none
Does it make sense to have a separate subscriptions for different companies (small companies) or does it make more sense to have one single subscription containing more than one company? RRS feed

  • Question

  • Does it make sense to have a separate subscriptions for different companies (small companies) or does it make more sense to have one single subscription containing more than one company?

    If have multiple companies in the same subscription how would configure the ARM view so that the resources of each tenant Cannot be Viewed by other companies.  Each company would need to be able to control their individual resources but we want to share a virtual F5 (azure store) because the F5 is expensive?

    Can we share a VPN or express route between these tenants?  Understand that public express route is no longer allowed however could we share a express route between different on-premise locations? Because some of these companies are small and cost is important would it be better to have VPNs instead of shared express route. 



    dsk


    • Edited by kimdav111 Tuesday, August 13, 2019 10:21 PM
    Tuesday, August 13, 2019 10:21 PM

All replies

  • A subscription can only be linked to one tenant and a tenant can have multiple subscriptions.

    If the user base for all the companies is same, then all subscriptions of each company can be linked to same tenant and you can control access to resources using RBAC.

    If the user base is different for all the companies, you can use different tenants for each company and invite guest users to access your company applications using Azure Active Directory B2B.

    Yes you can share VNet-to-Vnet  connections that use Azure VPN gateways work across AAD tenants but Express Route cannot be shared between two azure Tenants.

    To connect two on-premise locations , you can use Express Route Global reach. For more information and limitations related to it, refer this article.

    VPN Gateway traffic is goes through public internet and Express route connections does not go over public internet.Based on your requirement and also costs, you can choose either of them. For pricing related, you can refer this link.

    Hope this helps!

    Monday, August 19, 2019 6:17 AM
    Moderator