The present invention relates generally to storage systems and, more particularly, to resource fencing or extended access security for multi-tenant data system.
In a multi-tenant data system, multiple networks are added to the system to allow each tenant to be accessed over a private network. Private network access is provided to allow the segregation of system administrative access from tenants, the segregation of tenants from each other, and the segregation of administrative from user access within a tenant. Further, data replication traffic can be placed on a private network.
In such a system, the management and data access interfaces for the system and its tenants must have a method to guarantee that any management or data resource accessed in the system is being accessed over the appropriate network. Further, if such a multi-tenant, multi-homed data system is to have a replica, and such a replica must be used for failover in the event of the failure of the primary system or site, such a replica would have inaccessible tenants if the replica site did not exactly mirror the network topology of the primary site.