Tenants are assumed to be in different physical locations, such as office branches. Each tenant is configured with a unique identity and has an associated IP address range. IP address ranges can't overlap between tenants, but you can use several non-contiguous ranges.
Note: Users who aren't assigned to a tenancy can't access the Internet. Therefore, you must make sure that all known IP addresses are associated to a tenant. You can't configure a “catch-all”, default tenant.
Authenticating tenant users
Each tenant must be linked to a directory service for user authentication. These can be centrally provided, or local to the tenant itself. The full range of Smoothwall directory service configurations are available for individual tenants, see our help topic, Managing directories.
Tenant-specific filtering policies
Each tenant makes use of a core set of system-wide policies, and policies tailored for individual tenants. You can have the same, or similar, policies for both specific tenants and all tenants. Both policies apply to the tenant, and in no order.
There are two management roles within a multitenant installation:
- Central Administrator — Typically, the central administrator is the system administrator for the complete multitenant installation. They can change policies, manage tenant configurations such as access to the policy tester, and manage reporting functions for any and all tenants, including those reports set up by the tenant administrator themselves. They also assign tenant administrators for tenancy management.
- Tenant Administrator — The tenant administrator is a user within a specific tenant, who can manage their tenant via a simplified web interface.
Note: A tenant administrator can't manage operations for a tenant that they don't belong to. However, the central administrator might grant access to some, or all, of the reports allocated to another tenant.
Upgrading an existing Smoothwalls to support tenants
We recommend that you install a multitenant Smoothwall alongside your existing centrally managed Smoothwall. You can then migrate configuration data from each node in your existing Smoothwall to a tenant at a convenient time.
Note: You can't run reports for periods prior to the multitenant migration, as reporting data can't be migrated over.
Changing back to a non-tenant setup
Just as you can't migrate from a non-multitenant Smoothwall to a multitenant installation, you can't revert to a non-multitenant mode. Backward compatibility of tenant configurations to non-tenant configurations is also not supported.
When you remove a tenant, any tenant-specific custom categories, and content modifications are retained for future use by other tenants. The Smoothwall displays Deleted tenant against categories or content modifications for deleted tenants. Access to historical data from the deleted tenant must be made using SQL. Contact Smoothwall Support.
Note: An option for maintaining access to data from a tenant, whilst also removing the tenant from the managed service, is to delete the associated IP address range. This maintains all references to the tenant in the user interface, including the ability to run reports against the data, but turns off ongoing services for that tenant. Contact Smoothwall Support.