mbox/mfusion multitenancy

mbox is a multi-tenant appliance, which allows multiple entities, multiple networks, multiple groups of administrators, multiple groups of end users and captive portals to share the same appliance, and each entity feels as if they have their own dedicated appliance.

There are two main concepts with mbox multi-tenancy:

  • entity. Each entity contains it's own administrators, users, hosts, CMS, VLANs/Networks, etc. Administrators within each entity will have access to its own host info, CMS, user accounts, etc.
  • profiles. Profiles is applied to each administrator to control the rights of an administrator within its entity. For example, within an organization/entity, some admins are allowed to manage user or review security logs, some admins are allowed to define and customize captive portals etc. (NOTE: the profile here is different from RADIUS profile which defines access rights of end users who access through mbox HSG or MAP, eg. speed, time, volume, etc.)

For service providers, when mbox is deployed as a hosted appliance shared by many customers, each entity refers to a customer entity. Then we can define hosts, administrators and profiles for each entity.

For enterprises who purchase and deploy mbox as an on-premise appliance, usually entity is not necessary. However, we may define multiple portals, and multiple RADIUS profiles to map to different VLANs/Networks/SSIDs to enforce different access rights and present different user experiences etc.

1. Login to mbox portal

Connect to mbox portal using web browser, eg. https://portal.ransnet.com

2. Create entity

Create partner entity (by super admin), Service providers who purchased mbox with provider license can create partner entity, then partners can manage their own customer entity.

Create customer entity (by partner admin), Service providers who purchased mbox with provider license can create partner entity, then partners can manage their own customer entity.

After login, Go to ADMIN -> Entities, Create New

    1. Fill up the Entity Form. Provide the Entity Name, remarks optional, click "create"
  1. Parent entity: this is default to ROOT if you're creating entity for partners; if you're a partner admin creating entity for customer, the parent entity will automatically be your company entity.
  2. Child entity: Leave this field blank unless you know what you are doing!
  3. Click on "Update"

3. Add users

Go to ADMIN -> Users, New User

  1. Fill up the User Form.
  2. Add user entity: select the entity that this user belongs to
  3. Assign Profile: select user profile to define what rights/menu the user can access to.
    1. Admin profile has access to all the major HSG modules including LOG and ADMIN (to create customer entity, users and hosts)
    2. RADIUSadmin profile has access to all the major HSG module (except LOG and ADMIN)
    3. CMSadmin profile has access to CMS module only (to create and customize user login portal/landing page)