ControlUp Community

Connect, Learn, and Grow

Implementing Multi-Tenancy for Managed Service Providers in ControlUp

Posted on

A user asked who had successfully implemented multi-tenancy as a managed service provider in order to replace LogicMonitor. It was suggested to open bidirectional port 40706 between each tenant and the user’s data center, and to set up certificate-based authentication. The user was advised to use ‘MSP mode’ and use the cert to see the parent organisation. Links to documentation were provided.

Read the entire ‘Implementing Multi-Tenancy for Managed Service Providers’ thread below:

Hi Everyone! I am new to the Slack community and wanted to know who has successfully implemented multi-tenancy as a managed service provider? We are looking to replace LogicMonitor, and we can setup each customer separately as their own organization, but the issue remains when you want to switch between customer environments. I have access to every customers firewall etc, so in theory I could setup communication back to my datacenter, but I wanted to see if anyone else has done this. Thanks!

Here is the networking requirement. Bi-directional 40706 between each tenant and your data center. DNS resolution is also needed between those servers but you can fake that with host files. If you can get that port open bidirectional then its no problem at all.

oh nice! good to know on host files. so would I want to resolve the dns to the local ip of that monitor? or I guess the domain controller?

in the host file that is

monitor monitor

right ok sweet

So each tenant needs a hostfile with the management and the management needs all of them.

right, ok that makes sense.

so from the CU org level, I should just use the doc that talks about this with cert level auth right?

https://support.controlup.com/v1/docs/certificate-based-console-and-monitor-authentication

https://support.controlup.com/v1/docs/controlup-for-multi-tenancy-environments#architecture-overview

these two?

Yes. Setup cert-based auth and export the key. Deploy the monitors in the management after setting up cert auth.

awesome!

and "sites" for all tenants?

and I assume all "sites" can be seen in app.controlup.com under the same Mangement tenant?

Change the settings on the monitor to use MSP mode. Take they cert and import it on the monitor in the tenant and launch the console. You should be able to select MSP mode and the cert and see the parent org.

Yes, sites.

ok super helpful. thanks for the quick response!

NP

Hit us up if you need a hand with it. Support or customer success can help you out on a Zoom.

ok great. yeah I just wanted to get the architecture right before I deploy agents to all customers

Continue reading and comment on the thread ‘Implementing Multi-Tenancy for Managed Service Providers in ControlUp’.  Not a member? Join Here!

Categories: All Archives
Topics: , , , , , ,

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!