Provisioning tenants is an obligatory capability for providing cloud foundation services on any cloud platform.
Why You Need to Automate Cloud Tenant Provisioning
Since Tenant provisioning is so quintessential, practitioners should consider the following implementation maturities as they are growing the overall maturity of offered cloud foundation capabilities.
⭐️ manual provisioning: when starting out and serving only a small amount of internal customers, manual provisioning of "naked" cloud provider tenants via cloud provider portals (GUI) is a feasible approach
⭐️⭐️ semi-automated provisioning: as the number of other cloud foundation capabilities grows, more and more post-provisioning steps will be required to enable advanced cloud foundation capabilities like Landing Zones. Automation is key to achieving consistent results.
⭐️⭐️⭐️ - ⭐️⭐️⭐️⭐️ fully automated provisioning: a repeatable and fully automated provisioning process saves significant amounts of time and streamlines development of new cloud foundation capabilities. For managing a high number of internal customers, this level of automation is crucial.
In practice, many cloud foundation teams miss the right point in time to invest in full automation capabilities for tenant provisioning. This occurs because each time adding "just one more manual step" to a semi-automated process feels like an insignificant decision. However, the compounding effect of these decisions together with increasing internal demand burdens cloud foundation teams with operational chores. The burden of these chores eventually leaves teams with too little time and resources to rectify the situation
⚠️ Consider full automation of tenant provisioning early on while operational chores still leave enough room to invest into automation.
Best Practices for Tenant Provisioning
Apply Proper Tenant Isolation
- Isolate teams and workloads using tenants - no sharing! One of the worst anti-patterns caused by not having sufficient tenant provisioning capability is that teams put development and production workloads into the same tenant. This encourages bad security practices that can lead to compromise of production environments.
IAM Should Be Part of Tenant Provisioning
Maintain a Cloud Tenant Database
Record provisioned cloud tenants and their purpose in a Cloud Tenant Database from day one. This way your organization always has a complete inventory of the cloud tenants managed by the cloud foundation.
Establish Tenant Naming and Tagging Conventions
💡 Use lowercase and dashes
Consider making Cloud Tenant Tagging a part of the provisioning process.
Automate Tenant Provisioning
Beware of the pitfalls of insufficient automation. Semi-automated provisioning often leads to Monolithic Landing Zone architectures, which are a bottleneck for achieving higher-level capabilities in later journey stages.
Self-Service Tenant Provisioning
See a fully automated tenant provisioning process live in action or learn more on best practices for tenant management.Get a Demo → Learn More →
Fully automated provisioning of tenants is a pre-requisite for more advanced capabilities like Multi-cloud tenant database integrated with lifecycle management and Modular Landing Zones.
meshStack automatically provisions and reconciles cloud tenants based on the desired state. This includes metadata (tags) as well as authorization (role assignments, groups).Learn More