Admins can choose to deploy NSX Advanced Load Balancer in one of three levels of isolation modes with respect to tenancy.

  • Provider/ Admin Tenant mode: All the Service Engines and configurations will reside in the ‘admin’ tenant. Provides least isolation.

  • Config isolation Tenant mode: All the Service Engines will reside in the ‘admin’ tenant and are shared across the configured Tenants. Configurations will be scoped under each configured Tenant

  • Config and Data isolation Tenant mode: The Service Engines as well as configuration will be scoped under each configured Tenant. Provides most isolation.

Reference examples of providing isolation through tenancy is to create a unique tenant for:

  1. Each VI workload domain that the NSX Advanced Load Balancer provides load balancing services for.

  2. Each line of business that the NSX Advanced Load Balancer provides load balancing services for.

  3. Each of development, testing, production areas where the NSX Advanced Load Balancer provides load balancing services for.

Table 1. Design Decisions for creating a Tenants for isolation on the VMware NSX Advanced Load Balancer for the VMware Cloud Foundation

Decision ID

Design Decision

Design Justification

Design Implication

AVI-CTLR-012

Create tenants to provide desired level of isolation for the VMware Cloud Foundation.

Note:

NSX Advanced Load Balancer - Basic Edition does not provide tenant isolation.

Provides required level of configuration and data plane isolation for workloads.

Additional Service Engine resources might be required.