🗂 Tenant Management
Multi-tenancy is a cornerstone of cloud computing. It allows different customers of a cloud computing provider to share the same physical cloud infrastructure while maintaining strong isolation and security guarantees between tenants. Correctly leveraging the tenant isolation primitives like Accounts (AWS), Subscriptions (Azure) or Projects (GCP) is therefore very important to build a strong foundation for cloud security.
Tenant management is not only important for cloud security. It’s also the fundamental “entry point” into the cloud platform’s control plane for every operation. Whether you’re deploying new cloud resources, configuring IAM or reviewing resource consumption with the platform’s reporting features, the tenant is always part of the operation’s context.
Key Activities in Multi-Cloud Tenant Management
Multi-Cloud Tenant Management involves the following key activities and capabilities
Establish processes for Tenant Provisioning and Tenant Deprovisioning / Decommissioning
Define your organization’s Resource Hierarchy
Build a database of cloud tenants according to your organization’s needs starting with a simple Cloud Tenant Database as the minimum
Establish a process for building and applying landing zones, e.g. Modular Landing Zones
As the cloud foundation approach is all about integrating the capabilities of its constituent pillars, the Tenant Management pillar has several important links to other cloud foundation capabilities
- As the tenant is a fundamental entry point into the cloud, controlling access to the cloud at tenant-level is a key consideration for a multi-cloud Resource Authorization Management
Tenant databases need to provide necessary metadata to enable Cloud Tenant Tagging and Cloud Resource Tagging for compliance purposes
The tenant management process needs to identify the responsible security contact for each cloud tenant, which is an important prerequisite for establishing an Incident Management Process and informing the right stakeholders about the results of Resource Configuration Scanning
- Tenant management process needs to identify the responsible cost owners so that the organization can leverage Chargeback via consumption cost allocation and Monthly cloud tenant billing report for cost owners
- The concept of an “internal customer” that can order cloud tenants seamlessly extends well into also enabling that same customer to provision services from the service ecosystem. This is also a key requirement when adopting a Modular Landing Zones approach that provides baseline configurations for cloud tenants that customers can then extend with additional services
Designing a Multi-Cloud Tenant Management Strategy
Especially when considering a multi-cloud scenario, cloud foundation teams need to design a tenant management strategy that they can implement consistently across all cloud platforms.
Cloud Tenant Management Guide
Learn more about the organizational needs driving cloud tenant database requirements in the "Cloud Tenant Management Guide - what you need to know in 2021" guide.Learn More →
Key Stakeholders for Multi-Cloud Tenant Management
Cloud Tenant Management is an “original responsibility” of cloud foundation teams. Other Cloud Foundation Pillars like 🔐 IAM or 💵 Cost Management often have existing stakeholders in an IT organization responsible for their respective core activities. Tenant management however is a “new” requirement that arises out of cloud adoption specifically.
Nonetheless, many IT organizations already have encountered similar challenges. For example, IT Service Management requires the notion of an “internal customer”. The “internal customer” is a key concept and any stakeholders involved in their definition like Enterprise Architecture Boards, ITSM, or CMDB teams are important key stakeholders to the cloud foundation team.
Inside the cloud foundation team, there are often different platform specialists or even platform owners focusing on different platforms each. In order to avoid “platform silos” (see Approaches to building a Cloud Foundation section “Platform by Platform”), it’s very important that the cloud foundation team aligns the tenant management processes across all cloud platforms.
Additional stakeholders to the tenant management process are security and compliance as well as cost management stakeholders, as cloud tenant structure and cloud tenant metadata are key enablers for cloud management activities in their domains.