Skip to main content

Multi-Tenancy in OpenStack

Overview

OpenStack uses a hierarchical structure of domains, projects, and users to manage resources and isolate tenants.
This structure allows implementing both multi-tenant and single-tenant setups, depending on organizational needs.

Key Concepts

  • Domain
    A top-level container for projects, users, and groups.
    Domains are often used to represent organizations or large departments.

  • Project (Tenant)
    A logical container for resources such as instances, volumes, and networks.
    Projects are the primary unit of resource isolation in OpenStack.

  • User
    An individual identity in OpenStack.
    Users belong to a domain and are assigned roles within projects to define permissions.

Multi-Tenant Approach

In a multi-tenant setup:

  • A single domain contains multiple projects.
  • Each project belongs to a different user or team.
  • Users have access only to their own project’s resources.
  • This is the most common SaaS-style OpenStack deployment.

Diagram – Multi-Tenancy

Multi-Tenancy Diagram

Diagram – Single-Tenancy

Single-Tenancy Diagram