4.3. Managing Special Deployment Scenarios
There are different types of consumers and different ways of organizing consumers. The simplest environment has physical machines grouped together in one single, homogeneous group, connecting to Red Hat's hosted content and subscription services. While this is an easy arrangement to maintain, it does not accurately describe many enterprise environments, which have a lively mix of physical and virtual machines, divided across disparate organizational units and even subunits within those organizations and accessing locally-controlled content and subscription services.
The first change is the ability to group systems into divisions and subdivisions. This is called multi-tenancy, the ability create unrelated groups beneath the primary umbrella account. Multi-tenant (or multi-org) structures are for infrastructures which may have multiple content repositories or subscription services, and systems within the organization need to be grouped according to access to those repositories and services.
The other part of heterogeneous environments is recognizing consumers other than physical machines. Two special consumer types are common: virtual guests and server domains. The difference between these consumer types and physical, single-machine consumers is only in the type of information that the Red Hat Subscription Service uses and stores — not in any special configuration or management tasks.
4.3.1. Local Subscription Services, Local Content Providers, and Multi-Tenant Organizations
As
Section 4.1.4, “Subscription and Content Architecture” outlines, the subscription service, content repository, and client tools and inventory all work together to define the entitlements structure for a customer. The way that these elements are organized depends on a lot of factors, like who is maintaining the individual services, how systems in the inventory are group, and how user access to the different services is controlled.
The most simplistic structure is the hosted structure. The content and subscription services are hosted by Red Hat, and all systems within the inventory are contained in one monolithic group. User access is defined only by Red Hat Customer Portal account access.
An alternative style of infrastructure is almost entirely local, with a local content server that provides locally-hosted content providers and an integrated local subscription service.
This allows the most control over how systems are grouped within the subscriptions/content. A customer's main account can be divided into separate and independent organizations. These organizations can use different content provider, can have different subscriptions allocated to them, and can have different users assigned to them with levels of access set per organization. Access control in this scenario is controlled entirely locally. The local content server, not the remote Red Hat Customer Portal, processes user authentication requests and applies local access control policies.
A system is assigned to one organization. Within an organization, there can be different environments which define access to product versions and content sets. There can be overlap between environments, with a system belonging to multiple environments.
When there is only one organization — such as a hosted environment (where the single organization is implicit) — then the systems all default to use that one organization. When there are multiple organizations, then the organization for a system to use must be defined for that system. This affects register operations, where the system is registered to subscription service and then joined to the organization. It also affects other operations tangentially. It may affect subscribe operations because it affects repository availability and subscription allocations, and it affects redeem operations (activation of existing subscriptions) because subscriptions must be redeemed from the organization which issued the subscription.
