Best practices state that you should always create a tenant separate from the vshere.local tenant even if you are only going to have one tenant. What is everyone's thought on this?
Unless I am mistaken, native AD as an identity service is only available for the default tenant. Is this a benefit? a drawback?
If you are in an environment that will only ever have a single tenant is it worth creating a separate one or is using the vsphere.local tenant acceptable?
As far as I can see the largest drawback to using the default tenant is that you're endpoints and compute resources are shared with other tenants. Is there a deeper technical reason to not use the default tenant besides the separation of resources and therefore true multi-tenancy?
I would be interested in the experience of others running a multi-tenant environment and thoughts on this from an architectural perspective.
Thanks