case.
-
A domain administrator is in charge of its domain in the self-service panel. A domain administrator can be assigned only to one domain and can manage virtual objects in all projects within this domain. This role also enables user and project management in the self-service panel.
Domain administrators are usually system administrators of an SP's or MSP's client, or the IT department of an enterprise subsidiary, depending on your business case.
-
A project member acts as a project administrator in a specific domain in the self-service panel. A project member can be assigned to multiple projects and can manage virtual objects in them.
Project members are usually end users of an SP's or MSP's client, or end users in an enterprise, depending on your business case.
Such an implementation provides an administrative environment with its own users and virtual objects, and ensures their isolation from other users and virtual objects.