Here's the key point I think in all this. It all boils down to Node Agents.
The document you linked to says:
"# There is at least one NA on each machine, and an NA must be able to start all server instances on the machine (independent of the clusters to which the instances belong).
# There can be multiple Node Agents on a machine for different versions of the product or in cases where the instances on the machine reside in multiple domains."
Basically the way this reads to me is that a Node Agent is bound to a domain. If you have multiple domains, you need multiple Node Agents. If you want to run different versions of Glassfish, they would each need their own Node Agent.
It is not clear to me whether you can have more the one Node Agent for a single domain on the same machine, and that's the crux of the matter.
If you can have more than one NA on the same IP, then you can easily have each NA start up with it own user credentials, and when it fires off the appropriate Glassfish instance, that process will inherit the parent NA credentials. That's potentially a mechanism you might leverage to get each instance of GF running under a different user.
And with the NAs all running under the same Domain, you will get a single UI.
You must appreciate, however, that everything in the domain is shared, however. There is but one central configuration for all of the resources. So, if you have a Connection Pool for jdbc/mydatabase, ALL instances of the domain will have the same Connection pool. This is important if you're trying to limit sharing of these kinds of things. User A will have ready access to User B's JEE resources.
Also, all of the application deployments will need to go through the central admin. Which means "everyone" will have an admin credential on that domain (which means everyone can see things like db pool passwords etc.). Dunno if that's an issue for you or not either. I also don't think that they'll be able to use, say, Netbeans, to deploy their application. They'll need to use a command line script, (perhaps an ant task, but I don't recall if there's a native "asadmin" ant task or not, rather than just calling the command shell from ant), or the gui.
You'll need to handle the "load balancing" to direct the traffic to their respective instances. That part won't be done by your larger domain. It will need to be a separate application (like perhaps Apache, or a proxy).
So, in the end, you could have very centralized administration, but perhaps too centralized, and your instances all running under individual user settings.
Mind I've never used the cluster/node agent facilities of GF.
[Message sent by forum member 'whartung' (whartung)]
http://forums.java.net/jive/thread.jspa?messageID=292729