Home > Storage > PowerScale (Isilon) > Product Documentation > Storage (general) > Dell PowerScale: Considerations and Best Practices for Large Clusters > Multi-tenant recommendations
Within a large cluster, OneFS Access Zones can be configured to provide secure, isolated storage pools. Each division within an organization, for example, can have their own separate zone, while allowing consolidation of storage resources without compromising security.
A cluster includes an integrated access zone, the System zone, where you manage all aspects of a cluster and other access zones. By default, all cluster IP addresses connect to the System zone. Even if you create additional access zones, you configure all access zones in the System zone.
The best practices for Access Zones include:
A minimum of two AD, LDAP or NIS servers provides redundancy and helps avoid access control lookups becoming a bottleneck. For larger environments, scaling the number of domain servers may be required.
For more information about identity management, authentication, and access control in combined NFS and SMB environments, see the OneFS Multiprotocol Security Guide.