Secure Multi-Tenancy from VMware, Cisco, and NetApp

NetApp, Cisco, and VMware held a joint webinar to discuss a collaborative solution to provide a secure multi-tenant platform for solution providers.  The goal is to provide the benefits of shared infrastructure, particularly converting IT assets from expenses to strategic business opportunities, while at the same time maintaining the isolation, security, predictability, and quality of service that IT came to expect from their independent silos in traditional environments.

Before I get into a breakdown of what was discussed and how this solution can help offer the best of both worlds, I want to discuss how we got to this point and it all starts with virtualization and the need or want to consolidate infrastructure.  In the past, resources (compute, storage, network) were spun up when needed for a new application which led to each application existing in an independent, predictable silo of resources.  The advantage of the silo is that the application owners knew what to expect from the resources.  This unfortunately leads to inefficient utilization of those resources.  Businesses flocked to virtualization solutions because of the cost savings derived from less servers, storage, and networking equipment in the datacenter – less to manage, less to power and cool, higher utilization.  Then, solution providers in the cloud realized they could take this to the next level and host low-cost, shared infrastructure for their customers.  Virtualization promised to increase the utilization while still maintaining this separation but in reality we’ve come to understand that multi-tenancy needs further separation than just the fact that each customer has independent VMs.  Each customer feels a bit funny about having their VMs running on the same hosts, network, and underlying storage.  They want their silos.

Enter Secure Multi-Tenancy architecture from NetApp, Cisco, and VMware.  This solution combines the features of their solutions – Multistore, VN-Link, and vShields respectively – to allow cloud solution providers to offer the benefits of virtualization and the advantages of the traditional silos by segmenting the shared resources into discrete independently manageable resources.  For example, a provider can allocate separate logical storage systems or virtual storage appliances on a single NetApp system similar to how we create logical virtual machines on a single server.  Management access to these vFilers can even be granted to the customer to provision as they wish.  From the validated solution guide produced by Cisco:

“Providers can leverage NetApp MultiStore to enable multiple customers to share the same storage resources with minimal compromise in privacy or security, and even delegate administrative control of the virtual storage container directly to the customer.”

At first I began thinking that we are in this nasty circular back and forth between sharing virtualized infrastructure and the “siloing” of resources.  When indeed there needs to be a balance between the two and this appears to be a good start by these major players at achieving this balance.  There truly is a need to collaborate to make sure all layers of the stack are represented and operate well together.  Virtualization-aware solutions continue to open our eyes to new use cases and will continue to do so.  I just can’t wait for desktop virtualization to become as mature as server virtualization at which point we will see some remarkable capabilities.  Just think… shared virtual desktops that grant significant efficiencies to the solution providers and the security, segregation, and reliability demanded by the customers.

One thought on “Secure Multi-Tenancy from VMware, Cisco, and NetApp

  1. Great article!! I have to say I think the copy writer for Cisco “…minimal compromise in privacy or security…” should be in trouble – that just sounds like we’re already in a little trouble out of the gate.

    So now now we have virtual dedicated resources – care to coin a term? How about, VDR.

Leave a Reply