How to enable access between tenants?

asked 2014-10-31 08:06:20 -0600

mikemowgli gravatar image

Hello,

I'm building a private cloud in which I'd like Application Server instances from separate tenants to access the same unique cloud-wide Galera cluster (which would have its own tenant).

I'm wondering what the best network topology would be to achieve this. The constraint is that tenant A Application Server instances should not see Tenant B App Servers. - should I go with a per-tenant router topology? and assign 2 NICs to App Server instances: first one in their tenant network, second one in Galera cluster tenant? is that possible? - should I go with one router for all tenants? - should the Galera cluster only be accessed from its floating IPs in order to avoid all communication between tenants?

Am I missing something?

Your architectural thoughts are welcome.

thank you,

cheers,

michaël

edit retag flag offensive close merge delete

Comments

Why different tenants? Are these different server groups forming the same app? If so they should be in the same tenant, but in different networks, with security groups to define the allowed traffic between the networks. Different tenants would communicate via the external network.

Assaf Muller gravatar imageAssaf Muller ( 2014-11-09 04:05:30 -0600 )edit

No, they don't form the same app. Those are various apps, which I'd like to share the same DB servers in order to consolidate the infrastructure. I think the best option would be create a shared (but private) provider network that will host the Galera cluster instances.

mikemowgli gravatar imagemikemowgli ( 2014-11-17 08:37:22 -0600 )edit