What do Multi-Tenant MSPs Need?

eG Innovations works with Managed Service Providers (MSPs) across the world, who use eG Enterprise to deliver value-added services to improve their customers’ resilience and business outcomes. Many of these service providers choose eG Enterprise for its secure and granular role-based multi-tenancy support. The MSP does not have to configure and maintain one instance of eG Enterprise for each customer. Instead, they can deploy one eG Enterprise instance to which agent-based and agentless monitoring provides deep diagnostics and analytics for multiple customers (tenants).

The distinct advantage of multi-tenant configurations for MSPs is that they can use a single unified interface to monitor multiple customers. MSP admins do not have to shift through multiple consoles, one for each customer. Additionally, by amortizing hardware, software, and storage costs across customers, the MSP can drive further cost savings, which in turn improves competitive advantage for themselves and their customers.

1. Secure Segregated Views for MSP Customers

One of the most important requirements in a multi-tenanted deployment is that each tenant is securely segregated and should not be able to access or view the infrastructures or data of other tenants. Each tenant (customer) is assigned a unique user ID in eG Enterprise and any applications, devices, systems, etc. discovered for their infrastructure are automatically associated with this user ID.

Multi-tenant monitoring dashboards

Figure 1: Monitoring dashboards for two securely segregated customers. Each customer only has access to their respective infrastructures including performance and health statuses.

When a customer’s user logs in, they are only able to view the health of the applications and systems monitored in their profile. Any actions that the user performs is restricted to their view only.

Any dashboards created or reports they access are also restricted to their profile unless they explicitly share reporting analytics with other users.

2. Providing the MSP with At-a-Glance Views, including Tenant-specific Drilldowns

To detect performance or availability issues in customer applications and infrastructures, MSPs need an at-a-glance view from where they can see all applications and systems being monitored, irrespective of which customer (tenant) the application or system belongs to.

Dashboards and reports regarding the overall performance of the monitored environment are important for MSPs.

At the same time, the MSP needs to be able to see dashboards, reports, and alerts on a customer-by-customer basis. eG Enterprise automatically creates groupings (known as Zones) whenever a new user registers in the system. Any devices, systems or applications discovered are automatically assigned to the respective user’s zone.

The MSP teams can easily see the performance of each tenant’s infrastructure by looking at the respective zones and, if required, can drill down further. Additionally, reports can focus on just the constituents of zones.

Single pane monitoring for IT Ops.

Figure 2: Single Pane of Glass (SPoG) for MSP IT Ops to view the status of all customer environments from the single eG Enterprise console.

Tenants can use these zones to get a high-level view of components managed by themselves. MSP IT Ops can use these zones to get a tenant-level view of components. More information on zones (including geo-maps) can be found in: Configuring Zones (eginnovations.com).

When a customer’s user calls in with an IT-related issue, MSP IT Ops needs to see exactly what the tenant is seeing. To allow this, eG Enterprise includes a “switch user” functionality. IT Ops can use this to virtually login to the system as the tenant without the need to access their users’ credentials.

MSP IT Ops

Figure 3: MSP IT Ops can switch views to a specific customer’s view in order to view the infrastructure in the same way that that customer can.

3. Support for Multiple Administrators for Each MSP Tenant

Medium-sized and large organizations often have multiple administrators, who may attend to different clients or perform different IT operational tasks. eG Enterprise’s user and organization management capabilities address this.

Each customer (tenant) is mapped to an organization in eG Enterprise. Users can be added to organizations. These users can either have read-only rights to the monitoring configuration or be provided with rights to make changes to the eG Enterprise monitoring system. The role assigned to a user determines the rights that the user has. Users can also be provided access to all the components of an organization or just a subset of the components (e.g., just the database servers).

Tenants can also partition their infrastructure being monitored into Business Units (BU). Each BU can map to a department in the organization and administrators can be assigned for different BUs. This structuring of access rights allows large customers with multiple geographically separated units to have different BUs – one for each geography.

Tenants have the capability to add multiple BUs and users by themselves.

Tenants can add multiple Business Units and units

eG Enterprise is not licensed on the basis of per number of users accessing the monitoring console, or per number of users registered in the monitoring console.
This can lead to significant cost-savings compared to many tools that charge per user logged on or per registered user and offers significant flexibility.

