Portworx Data Services Adds Multi-tenancy

Portworx Data Services Adds Multi-tenancy

In today’s cloud-native world, Database as a Service (DBaaS) platforms have become important for platform teams to enable data at scale without worrying about the underlying infrastructure. Portworx Data Services (PDS) builds on this need by providing as-a-service database delivery, empowering platform teams to deploy and operate databases seamlessly. As enterprises grow and adopt more complex data strategies, effective resource segmentation becomes a critical concern. Multi-tenancy has emerged as a key tactic to streamline and secure data management across disparate user groups and projects within a single platform. 

Portworx Data Services (PDS) introduced a new multi-tenancy feature in the 24.12.01 release that addresses this challenge by creating logical boundaries through “Organizations” and “Projects.” Organizations, introduced in PDS release 24.12.01, and Projects, available since PDS release 24.07.01, work together to provide granular control over user access, role-based permissions, and resource allocation. These capabilities are essential for large teams aiming to balance flexibility and security in managing multiple data workloads.

The PDS Multi-tenancy Model

The PDS tenancy model offers a clear structure for segmenting resources. At the top level is the account, where an account owner subscribing to the PDS control plane can create multiple tenants, known as Organizations.

Organizations provide a flexible multi-tenancy framework, enabling customers to set up separate entities tailored to their unique needs. Whether structured by business units, customers, or functional groups, Organizations allow PDS accounts to be divided into isolated segments, ensuring that work doesn’t overlap or interfere across tenants.

Within each Organization, a second layer of tenancy, called a Project, allows for further resource segmentation. For instance, if each Organization represents a business unit, Projects can correspond to specific applications or teams within that unit. Projects can contain Kubernetes clusters and namespaces, providing designated areas for database deployment and management.

It’s worth noting that in Portworx, a default organization and project are automatically created for every customer. This means users don’t need to set up multi-tenancy to get started. PDS is flexible, however, providing these additional layers of control, allowing customers to tailor their setup as their needs grow or become more complex. As a PDS account owner, you have permissions to create Organizations for your business. 

Creating a PDS Organization

From the organization menu, you can create a new Organization by selecting “Create Organization.”

The “New Organization” menu prompts you to add a name and description for the Organization.

Once the Organization is created, the next step is assigning an Organization Admin. The Organization Admin has permissions to create resources, such as cloud credentials, backup locations, and data service templates, as well as manage projects and add Kubernetes clusters. The Organization Owner can also invite users to join, giving them complete control over how the PDS tenant is utilized.

Upon receiving an invitation, users can log in to the PDS Organization with their email address and password, accessing the resources within their designated Organization.

Creating a PDS Project

Once an Organization is established, the Organization owner or admin can log in to manage their tenant. After authenticating with PDS, the user selects the Organization to log in to from a list of options based on their access rights. Here, let’s assume logging into the “BBQ” Organization, which is marked as the default for future logins.

Inside the Organization, the owner can create a new Project for teams who will be using this resource. On the “Create Project” screen, the Organization owner assigns a name, description, and selects Kubernetes namespaces for the Project. These namespaces are the specific locations within registered clusters where Project users can deploy data services.

The final step in project setup is assigning users to the Project. Projects have two distinct user roles: Project Admins and Project Users. Project Admins can add additional organization users to the Project and manage data service deployments within the Project. Project Users have limited permissions, allowing them to deploy and manage data services only into assigned namespaces.

The result provides segmentation at a granular level. Project-admins (left side) have full autonomy to manage resources within their specific projects. Meanwhile, the Organization-Admin (right side) oversees and manages resources across multiple projects, ensuring governance and consistency across the platform.

Summary

The introduction of multi-tenancy in Portworx Data Services marks a pivotal step forward in enabling flexible, secure, and scalable data management. With Organizations and Projects, PDS customers gain precise control over access, permissions, and resource segmentation, empowering teams to manage data workloads with confidence and agility. These new improvements allow administrators to manage critical aspects of the infrastructure but allow project-admins to make decisions for their own groups without having too many rights to affect the other business units. Like the screenshots below show, the Tenant Admin can build resources used at a lower abstraction level by Project-Admins to allow flexibility and autonomy without giving up all the control.