While Managed Service Providers are used to providing multitenancy within a single data center location, this is often created using discrete hardware for each customer’s services, often with dedicated compute, storage, networking or security hardware with direct connectivity to dedicated, physical, WAN access CE routers. Similarly, the ESXi layer of each tenant is often managed from a dedicated VMware vCenter Server® instance. The following figure shows the basic tenant topology within a multitenant Managed Service Provider data center.

 

The introduction of cloud services allows a consolidation of that virtualization management layer into perhaps a single vCenter Server, managing compute hosts serving multiple customers. If the Cloud Service Provider is to offer rapid onboarding of new tenants, it is far quicker and more economical to share network hardware, too. In the past, sharing security hardware was possible, but required the provision of large, high capacity security appliances that could offer logical separation for each tenant, often in the form of virtual contexts or instances. However, the large capital outlay to provision such devices with capacity to scale to the number of tenants required, was a challenge for Cloud Service Provider business cases. VMware Cloud Service Providers now have the benefit of being able to provision dedicated security devices in the form of NSX Edge services gateways whenever they need to with the only proviso being that they capacity manage the underlying compute platform on which the services run, and the underlay network platform that connects the compute hosts together.

While the commercial benefits of sharing hardware are easy to see—increasing the utilization of hardware minimizes the amount of hardware that must be procured, deployed, and managed—it introduces the new challenge of providing logical tenant separation at all levels of the infrastructure stack. Creating separation at the vSphere layer might be straight forward, but extending that separation to the user interface or APIs is more complex. vCloud Director approaches this problem by abstracting the elements under its control away from the end user, instead providing them with a new graphical user interface for manual interactions and an API for machine interactions. It is important for the service provider architect to understand how the layers of a vCloud Director solution fit together and how actions at one layer are carried out in the other layers.

While the VMware software-defined data center (SDDC) model includes storage virtualization, the key layers that illustrate the move from Managed Services Provider to Cloud Services Provider and which are considered within this document are shown in the following figure.