The diagram in the Scope section of this use case shows how the fully-integrated VMware Integrated OpenStack Compute Node, Project and Tenant VDC, and NSX-T Data Center logical switches, and Tier-1 logical routers can be leveraged to provide a multitenant environment for VNF deployment. The Edge Pod hosts the NSX-T Data Center Tier-0 logical routers that are used as provider routers for external network connectivity. The NSX Manager is used to provision the Tier-0 Edge routers, while other networking components can be created by using VMware Integrated OpenStack.

The VMware Integrated OpenStack Projects and Tenant VDC represent tenants.

The CSP maps a vSphere compute cluster to a VMware Integrated OpenStack compute node, then for each tenant the CSP allocates and reserves resources by using the VMware Integrated OpenStack Tenant based constructs. Every Tenant VDC is associated with a resource pool within the compute cluster for resource guarantee.

The separation of network access between VMware Integrated OpenStack projects is important for multitenancy. VMware Integrated OpenStack integrates with the NSX Manager to create isolated layer 2 tenant networks. NSX-T Data Center Tier-1 logical routers allow tenants to route traffic between their tenant networks that are created by using the VMware Integrated OpenStack user interface.

The integrated design further helps the VMware Integrated OpenStack admin to create external IP networks for each project. Each tenant admin then attaches this network on a Tier-1 logical router by using SNAT to hide internal tenant networks. The external network on each project auto connects to a Tier-0 logical router on a separate network path then Tier-0 routers connect to the external physical network. This design choice restricts the access of the tenant admin to the Tier-1 router and creates easy connectivity to the provider router to carry tenant traffic without manual steps.