Hivemanager NG Virtual appaliance Multi Tenant?

  • 1
  • Question
  • Updated 5 months ago
Hi, is the Virtual appliance from Hivemanager NG Multi Tenant? If not, will this feature added in the future?
Photo of Jonas Dekkers

Jonas Dekkers

  • 152 Posts
  • 29 Reply Likes

Posted 5 months ago

  • 1
Photo of Sam Lynn

Sam Lynn, Moderator

  • 96 Posts
  • 12 Reply Likes
Hello Jonas,

It depends on what you mean by Multi Tenant. If you mean hosting several VHMs within one (such as sub-VHMs with HiveManager Classic), then yes. We call this feature HHM (Hierarchical HiveManager) in HiveManager NG. Here is a guide that explains what this is and how to set it up- https://docs.aerohive.com/330000/docs/guides/Hierarchical-HiveManager_Configuration-Guide.pdf. Briefly, it allows you to host several organizations within one HiveManager, each with their own device list and configuration objects. 

If you mean can we have multiple people with access to one HiveManager, yes. You can create internal admins (users that log in directly to your HiveManager) or external admins (users who log in to their own HiveManager and then have the option to go to your HiveManager or their own). You can do this by going in to HiveManager NG and clicking on the person shaped icon in the top right corner> Global Settings> Account Management. 

If neither of these things are what you were asking, please clarify what you are looking for and we'll do our best to help you find it, or create a feature request. 
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Jonas, just to be clear: NG on-premise does NOT support the same multi-VHM concept as HM-Classic does. Which means: you cannot assign a whole dedicated VHM to a tenant like you did with Classic, or like you do with NG cloud (each NG cloud account is its own VHM).

You do have, however, the HHM feature, which is like role-based access control INSIDE one VHM. You then create organizations inside, and build a tenant's configuration inside that organization instance. One nice feature is that now you can allow an Admin to access several selected organizations, without giving him/her full HM Admin access (like you had to do with Classic, where it was "one or all").

The management side of HHM is still a bit clumsy though. For example, if you have once created an object, like a network policy, you cannot move or copy it to another organization. Also, as main admin, you do not immediately see which object is under which organization. You'd have to change the visibility settings, to view only a specific organization, if you want to know which objects are assigned inside. Therefore, I highly recommend to add the tenants "short name" to each object you create for that organization. E.g., if the name is XYZ, call the ssid object XYZ-SSID1.

Also, when you move an AP from one organization instance to another, you lose its configuration: The configuration objects are not available anymore for the new organization, and the AP automatically gets a default reset (I am not 100% sure about this one, but that's what the documentation says).

So if you do work with HHM, best is to get it all sorted from the beginning. Create the organization you need, then create all objects you need inside that organization, and then assign your APs to it. Which you should do with ALL devices, to be clean, in which case you should not use the top "Your organization" instance.

Hope this helps.
Photo of Jonas Dekkers

Jonas Dekkers

  • 152 Posts
  • 29 Reply Likes
Thanks guys. For the moment we have a Virtual appliance with Hivemanager Classic but we  need the api's for some customers. So we are thinking to move our customers to a Hivemanager NG virtual appliance. So "If you mean hosting several VHMs within one (such as sub-VHMs with HiveManager Classic), then yes." will be enough indeed.

Is the Virtual appliance still free? Or can we test it?
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
I believe you have 30 days until supplying a proper license key. You should also be able to use your HM-Classic licenses, but best is to coordinate this with AH support / your reseller.

I'd suggest the following though:
- For a quick test of HHM, just use an NG Cloud account (30 days free).
- For a deployment of NG on-premise, wait for the next release. It was supposed to come out end of March, so potentially any time soon ;-) This one will be a major release, with the changed DB under the hood, and feature-leveling to NG Cloud.

carsten
Photo of Jonas Dekkers

Jonas Dekkers

  • 152 Posts
  • 29 Reply Likes
We will wait for that release before we test it! Thanks a lot!