Documentation forOrion Platform

Deploy the Orion Platform in a multi-tenant way

This topic applies to all Orion Platform products.

You can deploy the Orion Platform as a single instance that runs on a server and serves multiple client organizations (clients). This type of deployment is designed to virtually partition the data and configuration, so that each client organization works with a customized virtual application instance.

Why go multi-tenant?

  • One-platform serving multiple customers means cost savings
  • Easier release management - upgrade, database backups, or high availability need to be done only once.

Before you begin

  • Configure what the user sees: You need to configure the Orion Platform so that a customer can safely log in to the Orion Web Console and get a view limited to their IT resources, even though they are supported by a multi-tenant platform with other customers.
  • Consider how you want to deploy the monitoring system - deploy it centrally and use additional polling engines for polling individual customers, or deploy an instance of the Orion Platform to each customer and view all data in the Enterprise Operations Console?

Configure what users see

What's the difference between view and account limitations?

Let's take a look at limitations using an example. Imagine you have two customers - US customer and EU customer.

View limitations

US Customer EU Customer
You create US_user for the US customer. You create EU_user for the EU customer.
You create a US_view and assign it to the user. You create a EU_view and assign it to the user.

You limit US_view to Chicago_router and Austin_router.

You limit EU_view to Frankfurt_router and London_router.

In this case, if the US_user figures out the URL for the EU_View (for example because of logical naming conventions), then the user can also see information for Frankfurt_router and London_router. To prevent this, use account limitations.

Account limitations

US Customer EU Customer
You create US_user for the US customer. You create EU_user for the EU customer.
You create a US_view and assign it to the user. You create a EU_view and assign it to the user.

You limit US_user to only access Chicago_router and Austin_router.

You limit EU_user to only access Frankfurt_router and London_router.

Using Account Limitations, the US_users will not see any nodes on the EU_view, even if they figured out the view URL.

Different Orion Platform products may process the limitations in a different way. To learn more, see the Administrator Guide for your products.

Set up multi-tenant deployment

Consider the following options of dealing with duplicated IP addresses: NAT and EOC deployments.

NAT-based deployment

Deploy a Network Address Translator (NAT) to translate customer domain addresses so that they are all unique from the Orion Platform perspective.

This makes the identification of managed devices more complex because the translated IP’s don’t necessarily make sense in report readers. To address this, consider creating custom properties with IPs or node names and displaying these instead of the translated IPs. Custom properties are not affected by any translation.

EOC deployments

You can deploy a full instance of Orion Platform products for each customer and get information about all of them consolidated in the Enterprise Operations Console.