In a multiple-customer restricted deployment, ESX hosts are in the same datacenter and are used to serve applications for multiple customers. The site administrator maintains the hosts, and these hosts run a number of virtual machines dedicated to the customers. Virtual machines that belong to the various customers can be on the same host, but the site administrator restricts resource sharing to prevent rogue interaction.

Although there is only one site administrator, several customer administrators maintain the virtual machines assigned to their customers. This deployment also includes customer system administrators who do not have ESX accounts but have access to the virtual machines through the virtual machine console so that they can load software and perform other maintenance tasks inside the virtual machines.

Sharing for Components in a Multiple-Customer Restricted Deployment shows how you might handle sharing for the components you use and configure for the host.

Sharing for Components in a Multiple-Customer Restricted Deployment

Function

Configuration

Comments

Service console shares the same physical network as the virtual machines?

No

Isolate the service console by configuring it on its own physical network.

Service console shares the same VLAN as the virtual machines?

No

Isolate the service console by configuring it on its own VLAN. No virtual machine or other system facility such as vMotion must use this VLAN.

Virtual machines share the same physical network?

Partial

Put the virtual machines for each customer on a different physical network. All physical networks are independent of each other.

Network adapter sharing?

Partial

Isolate the service console by configuring it on its own virtual switch and virtual network adapter. No virtual machine or other system facility must use this switch or adapter.

You configure virtual machines for one customer so that they all share the same virtual switch and network adapter. They do not share the switch and adapter with any other customers.

VMFS sharing?

No

Each customer has its own VMFS partition, and the virtual machine .vmdk files reside exclusively on that partition. The partition can span multiple LUNs.

Security level

High

Open ports for services like FTP as needed.

Virtual machine memory overcommitment?

Yes

Configure the total memory for the virtual machines as greater than the total physical memory.

User Account Setup in a Multiple-Customer Restricted Deployment shows how you might set up user accounts for the ESX host.

User Account Setup in a Multiple-Customer Restricted Deployment

User Category

Total Number of Accounts

Site administrators

1

Customer administrators

10

System administrators

0

Business users

0

User Access in a Multiple-Customer Restricted Deployment shows the level of access for each user.

User Access in a Multiple-Customer Restricted Deployment

Access Level

Site Administrator

Customer Administrator

System Administrator

Root access?

Yes

No

No

Service console access through SSH?

Yes

Yes

No

vCenter Server and vSphere Web Access?

Yes

Yes

No

Virtual machine creation and modification?

Yes

Yes

No

Virtual machine access through the console?

Yes

Yes

Yes