This topic tells you about the considerations for effectively planning foundations, orgs, and spaces. You can plan your orgs and spaces to make the best use of the authorization features in VMware Tanzu Application Service for VMs (TAS for VMs).
An installation of TAS for VMs is referred to as a foundation. Each foundation has orgs and spaces. For more information, see Orgs, Spaces, Roles, and Permissions.
The TAS for VMs roles described in Orgs, Spaces, Roles, and Permissions use the principle of least privilege. Each role exists for a purpose and features in TAS for VMs enable these purposes.
Consider these roles when planning your foundations, orgs, and spaces. This allows for full use of the features and assumptions of TAS for VMs.
How TAS for VMs layers relate to your company
The following sections describe what TAS for VMs layers are and how they relate to your company structure.
Overview of TAS for VMs layers
For an overview of each of the structural TAS for VMs layers, see the following table:
| TAS for VMs Layer | Challenge to Maintain | Contains | Description | Roles |
|---|---|---|---|---|
| Foundations | Hardest | Orgs | For shared components: domains, service tiles, and the physical infrastructure | Admin, Admin Read-Only, Global Auditor |
| Orgs | Average | Spaces | A group of users who share a resource quota plan, apps, services availability, and custom domains | Org Manager, Org Auditor, Org Billing Manager |
| Spaces | Easiest | Apps | A shared location for app development, deployment, and maintenance | Space Manager, Space Developer, Space Auditor |
Foundations
Foundations roughly map to a company and environments. For an illustration, see the following diagram:
Orgs
Orgs often map to a business unit in a particular foundation. To understand how you can map your company structure to a TAS for VMs org, see the following diagram:
Spaces
Spaces can encompass teams, products, and specific deployables. To understand how you can map your company structure to a TAS for VMs space, see the following diagram:
Mapping considerations
The following sections describe considerations you can make when mapping foundations, orgs, and spaces.
Planning for your environment
To effectively plan your environments, you must decide at what TAS for VMs layer they belong.
Broad environments, such as production environments, are commonly mapped to a foundation. More specific environments are mapped to an org or space.
Because of the large human cost to maintaining a foundation, you might see foundations mapped to production and staging environments separately.
For examples of environments and how they map to TAS for VMs layers, see the following table:
| TAS for VMs Layer | Examples of Environments |
|---|---|
| Foundations | Production, Non-production, Sandbox |
| Orgs and Spaces | Development, UAT, QA |
Questions to consider about each TAS for VMs layer
For guiding questions to help you make decisions about planning your TAS for VMs structure, see the following table:
| TAS for VMs Layer | Questions to Consider |
|---|---|
| Foundation |
|
| Org |
|
| Space |
|
Mapping larger and smaller subsets
Subsets are the company divisions you decide to map to TAS for VMs. When creating your subsets, consider that the lower the TAS for VMs layer, the more specific you want to map your subsets. Conversely, the higher the TAS for VMs layer, the broader you want to make your subsets.
For more information about mapping larger subsets for each TAS for VMs layer, see the following table:
| TAS for VMs Layer | The impact of mapping larger subsets of your company |
|---|---|
| Foundations |
|
| Orgs |
|
| Spaces |
|
For more information about mapping smaller subsets for each TAS for VMs layer, see the following table:
| TAS for VMs Layer | The impact of mapping smaller subsets of your company |
|---|---|
| Foundations |
|
| Orgs |
|
| Spaces |
|
Content feedback and comments