Planning Orgs and Spaces
Page last updated:
This topic describes considerations for effectively planning foundations, orgs, and spaces. You can plan your orgs and spaces to make the best use of the authorization features in Cloud Foundry Application Runtime.
An installation of CFAR is referred to as a foundation. Each foundation has orgs and spaces. For more information, see Orgs, Spaces, Roles, and Permissions.
The CFAR roles described in Orgs, Spaces, Roles, and Permissions use the principle of least privilege. Each role exists for a purpose and features in CFAR enable these purposes.
Consider these roles when planning your foundations, orgs, and spaces. This allows for full use of the features and assumptions of CFAR.
The following sections describe what CFAR layers are and how they relate to your company structure.
For an overview of each of the structural CFAR layers, see the following table:
|CFAR Layer||Challenge to Maintain||Contains||Description||Roles|
|Foundations||Hardest||Orgs||For shared components: domains, service tiles, and the physical infrastructure||Admin, Admin Read-Only, Global Auditor|
|Orgs||Average||Spaces||A group of users who share a resource quota plan, apps, services availability, and custom domains||Org Manager, Org Auditor, Org Billing Manager|
|Spaces||Easiest||Apps||A shared location for app development, deployment, and maintenance||Space Manager, Space Developer, Space Auditor|
Foundations roughly map to a company and environments. See the following diagram for an illustration:
Orgs most often map to a business unit in a particular foundation. To understand how you can map your company structure to a CFAR org, see the diagram below:
Spaces can encompass teams, products and specific deployables. To understand how you can map your company structure to a CFAR space, see the diagram below:
The sections below describe considerations you can make when mapping foundations, orgs, and spaces.
To plan your environments effectively, you must decide at what CFAR layer they belong.
Broad environments, such as production environments, are commonly mapped to a foundation. More specific environments are mapped to an org or space.
Because of the large human cost to maintaining a foundation, you may see foundations mapped to production and staging environments separately.
For examples of environments and how they map to CFAR layers, see the following table:
|CFAR Layer||Examples of Environments|
|Foundations||Production, Non-production, Sandbox|
|Orgs and Spaces||Development, UAT, QA|
For guiding questions to help you make decisions about planning your CFAR structure, see the following table:
|CFAR Layer||Questions to Consider|
Subsets are the company divisions you decide to map to CFAR. When creating your subsets, consider that the lower the CFAR layer, the more specific you want to map your subsets. Conversely, the higher the CFAR layer, the broader you want to make your subsets.
For more information about mapping larger subsets for each CFAR layer, see the following table:
|CFAR Layer||The impact of mapping larger subsets of your company|
For more information about mapping smaller subsets for each CFAR layer, see the following table:
|CFAR Layer||The impact of mapping smaller subsets of your company|