Orion handles multi-tenant environments relatively well so long as you implement the proper design. No matter what product you use there will need to be some level of communication between the customer environment and the management system, this is the case with vFoglight as well as Orion.
You can have a secure environment yet still allow the monitoring system to communicate with the customer environment. One of the best ways to accomplish this is with a NAT box. For each customer environment setup a NAT box that does static translations for each customer IP to a different IP and only allows the monitoring system to communicate through the NAT. There is a SolarWinds blog article HERE that talks about this, see the NAT Based Deployment scenario though keep in mind that as long as you are using unique IP's you don't need to have a separate polling engine for each NAT box.
Hope this helps!