Overview of Colocation Multitenancy
In Cisco Catalyst SD-WAN Cloud OnRamp for Colocation multitenancy, a service provider can manage multiple colocation clusters using Cisco SD-WAN Manager in single-tenant mode. A service provider can bring up a multitenant cluster in the same way as bringing up a cluster in a single-tenant mode. A multitenant cluster can be shared across multiple tenants. See Create and Activate Clusters.
The tenants share the hardware resources such as the Cisco Cloud Services Platform (CSP) devices and Cisco Catalyst 9500 devices of a colocation cluster. The following are the key points of this feature.
-
A service provider deploys and configures the Cisco SD-WAN Control Components (Cisco SD-WAN Manager, Cisco Catalyst SD-WAN Validator, and Cisco Catalyst SD-WAN Controller) with valid certificates.
-
A service provider sets up colocation clusters after onboarding the Cisco CSP devices and Cisco Catalyst 9500 switches.
-
Cisco Catalyst SD-WAN operates in a single-tenant mode and Cisco SD-WAN Manager appears in a single-tenant mode.
-
In a colocation multitenant deployment, a service provider ensures that tenants see only their service chains by, creating roles. A service provider creates roles for each tenant in a colocation group. These tenants are permitted to access and monitor the service chains based on their roles. However, they can’t configure their service chains or change the system-level settings. The roles ensure that tenants can access only the information that they are authorized to view.
-
Each tenant traffic is segmented using VXLAN across the compute devices, and VLAN across the Cisco Catalyst switch fabric.
-
A service provider can provision service chains on a specific cluster.
The following are the two scenarios of a colocation multitenant setup:
-
Service provider owned Cisco Catalyst SD-WAN devices: In this scenario, the Cisco Catalyst SD-WAN devices used in a service chain belong to the corresponding service provider. The CSP devices and Catalyst 9500 switches are owned, monitored, maintained by the service provider. The virtual machine (VM) packages are owned, uploaded, and maintained by a service provider. See Monitor Colocation Cluster Devices and Cisco Catalyst SD-WAN Devices in Comanaged Multitenant Environment.
-
Comanaged Cisco Catalyst SD-WAN devices: In this scenario, the Cisco Catalyst SD-WAN devices that are used in a service chain belong to a tenant overlay network. The colocation cluster devices are owned by the service provider, whereas the Cisco Catalyst SD-WAN of a service chain are controlled by the Cisco SD-WAN Control Components (Cisco SD-WAN Manager, Cisco Catalyst SD-WAN Validator, and Cisco Catalyst SD-WAN Controller) of a tenant. The CSP devices and Catalyst 9500 switches are owned, monitored, maintained by the service provider. The VM packages are owned, uploaded, and maintained by a service provider. See Monitor Colocation Cluster Devices and Cisco Catalyst SD-WAN Devices in Comanaged Multitenant Environment.