4 Replies Latest reply on Dec 14, 2015 3:10 AM by carl.bassett

    Multi-Tenancy with a central NPM, NCP, NTA & IPAM

    carl.bassett


      Hi,

       

      Looking at deploying Solarwinds, NCM, NTA and IPAM in what is essentially a small multi-tenancy environment. I have seen a few documents on using a central NPM deployment and using NAT or policy based routing to mitigate duplicated address space and nodes with duplicated IP addresses in multiple customer networks. The documents I have found seem to be a few years old and both these options seem somewhat 'clumsy'. I am wondering if there is more up to date document that shows how Solarwinds supports multi-tenancy. To do it properly, EOC seems to be the answer with separate NPM deployments per customer but this is not cost competitive in software and hardware terms for us. I come from a solarwinds background (al-be-it single tenant deployments) but looking to make a case for going with a small multi-tenant solarwinds solution.

       

      I am particularly interested in how when using a central NPM with a small number of customer specific remote pollers, NCM, NTA and IPAM can deal with the duplicated IP address space and multiple nodes with an identical IP address duplicated across multiple customers. Can anyone point me in the direction of any useful documents or offer advice?

       

      cheers

       

      Carl Bassett.

        • Re: Multi-Tenancy with a central NPM, NCP, NTA & IPAM
          carl.bassett

          Just a bit of further info on this.

           

          It seems that  NCM, NTA and IPAM do not support multi-tenancy where duplicate address space exists across multiple customers. The recommendation from the Solarwinds Sales team is to use a separate NPM deployment with all the modules for each customer which is probably going to price the Solarwinds product set out of possible options for us.

           

          Regards,

          Carl

            • Re: Multi-Tenancy with a central NPM, NCP, NTA & IPAM
              Craig Norborg

              So, I guess I'm just wondering how you would expect something like this to even work?   The only way to even access multiple networks that are all using the same IP Address space would be to somehow NAT the duplicates, and that has its own host of problems you'd have to solve on its own.  Not to mention you'd have to do 1:1 NAT if you wanted something like IPAM to even have a chance of functioning.  And with Netflow packets you'd have to translate not only the address of the Netflow collector (ie: Orion), but you'd have to translate the addresses contained within the Netflow packets themselves or you would have major confusion in your Netflow reports.

               

              Have to say, I don't think this problem your describing with the Solarwinds product set would be unique to this software, I can't tell how any NMS would be able to accommodate that type of environment without some kind of translation application that would be protocol aware of at least SNMP and Netflow  and go way beyond what simple NAT translations normally do...

               

              Now, if you could write said piece as a separate application you could probably sell it to ANY customer that wants such a thing, regardless of what NMS they are using.   The problem with that I think is, the audience for such a piece of software would be fairly small that you'd probably have to charge enough to make it worth purchasing multiple copies of the NMS in the first place!!  :-)

              • Re: Multi-Tenancy with a central NPM, NCP, NTA & IPAM
                sja

                Hi Carl

                 

                In most cases its less expensive to clean up the duplicate IP den running duplicate setups.

                We run to the same problem in a large environment re numbering is the best way.

              • Re: Multi-Tenancy with a central NPM, NCP, NTA & IPAM
                carl.bassett

                Hi,

                 

                Thanks for the responses.

                 

                We currently use OpenNMS on both environments which report the events to a in house developed portal. Because the portal knows that each OpenNMS system belongs to a unique 'tenant', it stores the node with a specific tenant id so duplicated IP addresses are not a problem.

                 

                The problem with Solarwinds plus all of its modules is the cost of having to purchase multiple unlimited SLX licences instead of a single 'unlimited SLX' licence. The multi-tenant is driving the need for additional SLX licences which makes the solution more expensive than any of the alternatives being considered.

                 

                We have considered cleaning the duplicated IP address but this is again a fudge. It may be that next week/month/year another tenant comes on board bringing a new load of duplicated address space so any solution would need to support it out of the box.

                 

                The conclusion seems to be a separate NPM deployment for each tenant as recommended by Solarwinds Sales. The licencing (and additional kit for duplicated Solarwinds servers makes this a very expensive solution though but you get what you pay for.

                 

                Regards,

                 

                Carl