Simultaneously serve multiple client organizations, or “tenants”, with MOVEit Transfer domain-based and username-based multi-tenancy.
Multi-tenancy refers to the ability of a single system to simultaneously serve multiple client organizations, or “tenants”. Multi-tenant applications are designed to partition each client organization’s data and configuration so that each client organization runs in parallel, without interaction, on the same system. A multi-tenant application typically has a more specific name for each kind of tenant, such as “domain”, “instance”, “host” or “organization”.
Examples of popular multi-tenant applications include Microsoft® IIS web server, when serving multiple “domains” (e.g., both “www.domain1.com” and “www.domain2.com”) and Microsoft SQL Server, when serving multiple “instances” (e.g., both “domain1_ecommerce” and “domain2_product_catalog”).
How Does Multi-tenancy Apply to File Transfer Servers?
File transfer servers that provide multi-tenancy allow you set up FTP/S, SFTP and/or HTTP/S services for each organization hosted by the file transfer application. The organization each user interacts with is typically determined by the domain name the user connects to (e.g., “ftps.domain1.com” or “ftps.domain2. com”). This can be called “domain-based multi-tenancy”.
Alternatively, the organization each user interacts with may be determined by the username or other authentication credentials provided by the user (e.g., everyone connects to “ftps.company.com” but “fred” goes into the “domain1” organization while “betty” goes into the “domain2” organization). This can be called “username-based multi-tenancy”.
How Does MOVEit Transfer Support Multi-tenancy?
MOVEit Transfer supports both domain-based and username-based multi-tenancy.
To support domain-based multi-tenancy, MOVEit Transfer allows system administrators to set up additional listening ports with their own server certificates and provides a switch to allow multiple reuses of the same username on the MOVEit Transfer system.
In domain-based multi-tenancy mode, MOVEit Transfer usernames are only unique within a particular organization. This means that a user named “fred” can exist in both the “domain1” and “domain2” organizations on the same MOVEit Transfer system. However, it also means that if domain1’s “fred” tries to sign on to the “ftps.domain2.com” interface, domain1’s “fred” will not be allowed to sign on.
To support username-based multi-tenancy, MOVEit Transfer allows system administrators to reuse a single FTP/S, SFTP and HTTP/S interface for all organizations and provides a switch to ensure that individual usernames are unique across an entire MOVEit Transfer system.
In the MOVEit Transfer username-based multi-tenancy mode, a single username can only be associated with a single organization. This means that a user named “fred” can exist in the “domain1” and but not the “domain2” organization. However, it also means that if domain1’s “fred” tries to sign on to the “ftps.domain2.com” interface, domain1’s “fred” will be permitted to sign on.
Both multi-tenancy modes require a MOVEit Transfer license that permits “additional organizations”.
How are “Additional Organizations” Licensed?
Every MOVEit Transfer license issued contains a maximum number of production organizations for an individual system. The built-in, not-for-end-users “system organization” is not counted against this maximum value.
Also, the number of licensed “nodes” used in MOVEit Transfer Web Farm or Resiliency deployments is not related to the maximum number of production organizations. For example, it is equally permissible to have a 5-organization, single-node MOVEit Transfer or a 1-organization, two-node MOVEit Transfer Web Farm.
Most MOVEit Transfer systems have only one production organization, but many have multiple production organizations. Additional organizations are either licensed individually or in bundles that add the capacity for several new organizations at once.
Why Else Would I Want “Additional Organizations”? (Why Wouldn’t I Use Groups Instead?)
The main reason administrators request additional organizations is to support segregated businesses, business units or departments. The use of groups within a single organization provides some overlapping benefits in this regard, but there are still some significant differences between organizations and groups.
The following indicates which benefits are more closely associated with groups or additional organizations.
Use groups when you want to:
- Use folder permissions and address books to define interactions between people and systems
- Delegate some administrative control over a subset of the organization to a subset of users
- Collect related users who need to interact with each other
License additional organizations when you want to:
- Support multi-tenancy
- Delegate full administrative control to an entire organization
- Encapsulate many interactions into manageable domains
- Separate unrelated user bases or provide new and unrelated roles to existing users
Some benefits such as access to multiple LDAP authentication sources and custom branding/templates are available to both organizations and groups.