4. Self-Provisioning by the MSP Tenant

eG Enterprise makes it simple for MSPs to offer MaaS.

  • MSP customers (tenants) can self-register through the portal, a simple 2-minute process (see Figure 4). Once registered, they will have access to login, download agents, and begin monitoring their infrastructure.

    Tenant self-registration screen

    Figure 4: Tenants can self-register on the management portal
    In high security environments, administrators may need to centrally manage and control user registrations and may not want to allow tenants to self-register. To facilitate such a need, administrators can disable self-registration by setting the Allow users to self-register flag to No in the MANAGER MODEL page of the eG administration interface.
  • We would typically recommend agent-based monitoring for Windows, Linux, and other Unix operating systems. Once a customer (tenant) has logged in, they can download agents for any of the supported platforms and install them. Installation of agents is only a 30-second process. One can integrate and automate the agent deployment with any software distribution or orchestration tools, such as Ansible, Microsoft SCCM, Terraform, etc.

    Figure 5: Simple 3 step installation process
  • Agents downloaded from the management portal have a unique user ID associated. When an agent starts executing, it auto-discovers applications and other supporting infrastructure updating the eG management system. All auto-discovered components are automatically associated with the corresponding customer accounts without the need for customers to do any manual work. And, within minutes of installing eG agents, real-time metrics are displayed on the eG management console.
  • Agents can be installed on servers that are in an on-premises data center or on cloud instances, or on any cloud infrastructure. As long as the agents have connectivity to the management system on the designated HTTPS port, MSPs can monitor the target systems and applications.
    eG Enterprise also supports agentless monitoring in MSP environments for technologies like virtualization, cloud, storage, network devices and so on. Learn more about agentless monitoring
  • The MSP has control over which applications are auto-discovered and managed. For instance, if the MSP is only offering remote database monitoring as a service, they can control the auto-discovery process through settings on the management server itself.

5. Providing Tenants with Specified Administration Rights

While monitoring of basic metrics like CPU, memory, and disk resources can be done without needing any additional permissions, additional access rights may be required depending on the target infrastructure being monitored. For example, to monitor a network router, an SNMP community string will need to be configured. Likewise, to monitor a database server, a user account with the necessary access privileges may need to be configured.

The MSP’s IT Ops team can maintain overall control over the eG Enterprise monitoring system and can configure the necessary credentials. They will also have all the administrative controls for setting maintenance policies, changing monitoring frequencies, setting thresholds, amongst others.

However, customers (tenants) may want to perform some of these activities themselves for the elements they are responsible for and may not want to wait for the MSP IT Ops staff to be available each time they need to make a change. In such cases, eG Enterprise provides the ability for each tenant to perform administration activities on the systems and applications that they are monitoring. With this capability, MSP tenants are provided with granular access rights aligned to their roles and responsibilities. Tenants can:

  • Control how often the monitoring is performed. The frequency can be changed for each check performed, or for each server targeted.
  • Control what thresholds are applied for their applications and systems
  • Configure maintenance periods when their applications and systems are expected to be down
  • Have the option to manually add/manage the components for monitoring if there are components that cannot be discovered in the target environment or if the components are discovered but remain unmanaged

Multi-tenant configuration screen

Figure 6: Tenants can configure thresholds for their applications and systems

These advanced features provide customers (tenants) with what they need to effectively ensure uptime using the eG Enterprise platform. All eG administration activities performed by customers (tenants) are maintained in an audit log, and the MSP IT Ops team can review these for compliance audits and analysis at any time.

eG Enterprise audit log

Figure 7: Snapshot of eG Enterprise’s audit log. All admin activities performed are captured for compliance and analysis.

MSPs benefit as IT Ops are no longer burdened by frequent change requests for simple changes (e.g., password resets, to put systems under maintenance, and so on) and can focus on more proactive and productive tasks.

6. Support for Deployment Across Multiple Private Networks

A unique characteristic of MSP environments is that different customers may each have their own private network. However, IP addresses can be reused across networks, which means IP addresses should not be used when configuring a server or device or application in the MSP’s management system. As a result, it is not possible to manage devices, systems or applications using their IP addresses.

eG Enterprise uses “nicknames” to uniquely identify targets it monitors:

  • By default, the agent on a server assigns the hostname as the nickname of the server.
  • The agent contacts the manager for approval to use it.
  • If the nickname is unique and is not already configured in the eG Manager, it will be approved.
  • If there is a conflict with a nickname, the manager auto-assigns a new nickname to the agent.
  • Once its nickname is approved, the agent maps all its metrics to it. IP addresses are not used at all in the management console.

