Cisco Blogs

Virtual Domains with Cisco WCS

February 1, 2011 - 1 Comment

I wanted to spend some time on a feature that helps Cisco WCS offer multi-tenant capabilities, and helps organizations address the following needs; You may find a use for deploying this feature outside of the two most common models, as well:

  • Use a single WCS installation, and offer virtual management consoles divided on a geographical basis: Such a way to deploy WCS is very common among the larger enterprise, or branch/retail customers where the WCS installation may be in a datacenter, but there’s a need to delegate and assign network management tasks to individuals at the regional, branch, store, or site level.
  • Use a single WCS installation and offer virtual management consoles to different customers: Such a way to deploy WCS is common among the service providers, or managed service providers who are likely to host and operate the WCS installation but would still like their customers to have a view into managing their own networks.

Here’s a quick summary of features and capabilities when it comes to Virtual Domains:

  • WCS supports up to 128 virtual domains on a single server
  • These domains can be hierarchical, as shown below (and note, administrator(s) of virtual domain “Parent-1” will have access to “Child-1.1” and “Child-1.2” but not the other way around)
    • Root
      • Parent-1
        • Child-1.1
        • Child-1.2
      • Parent-2
        • Child-2.1
        • Child-2.2
      • etc
  • Each domain can have one or more (administrative) users assigned to them
  • Each user can, in turn, be assigned to one or more roles (RBAC)
  • Virtual Domains can be used with RADIUS and TACACS+
  • Each domain can (should) have WLCs, APs, and Maps assigned to them
  • All parts of the system (dashboards, alarms, reports, configuration, monitoring, reports, etc) are segmented on a per domain basis.
  • Caveat: RRM dashboard, MSE and a few others are not segmented by domains, and only available as root.

With a correctly configured system, when a domain administrator logs in, they’re only able to see objects in their domain, and perform tasks associated with them; however, if logged in to the root domain, the administrator can see all domains and quickly switch to (drill-down) a domain of interest. The Virtual Domain feature was introduced in the 5.1 code of the Cisco Unified Wireless Networks.

For more, take a look at the configuration guide. Questions? write back in the comments, or send me a note on twitter @sabhasin


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Saurahbh, thanks for your post. Virtual domains is a WCS feature I never used. Glad you posted a clear and consise write-up about it.