Headline:
DHCP Server ,DHCP Relay services which are configured from the Morpheus tenant role should have Group level/Tenant level isolation.
Description:
As a Morpheus tenant user, I am facing difficulty to isolate the NSX-T DHCP server, DHCP Relay services which are configured. I didn’t find a way to isolate the DHCP objects with respect to a tenant, rather it is visible to all the tenants who are under the same NSX-T manager.
We believe this problem will be solved if we have a Group/Tenant level isolation. Currently Morpheus will support this isolation in "Infrstructure:Networks , Infrastructure:Routers cases. So It would be good if Morpheus can implement similar tenant level architecture in case of NSX-T DHCP services as well.
Example/Use case(s):
Model:
-
Master tenant who used to onboard cloud (Vmware) and NSX-T
-
Each Tenant will have dedicated cloud
-
I am using same NSX-T manager for all the tenant networking, but while integrating to Morpheus I will assign the respective tenant cloud onboarded.
Note: We have tested this multi tenant architecture from Morpheus and it is working as expected in case of NSX Networks , Routers and NSX firewalls. But in case of DHCP Services it is broken.
Use case:
-
Create 2 tenants
-
Onboard cloud from Master and assign to appropriate Tenant(In backend it is a single Vcenter with Multiple resource pool created, here 2 Resource-pool for 2 tenants)
Cloud-1 to Tenant-1
Cloud-2 to Tenant-2 -
Onboard NSX-T manager from Master and assign to tenants (Same NSX-T manager, only the cloud assignment is different here with respect to tenant)
Tenant-1------- NSX-T integration points to "Tenant1-Cloud "
Tenant-2------- NSX-T integration points to "Tenant2-Cloud " -
Login as Tenant-1 and Create NSX-T DHCP server from Network integration page
-
Check the DHCP Server visibility from Tenanat-2