At the same time, customers have the right to assign a unique nickname to a system if they so choose too.

7. Providing the MSP Flexibility for License Assignment and Reporting

Multi-tenant licensing modelThe MSP admin can assign licenses to tenants for monitoring their systems, applications, and so on. Tenants then have a right to further distribute licenses across business units as required. License reporting is also enabled at the tenant-level allowing tenants to proactively plan and manage their own license usage.

8. Auto-deletion of Tenants to Reduce MSP Effort

Just as new customers register for eG Enterprise SaaS service, existing customers may sign off from the service. The MSP will need to delete old customers and their infrastructure from the monitoring system. When managing thousands of components, removing an organization and all its components can be time-consuming. When an organization has multiple BUs, these also need to be removed. Any users assigned only to the organization or its BUs will also need to be removed.

eG Enterprise simplifies the process for the MSP. With a single click, eG Enterprise can be configured to automatically remove customers whose subscription has expired including all devices, servers, and applications assigned to their view.

This level of automation saves the MSP IT Ops time and effort. Also, IT Ops have the option to set time periods after which auto-deletion of users is initiated (e.g., auto-delete only after 30 days of subscription expiry).

Multi-tenant auto deletion screen

Figure 8: Configuring auto-deletion capabilities for user accounts

9. Flexible, Pay-per-use Billing Model for the MSP

eG Enterprise’s billing model is flexible and scalable for MSPs of all sizes. As most customers of MSPs subscribe to monthly payment options, often on a PAYG (pay-as-you-go) basis. To synchronize with these payment cycles, eG Innovations offers MSPs monthly subscription billing options based on peak monthly usage.

The MSP is allowed access to sufficient licenses to deploy; there is no need to approach the vendor each time a new client is on-boarded or when support is expanded for existing customers. eG Innovations’ billing model is based on the overall usage of the MSP and does not consider the client-by-client usage for the MSP’s customers. At the same time, MSPs can track the usage consumption for individual tenants and use this information for per tenant-based billing.

Muli-tenant license tracking and usage

Figure 9: Tracking of license usage by tenant in eG Enterprise

10. White Labeling the Monitoring Service and Displaying the MSP’s Brand

With eG Enterprise, MSPs can white label the eG Enterprise platform. Whether the monitoring software is installed in the MSP’s data center or in eG Innovations’ cloud (as SaaS), MSPs can have their logo and branding displayed prominently when customers logon to the service.

This allows an MSP to promote their brand, not the vendor. Email alerts, reports, etc. also have the MSP’s logo displayed. Configuring the MSP’s logo on eG Enterprise is straightforward.

Here is a short video of how GlassHouse, one of our MSP partners, has marketed their eG Enterprise-based Magnify proactive monitoring service. eG Innovations offers a partnering and licensing program for MSPs, which many have leveraged to provide premium monitoring as a service (MaaS) option for their customers.

Why Multi-Tenant Monitoring as a Service (MaaS) for MSPs

In this blog post, we have discussed 10 key features that have been added to eG Enterprise for MSP environments.

MSPs can leverage these functions to offer monitoring as a service to customers. The monitoring service can offer a range of capabilities including infrastructure monitoring including server, storage, virtualization, cloud and network monitoring, web application, user experience, and performance monitoring for technologies such as Java, Microsoft .NET, and PHP, monitoring of digital workspace technologies, such as Citrix, VMware Horizon, and Azure Virtual Desktops, and also for monitoring SaaS services, such as Salesforce and Microsoft 365.

Not only is this a differentiated offering for the MSP, but it also offers a recurring revenue stream. Further, monitoring is not just focused on troubleshooting. The MSP can augment the monitoring as a service with analysis and recommendations that are aimed at helping their customers get more out of their existing IT investments.

Learn More:

About the Authors:

This blog post is authored by Mike Ferioli and Raghavendra Krishnamurthy, who work closely with some of our largest and most demanding MSP partners and customers. Mike works as an account and channel manager for UK&I based out of our Central London office and Raghav is our EMEA Partner Manager.