Profile objects in the admin tenant are shared across all tenants in the system. This includes objects visible under the Templates section of the NSX Advanced Load Balancer UI such as Health Monitor, Application Profile, SSL Profile, Network Profile, PKI Profile, and so on.
The NSX Advanced Load Balancer defines a set of system default profiles as a part of the installation. Though these objects can be edited, they can neither be renamed nor deleted. In addition to these profiles, the administrator can create, edit and delete custom profile objects suited to their specific deployment. Both the system default profiles and any custom profiles that are created in the admin tenant are automatically shared across all the tenants in the system. Tenants are able to view and use these profiles, but cannot delete the shared admin profiles.
Tenants can chose to override the default profile parameters to that which best suits their application deployment. A tenant can do this by either editing the shared admin profile or creating new custom profiles under their tenant context. Editing the shared admin profile creates a copy-on-write effect, such that a new profile with the same name (but a different UUID) is created in the specific tenant’s context. Making changes to this profile object does not affect other tenants in the system. Deleting such a profile created using copy-on-write brings the shared admin profile back into the tenant context.
The following example demonstrates the sharing functionality.
Navigate to
. In the Application Profile page, a couple of custom profiles have been created by the administrator. Note that the default profiles (System-xxx) cannot be deleted (check box is disabled for selection), but the custom profiles can be selected for deletion (adjacent check box can be selected).In the context of tenant avidev, though the shared admin profiles are visible, none of the profiles can be deleted.
By clicking the edit icon, tenant avidev edits the System-HTTP and Custom-HTTP profiles.
The formerly disabled check boxes turn selectable, indicating that the profiles have undergone a copy-on-write operation and can now be selected for deletion.
Tenant avidev deletes the System-HTTP and Custom-HTTP profiles. The shared admin profiles are now visible and cannot be deleted.