HPE GreenLake offers multiple workspace architecture patterns that support organizational hierarchies, simplify identity governance, and keep service operations flexible. This guide helps you choose the right workspace architecture model, plan your rollout, and migrate to the best practices described in this guide. This guide does not provide detailed step-by-step instructions, but references user guide sections where appropriate for more information.
- Start with Workspace Architecture Guide to learn best practices for workspace design, including when to consolidate or separate services, proven design principles, and service compatibility guidance.
- Review Identity Governance Essentials for domain claiming, SSO, SCIM, and role assignment implementation.
- Use Migration Paths when ready to align existing workspaces with these best practices.
| Section | Purpose |
|---|---|
| Workspace Architecture Guide | Apply workspace design best practices: consolidation vs separation strategies, design principles, and service compatibility guidance. |
| Identity Governance Essentials | Implement domain claiming, SSO, SCIM, and role assignment across your hierarchy. |
| Migration Paths | Choose the right onboarding or migration approach for your current estate. |
Organizations that separate governance from execution gain:
- Clear ownership: Domains, identity providers, and lifecycle controls stay in the organization parent so member workspace teams can focus on service operations.
- Policy isolation: Production, non-production, and sensitive services can live in different workspaces with the right policies and guardrails.
- Risk reduction: Incidents in one workspace do not spill into others, limiting the blast radius of operational issues.
- Quota flexibility: Service quotas and API rate limits remain local to each workspace, avoiding contention across teams.
- Operating model fit: Central, decentralized, or hybrid teams can each adopt a structure that matches their governance needs.
These outcomes align with the Identity Governance capabilities of HPE GreenLake, which provide user and group directories, centralized SSO authentication policies, and SCIM-based provisioning across the organization.
These best practices focus on why and when. For "how" tasks such as claiming a DNS domain, configuring SSO authentication policies, or editing scope groups, follow the HPE GreenLake Organization and Enhanced IAM Management user guide. The guide lives in the HPE Support Center and remains the authoritative source for clicks and API calls.
- Confirm which services you operate today and whether they require tenant-level aggregation.
- Decide if you will adopt the enterprise hierarchy, MSP hierarchy, or both.
- Continue to Workspace Architecture Guide for workspace design best practices.