The management plane functions reside in an isolated management pod. These functions orchestrate resources and operations. They are local to each cloud instance to manage the infrastructure, virtual networks, and operations.

Resource isolation for compute and networking design are enabled together with vCenter Server, NSX Manager, and the VIM.

• The VIM provides the abstraction layers for multi-tenancy.

• vCenter Server furnishes the infrastructure for fine-grained allocation and partitioning of compute and storage resources.

• NSX-T Data Center creates the network virtualization layer. The concept of tenancy also introduces multiple administrative ownerships that require RBAC.

A communications service providers (CSP) provider administrator can allocate a resource pool for a tenant. The tenant can then manage the underlying infrastructure and overlay networking. In the VIM, multiple tenants can be defined with RBAC to control access to the compute and network resources and VNF onboarding. RBAC empowers you to implement the principles of least privileges and separation of duties in a hierarchy of tenants.

For security, the management pod and its functions are isolated from other elements of the telecommunication network, including the virtualized infrastructure.