6 Replies Latest reply on Aug 27, 2011 2:32 PM by rsprim

    Multi-tenant Orion

    byrona

      Ultimately I would like to see Orion and by association all related modules become a multi-tenant solution.  This would include a permission system and restriction system that would allow for setting up environments unique to each organization or group of users.  Having the ability to put organizations in a restricted environment in Orion with the option to control their ability view only or even add systems, monitors, etc.

      This functionality would be nice for both internal departments as well as external customers.  One product that does a very good job of this is ScienceLogic EM7.  With not many products in the market offering powerful multi-tenant capabilities this would certainly set Orion apart from the rest in this regard.

        • Re: Multi-tenant Orion
          Paul_Westhead

          Hi Byrona,

          I think we have implemented something similar to what you are describing with View limitations, poller seperation and AD groups.

          We have a group of views that certain users can see and have those users grouped by AD group.

          Is this similar to what you are talking about?

          Maybe I am just missing the point?

            • Re: Multi-tenant Orion
              byrona

              I would be interested in hearing more about your specific configuration for this, specifically the poller separation part.

              We are using Orion in a multi-tenant setup now using account limitations.

              What I am looking for with this request is progression toward a very robust multi-tenant environment where I can define organizations, assign administrators within an org. and then they can create and manage users, systems, alerts, etc within the limitations of their org.

                • Re: Multi-tenant Orion
                  Paul_Westhead

                  Hi Byrom,

                  How we do it is as follows:

                  AD group called 'Domain/Department_Admin'

                  This user then has the ability to add and remove devices within there own department but not within any one elses.  This is limited using an account limitation.

                  The challenge that we haven't nailed as of yet is as follows:

                  We can't limit there Administrative rights for adding and removing users to there users only.

                  We can't limit them to a specific poller.

                  We can't give them administrative rights to views that are specific to that department.

                  So in summary - We can limit what they can get to but we are having to allow them admin back end based on trust they won't edit users and the rights.  We can however stop them editing other departments nodes.

                    • Re: Multi-tenant Orion
                      byrona

                      While I appreciate your suggestion, this doesn't allow the true multi-tenancy functionality I am looking for.

                      We are poised to sell a ton of monitoring services using Orion thus requiring us to purchase more product from SolarWinds.  We just re-launched our website which contains an entirely new service catalog and one of the core services is our Monitoring with our 24x7x365 NOC.  We are in customer engagements multiple times a week where monitoring services are on the table.

                      What I am trying to say is that if Orion would beef up the multi-tenancy functionality, specifically allowing me to have more control over what I can restrict customers to see (across all modules) then we could be selling a lot more of this stuff.  Customer see it and really want it, I would like to be able to provide it.

                      Please SolarWinds, help me out here!

                        • Re: Multi-tenant Orion
                          Network_Guru

                          Agreed.

                          Also AD integration only works for internal groups.
                          If a customer is accessing Orion over the Internet, then using AD integration is not an option, unless the Orion server joins the customer's domain internally somehow.
                          Most companies would not allow this in any case.

                          • Re: Multi-tenant Orion
                            rsprim


                            Please SolarWinds, help me out here!

                             



                            I wish SolarWinds would help us all out.  This is functionality we need as well.  It would definitely take a lot of the workload off of me if I could dole out admin functions to individuals in specific groups and they didn't have the same admin rights that I have.  

                            The other piece that i don't think was mentioned was the ability to determine what an Administrator has done on the system.  I would like some log kept of everything an Administrator does on the system.

                            Regards,

                            Robert