I wanted to spend some time on a feature that helps Cisco WCS offer multi-tenant capabilities, and helps organizations address the following needs; You may find a use for deploying this feature outside of the two most common models, as well:
- Use a single WCS installation, and offer virtual management consoles divided on a geographical basis: Such a way to deploy WCS is very common among the larger enterprise, or branch/retail customers where the WCS installation may be in a datacenter, but there’s a need to delegate and assign network management tasks to individuals at the regional, branch, store, or site level.
- Use a single WCS installation and offer virtual management consoles to different customers: Such a way to deploy WCS is common among the service providers, or managed service providers who are likely to host and operate the WCS installation but would still like their customers to have a view into managing their own networks.
Here’s a quick summary of features and capabilities when it comes to Virtual Domains:
- WCS supports up to 128 virtual domains on a single server
- These domains can be hierarchical, as shown below (and note, administrator(s) of virtual domain “Parent-1” will have access to “Child-1.1” and “Child-1.2” but not the other way around)
- Each domain can have one or more (administrative) users assigned to them
- Each user can, in turn, be assigned to one or more roles (RBAC)
- Virtual Domains can be used with RADIUS and TACACS+
- Each domain can (should) have WLCs, APs, and Maps assigned to them
- All parts of the system (dashboards, alarms, reports, configuration, monitoring, reports, etc) are segmented on a per domain basis.
- Caveat: RRM dashboard, MSE and a few others are not segmented by domains, and only available as root.
With a correctly configured system, when a domain administrator logs in, they’re only able to see objects in their domain, and perform tasks associated with them; however, if logged in to the root domain, the administrator can see all domains and quickly switch to (drill-down) a domain of interest. The Virtual Domain feature was introduced in the 5.1 code of the Cisco Unified Wireless Networks.