In a multi-tenant computing environment, hardware and software resources are shared among numerous entities known as tenants. Tenants can be independent customers, enterprises, and/or departments in an enterprise, and each tenant can be associated with one or many tenant systems that enable a user associated with the tenant to access the resources of the multi-tenant computing environment. For example, a tenant system can be a physical or virtual computer system or any other physical or virtual client device associated with the tenant. Resources, e.g., services and/or applications, can be provided on demand to multiple tenants over the same physical infrastructure. Moreover, network traffic relating to a tenant can be segregated and isolated from network traffic relating to another tenant by utilizing virtual local area networks (“VLANs”) for each tenant. Accordingly, a tenant can be assigned its own VLAN over the physical infrastructure, i.e., a transport network, and its network traffic can be directed only to tenant systems belonging to the assigned VLAN.
Most multi-tenant computing environments can provide shared storage array devices for storing and managing the data of tenants of the multi-tenant computing environment. The shared storage array device can logically partition the storage array into storage entities for segregating and storing data associated with the tenants. Each storage entity can be configured to be a different type of storage construct according to the tenant's preferences. For example, a first storage entity can be configured to be a file system, a second storage entity can be configured to be an NFS export, and a third storage entity can be configured to be a logical unit number (“LUN”). The shared storage array device can support VLANs and thus can associate each storage entity with the VLAN associated with the tenant to which the storage entity is related. In this manner, data belonging to a particular tenant can be transmitted from the storage array device to a tenant system of the tenant only over the VLAN associated with the particular tenant. Similarly, the shared storage array device can receive data from the tenant system over the VLAN and store the data only in the storage entity associated with the tenant.
Utilizing VLANs to segregate network traffic between tenants in the multi-tenant computing environment is advantageous because multiple virtual networks can be implemented over a common transport network. Nevertheless, because VLANs are Layer 2 networks that utilize a 12 bit address identifier, the number of VLANs that can be implemented in a given environment cannot exceed approximately 4000. With the growing adoption of virtualization and multi-tenant cloud computing, this limit can easily be exceeded. Moreover, network traffic over a VLAN is not isolated across the transport network. As a result, a tenant's network traffic can potentially be viewed by a tenant system associated with another tenant.