Tenants

Tenants

A tenant is a logical container for application policies that enable an administrator to exercise domain-based access control. A tenant represents a unit of isolation from a policy perspective, but it does not represent a private network. Tenants can represent a customer in a service provider setting, an organization or domain in an enterprise setting, or just a convenient grouping of policies.

To manage tenants, you must have either Power User or Site and Tenant Manager read-write role.

Three tenants are pre-configured for you:

  • common—A special tenant with the purpose of providing "common" services to other tenants in ACI fabrics. Global reuse is a core principle in the common tenant. Some examples of common services include shared L3Outs, DNS, DHCP, Active Directory, and shared private networks or bridge domains.

  • dcnm-default-tn—A special tenant with the purpose of providing configuration for Cisco DCNM fabrics.

  • infra—The Infrastructure tenant that is used for all internal fabric communications, such as tunnels and policy deployment. This includes switch to switch and switch to APIC communications. The infra tenant does not get exposed to the user space (tenants) and it has its own private network space and bridge domains. Fabric discovery, image management, and DHCP for fabric functions are all handled within this tenant.

When using Multi-Site Orchestrator to manage Cisco DCNM fabrics, you will use the default dcnm-default-tn that is preconfigured for you and allows you to create and manage the following objects:

  • VRFs

  • Networks

Adding Tenants

This section describes how to add tenants using the Multi-Site Orchestrator GUI.

Before you begin

You must have a user with either Power User or Site Manager read-write role to create and manage tenants.

Procedure


Step 1

Log in to the Multi-Site Orchestrator GUI.

Step 2

Add a tenant.

  1. In the left navigation menu, select Application Management > Tenants.

  2. In the top right of the main pane, click Add Tenant.

    The Add Tenant screen opens.

Step 3

Provide tenant details.

  1. Provide the Display Name and optional Description.

    The tenant's Display Name is used throughout the Orchestrator's GUI whenever the tenant is shown. However, due to object naming requirements on the APIC, any invalid characters are removed and the resulting Internal Name is used when pushing the tenant to sites. The Internal Name that will be used when creating the tenant is displayed below the Display Name textbox.

    You can change the Display Name of the tenant at any time, but the Internal Name cannot be changed after the tenant is created.

  2. In the Associated Sites section, check all the sites you want to associate with this tenant and the Security Domain to use.

    Only the selected sites will be available for any templates using this tenant.

    Security domains are created using the APIC GUI and can be assigned to various APIC policies and user accounts to control their access. For more information, see the Cisco APIC Basic Configuration Guide.

  3. In the Associated Users section, select the Multi-Site Orchestrator users that are allowed to access the tenant.

    Only the selected users will be able to use this tenant when creating templates.

  4. (Optional) Enable consistency checker scheduler.

    You can choose to enable regular consistency checks. For more information about the consistency checker feature, see Cisco Multi-Site Troubleshooting Guide.

Step 4

Click Save to finish adding the tenant.