close
keyboard_arrow_left
Table of Contents
- play_arrow Introduction
- About the Administration Portal User Guide
- Administration Portal Overview
- Administration Portal Tasks for SP Administrators And OpCo Administrators
- Accessing Administration Portal
- Personalize the Administration Portal
- Switching the Tenant Scope
- About the Administration Portal Dashboard
- Changing the Administration Portal Password
- Resetting Your Password
- Configuring Two-Factor Authentication
- Resend Activation Link in Administration Portal
- Changing the Password on First Login
- Resetting the Password for OpCo and Tenant Users
- Setting Password Duration
- Extending the User Login Session
- About the Display Preferences
- Add a Theme in Administration Portal
- Apply or Modify a Theme
- Upload a Custom Font
- play_arrow Managing E-Mail
- play_arrow Managing Authentication
- play_arrow Managing Tenants
- Tenant Overview
- Full Mesh Topology Overview
- Understanding Specific Route-based Routing Within the SD-WAN Overlay
- About the Tenants Page
- Adding a Single Tenant
- Edit Tenant Parameters
- Importing Data for Multiple Tenants
- Allocating Network Services to a Tenant
- Viewing the Create History of Imported Tenant Data
- Delete a Tenant
- Viewing the History of Deleted Tenant Data
- Dynamic Mesh Tunnels Overview
- Configuring Dynamic Mesh Tunnel Thresholds for all Tenants
- Updating the Terms of Use
- play_arrow Managing Operating Companies
- play_arrow Managing Resources
- About the POPs Page
- Creating a Single POP
- Importing Data for Multiple POPs
- Viewing the History of POP Data Imports
- Viewing the History of POP Data Deletions
- View the History of Device Data Deletions
- Manually Importing Provider Hub Sites
- About the Tenant Devices Page
- About the Provider Hub Devices Page
- Add a Provider Hub Device
- Edit Provider Hub Site Parameters
- Manage a Provider Hub Device
- Upgrade a Provider Hub Device
- Delete a Provider Hub Site
- Perform Return Material Authorization (RMA) for a Provider Hub Device
- Grant Return Material Authorization (RMA) for a Provider Hub Device
- Generate Device RSI for Provider Hub Devices
- Managing a Tenant Device
- Device Redundancy Support Overview
- Viewing the History of Tenant Device Activation Logs
- Secure OAM Network Overview
- Secure OAM Network Redundancy Overview
- Rebooting Tenant Devices and Provider Hub Devices
- Identifying Connectivity Issues by Using Ping
- Identifying Connectivity Issues by Using Traceroute
- Remotely Accessing a Device CLI
- Device Template Overview
- Multi-Service Shared Bearer Overview
- About the Device Template Page
- Cloning a Device Template
- Importing a Device Template
- Configuring Template Settings in a Device Template
- Updating Stage-2 Configuration Template in a Device Template
- Configuring Stage-2 Initial Configuration in a Device Template
- Modifying a Device Template Description
- Deleting a Device Template
- Configuration Templates Overview
- Configuration Templates Workflow
- About the Configuration Templates Page
- Predefined Configuration Templates
- Edit, Clone, and Delete Configuration Templates
- Deploy Configuration Templates to Devices
- Undeploy a Configuration Template from a Device
- Dissociate a Configuration Template from a Device
- Preview and Render Configuration Templates
- Import Configuration Templates
- Export a Configuration Template
- Assign Configuration Templates to Device Templates
- Add Configuration Templates
- Jinja Syntax and Examples for Configuration Templates
- View the Configuration Deployed on Devices
- APN Overview
- Configuring APN Settings on CPE Devices
- Device Images Overview
- About the Device Images Page
- Staging an Image
- Deploying Device Images to Devices
- Uploading a Device Image
- Deleting Device Images
- Network Services Overview
- About the Network Services Page
- About the Service Overview Page
- About the Service Instances Page
- Allocating a Service to Tenants
- Removing a Service from Tenants
- play_arrow Managing Signatures
- Signature Database Overview
- About the Signature Database Page
- Downloading a Signature Database
- Download Locations for Signature Database
- Application Signatures Overview
- About the Application Signatures Page
- Understanding Custom Application Signatures
- Adding Application Signatures
- Editing, Cloning, and Deleting Application Signatures
- Adding Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- play_arrow Managing Profiles
- Application Quality of Experience Overview
- Configure and Monitor Application Quality of Experience
- About the Application Traffic Type Profiles Page
- Predefined Application Traffic Type Profiles
- Add Traffic Type Profiles
- Edit and Delete Application Traffic Type Profiles
- SLA Profiles and SD-WAN Policies Overview
- About the SLA-Based Steering Profiles Page
- Adding SLA-Based Steering Profiles
- Editing and Deleting SLA-Based Steering Profiles
- About the Path-Based Steering Profiles Page
- Adding Path-Based Steering Profiles
- Editing and Deleting Path-Based Steering Profiles
- About the Breakout Profiles Page
- Adding Breakout Profiles
- Editing and Deleting Breakout Profiles
- play_arrow Managing Licenses
- play_arrow Managing Users and Roles
- Role-Based Access Control Overview
- About the Users Page in Administration Portal
- Add Service Provider and OpCo Users
- Edit and Delete Service Provider Users and OpCo Users
- Resetting the Password for Service Provider, OpCo, and Tenant Users
- Roles Overview
- About the Roles Page
- Add User-Defined Roles for Service Provider, OpCo, and Tenant Users
- Edit, Clone, and Delete User-Defined Roles for Service Provider, OpCo, and Tenant Users
- Access Privileges for Role Scopes (Operating Company and Tenant)
- play_arrow Managing Jobs
- play_arrow Managing Audit Logs
list Table of Contents
Multitenancy
Release:
Contrail Service Orchestration 6.3.0
Change Release
date_range
30-Sep-21
Multitenancy enables provider hub devices to serve departments across multiple tenants. Each department of a tenant can have its own Layer 3 VPNs if network segmentation is enabled for the tenant. Traffic from all the Layer 3 VPNs are carried over to the provider hub using a shared overlay. The overlay tunnel [generic routing encapsulation (GRE) or GRE over IPsec] is used to carry traffic from all departments in a site through MPLS-based traffic separation.
Multitenancy is a cost-effective approach where the cost of a device and its maintenance is shared among multiple tenants. With multitenant device support, a dedicated share of the device is allocated to each tenant, and the data is kept private among the tenants that access the same device.
A service provider administrator or an OpCo administrator can perform the following tasks:
Create tenants.
Manage applications for each tenant.
Create SD-WAN and security policies for each tenant and monitor the dashboard at the tenant level or at the department level.
Add traffic type profiles.
Configure steering based SD-WAN or security services for each tenant.
View the services and networks configured for each tenant.
