Oh they are not the same. Security addresses which out of a user group can do what to which devices, while tenants is more along of the lines of what devices/events are visable to which customer, logical topology is limited to individual tenants, not security groups.
Think of multitenancy along the lines of a service provider running a single instance of the application but providing vuisibility to each customer of only thier nodes, how they are connected to each other, and only events concerning those devices.
Have a nice day :)
Andy Kemp I've lasted longer in the technology industry than most certifications.
Tenants: The NNMi tenant model adds the idea of an organization to the security configuration. Each node in the NNMi topology belongs to only one tenant. The tenant provides logical separation in the NNMi database. Object access is managed through security groups.
For each node, the initial discovery tenant assignment occurs when the node is first discovered and added to the NNMi database. For seeded nodes, you can specify the tenant to assign to each node. NNMi assigns all other discovered nodes (those included in an auto-discovery rule but not seeded directly) to the Default Tenant. An NNMi administrator can change the tenant for a node at any time after discovery.
Each tenant definition includes an initial discovery security group. NNMi assigns this initial discovery security group to the node along with the initial discovery tenant. An NNMi administrator can change the security group for a node at any time after discovery
The NNMi Tenant Model: The NNMi tenant model provides strict segregation of topology discovery and data into tenants, also called organizations or customers. This model is appropriate for use by service providers, especially managed service providers, and large enterprises. The NNMi tenant model has the following benefits:
- Marks the organization to which each node belongs.
- Provides for filtering the Nodes (All Attributes) inventory view and Network Performance Server reports by tenant and security group.
- Meets regulatory requirements for separating operator access to customer data.
- Simplifies the configuration and maintenance of node groups that align with the tenant configuration.
- Simplifies configuration of NNMi security.
- Provides for management of overlapping address domains when address translation protocols are used.
Use NNMi multi-tenancy to provide different customer views for a service provider that has multiple customers (tenants) managed from the same NNMi management server.
Security Groups: In the NNMi security model, user access to nodes is controlled indirectly though user groups and security groups. Each node in the NNMi topology is associated with only one security group. A security group can be associated with multiple user groups. Each user account is mapped to the following user groups:
One or more of the following preconfigured NNMi user groups:
- NNMi Administrators
- NNMi Global Operators
- NNMi Level 2 Operators
- NNMi Level 1 Operators
- NNMi Guest Users
This mapping is required for NNMi console access and determines which actions are available within the NNMi console. If a user account is mapped to more than one of these NNMi user groups, the user receives the superset of the permitted actions.
In a multi-tenancy environment, each user account can be mapped to one or more custom user groups that provide access to a subset of the topology objects. The idea is to deploy NNMi to Service Providers (SP), SP will use tenant to create node groups for monitoring and events configuration of a per tenant (per customer) so you can use NNMi to securely manage multiple customer networks form one NNMi system see http://www.topsession.net/topsession-channel/viewvideo/3229/hp/introduction-to-nnmi-910-multitenancy for more information.
I just want to add some more points to thread from the documents,
NNMi administrators use Tenant settings to accomplish the following:
l. Identify overlapping address domains in your network so NNMi can avoid duplicate address
problems. An unique Tenant is required for each group of devices configured to use any of the
following address translation protocols:
Static Network Address Translation (NAT)
Dynamic Network Address Translation (NAT)
Dynamic Port Address Translation (PAT/NAPT)
2. You can manage groups of Nodes even when deployed Subnets conflict within your network management domain. Nodes within a Subnet can belong to different Tenants. NNMi calculates each Tenant's Subnets independently.
3. If you configure a Subnet Connection Rule, the rule independently applies to each Tenant.
4. Conveniently assign an Initial Discovery Security Group to Seeds before discovery.
5. Create Node Groups based on Tenant attribute values. -cia.securityGroup.name
6. Configure Incidents based on Tenant attribute values. - cia.tenant.name