MOVEit DMZ Multi-Tenancy Module
File transfer servers that provide multi tenancy allow you set up FTP/S, SFTP and/or HTTP/S services for each organization hosted by the file transfer application. The organization each user interacts with is typically determined by the domain name the user connects to (e.g., “ftps.handd.co.uk” or “ftps.moveitdmz.co.uk”). This can be called “domain‐based multi tenancy”.
Alternatively, the organization each user interacts with may be determined by the username or other authentication credentials provided by the user (e.g., everyone connects to “ftps.handd.co.uk” but “fred” goes into the “HANDD” organization while “betty” goes into the “MOVEit DMZ” organization). This can be called “username‐based multi tenancy”.
How Does MOVEit DMZ Support Multi‐Tenancy?
MOVEit DMZ supports both domain‐based and username‐based multi‐tenancy. To support domain‐based multi‐tenancy, MOVEit DMZ allows system administrators to set up additional listening ports with their own server certificates and provides a switch to allow multiple reuses of the same username on the MOVEit DMZ system.
In domain‐based multi‐tenancy mode, MOVEit DMZ usernames are only unique within a particular organization. This means that a user named “fred” can exist in both the “HANDD” and “MOVEit DMZ” organizations on the same MOVEit DMZ system. However, it also means that if HANDD’s “fred” tries to sign on to the “ftps.moveitdmz.co.uk” interface, HANDD’s “fred” will not be allowed to sign on.
To support username‐based multi‐tenancy, MOVEit DMZ allows system administrators to reuse a single FTP/S, SFTP and HTTP/S interface for all organizations and provides a switch to ensure that individual usernames are unique across an entire MOVEit DMZ system.
In username‐based multi‐tenancy mode, MOVEit DMZ, a single username can only be associated with a single organization. This means that a user named “fred” can exist in the “foo” and but not the “bar” organization. However, it also means that if foo’s “fred” tries to sign on to the “ftps.bar.com” interface, foo’s “fred” will be permitted to sign on.
Both multi‐tenancy modes require a MOVEit DMZ license that permits “additional organizations”.
Why Else Would I Want “Additional Organizations”?
- Use folder permissions and address books to define interactions between people and systems
- Delegate some administrative control over a subset of the organization to a subset of users
- Collect related users who need to interact with each other
- Support multi‐tenancy
- Delegate full administrative control to an entire organization
- Encapsulate many interactions into manageable domains
- Separate unrelated user bases or provide new and unrelated roles to existing users