We are a service provider who plan to provide IaaS service to our customers. Our IaaS offering has both Public and Private Cloud offerings. For a Private Cloud Offering, we are spinning up a separate AD Forest for every customer. Now the
customer base is increasing heavily and management of these separate AD Forests has started to become a huge task in itself.
Is there a way to provide isolation to every private cloud customer without adding more AD management effort. Are there tools/solutions from Microsoft/its partners who can provide such a solution? else the only way i can think off using a Single Forest and multiple tree's or multiple child domain model, where the Forest Root will have Service Provider Admin Accounts which will be provided Domain Admins rights in all child domains underneath. That way we do address the issue of having multiple admin id's, passwords..etc. However, Microsoft says AD Forest is the administrative boundary and now we are confused if we can provide enough isolation by providing each customer with a child domain/tree.
I am stuck now, what options do we have to move forward? Federation?? Kindly assist.
Thanks
