Automatic Tenant Placement by Cisco vManage

In Cisco vManage Release 20.8.x and earlier releases, when you onboard a tenant, Cisco vManage assigns a pair of multitenant Cisco vSmart Controllers to the tenant based on an internal algorithm that considers factors such as the following:

• number of tenant WAN edge devices that you forecast for the tenant

• number of tenants served by a pair of multitenant Cisco vSmart Controllers

• number of WAN edge devices connected to a pair of multitenant Cisco vSmart Controllers

After the tenant is onboarded, if the tenant needs to add more devices than you originally forecast, you can modify the forecast if the pair of multitenant Cisco vSmart Controllers serving the tenant can accommodate these additional WAN edge devices. If the Cisco vSmart Controllers cannot accommodate the additional WAN edge devices, you must delete the tenant and onboard the tenant again with the revised device forecast so that Cisco vManage assigns a suitable pair of Cisco vSmart Controllers. If none of the pairs of multitenant Cisco vSmart Controllers can accommodate the revised device forecast, add a new pair of Cisco vSmart Controllers and then onboard the tenant.

Flexible Tenant Placement by Provide Admin User

From Cisco vManage Release 20.9.1, while onboarding a tenant, you have the flexibility to choose the pair of multitenant Cisco vSmart Controllers that are assigned to the tenant. Automatic tenant placement by Cisco vManage continues to be the default behavior with flexible tenant placement as an optional configuration.

To help you with flexible tenant placement, Cisco vManage lists available multitenant Cisco vSmart Controllers and provides the following details, as a percentage, for each controller:

• number of tenants assigned

• number of tenant WAN edge devices connected

• memory utilized

• CPU utilized

A multitenant Cisco vSmart Controller can serve a maximum of 24 tenants and 1000 tenant WAN edge devices across all the tenants. While onboarding a tenant, choose a pair of controllers that can be assigned one more tenant and can also connect to the number of WAN edge devices forecast for the tenant.

After the tenant is onboarded, if the tenant needs to add more devices than you originally forecast and the assigned pair of multitenant Cisco vSmart Controllers cannot connect to these additional WAN edge devices, you can migrate the tenant to another pair of Cisco vSmart Controllers that can serve one more tenant and accommodate the revised WAN edge device forecast for the tenant. If none of the multitenant Cisco vSmart Controllers pairs can accommodate the revised device forecast, you can migrate other tenants to alternative Cisco vSmart Controllers so that the controller utilization is efficient and the tenant assignment is optimal. If the optimization doesn’t create the capacity required to accommodate the revised device forecast for the tenant, add a new pair of Cisco vSmart Controllers and then migrate the tenant.

Prerequisites

• At least two Cisco vSmart Controllers must be operational and in the vManage mode before you can add new tenants.

  A Cisco vSmart Controller enters the vManage mode when you push a template to the controller from Cisco vManage. A Cisco vSmart Controller in the CLI mode cannot serve multiple tenants.

• Each pair of Cisco vSmart Controllers can serve a maximum of 24 tenants and a maximum of 1000 tenant devices. Ensure that there are at least two Cisco vSmart Controllers that can serve a new tenant. If no pair of Cisco vSmart Controllers in the deployment can serve a new tenant, add two Cisco vSmart Controllers and change their mode to vManage.

• Add up to 16 tenants in a single operation. If you add more than one tenant, during the Add Tenant task, Cisco vManage adds the tenants one after another and not in parallel.

  While an Add Tenant task is in progress, do not perform a second tenant addition operation. If you do so, the second Add Tenant task fails.

• Each tenant must have a unique Virtual Account (VA) on Plug and Play Connect on Cisco Software Central. The tenant VA should belong to the same Smart Account (SA) as the provider VA.

• For an on-premises deployment, create a Cisco vBond Orchestrator controller profile for the tenant on Plug and Play Connect. The fields in the following table are mandatory.

  Field	Description
  Profile Name	Enter a name for the controller profile.
  Multi-Tenancy	From the drop-down list, select Yes.
  SP Organization Name	Enter the provider organization name.
  Organization Name	Enter the tenant organization name in the format <SP Org Name>-<Tenant Org Name>. The organization name can be up to 64 characters.
  Primary Controller	Enter the host details for the primary Cisco vBond Orchestrator.

  For a cloud deployment, the Cisco vBond Orchestrator controller profile is created automatically as part of the tenant creation process.

1. Log in to Cisco vManage as the provider admin user.

2. From the Cisco vManage menu, choose Administration > Tenant Management.

3. Click Add Tenant.

4. In the Add Tenant slide-in pane, click New Tenant.

5. Configure the following tenant details:

   Field	Description
   Name	Enter a name for the tenant. For a cloud deployment, the tenant name should be same as the tenant VA name on Plug and Play Connect.
   Description	Enter a description for the tenant. The description can have up to 256 characters and can contain only alphanumeric characters.
   Organization Name	Enter the name of the tenant organization. The organization name can have up to 64 characters. The organization name is case-sensitive. Each tenant or customer must have a unique organization name. Enter the organization name in the following format: <SP Org Name>-<Tenant Org Name> For example, if the provider organization name is ‘managed-sp’ and the tenant organization name is 'customer1', while adding the tenant, enter the organization name as ‘managed-sp-customer1’.
   URL Subdomain	Enter the fully qualified subdomain name of the tenant. The subdomain name must include the domain name of the service provider. For example, for the managed-sp.com service provider, a valid domain name for customer1 is customer1.managed-sp.com. Note   The service provider name is shared amongst all tenants. Ensure that the URL naming convention follows the same domain name convention that was followed while enabling multitenancy using Administration > Settings > Tenancy Mode. For an on-premises deployment, add the fully qualified subdomain name of the tenant to the DNS. Map the fully qualified subdomain name to the IP addresses of the three Cisco vManage instances in the Cisco vManage cluster. Provider DNS: Create a DNS A record and map it to the IP addresses of the Cisco vManage instances running in the Cisco vManage cluster. The A record is derived from the provider’s domain name and the cluster ID that was created while enabling multitenancy on Cisco vManage. For example, if the provider’s domain name is sdwan.cisco.com and the cluster ID is vmanage123, configure the A record as vmanage123.sdwan.cisco.com. Note   If you fail to add the DNS A record, you will experience authentication errors when logging in to Cisco vManage. Validate that the DNS is configured correctly by using the nslookup command. Example: nslookup vmanage123.sdwan.cisco.com . Tenant DNS: Create DNS CNAME records for each tenant that you created and map them to the provider FQDN. For example, if the provider’s domain name is sdwan.cisco.com and tenant name is customer1, configure the CNAME record as customer1.sdwan.cisco.com. Cluster ID is not required in the CNAME record. Validate that the DNS is configured correctly by using the nslookup command. Example: nslookup customer1.sdwan.cisco.com. For a cloud deployment, the fully qualified subdomain name of the tenant is automatically added to the DNS as part of the tenant creation process. After you add a tenant, it could take up to an hour before the fully qualified subdomain name of the tenant can be resolved by the DNS.
   Forecasted Devices	Enter the number of WAN edge devices that the tenant can add to the overlay. If the tenant tries to add WAN edge devices beyond this number, Cisco vManage reports an error and the device addition fails.
   Select two vSmarts	Automatic tenant placement: Ensure that the Select two vSmarts field has the value Autoplacement. This is the default configuration. Flexible tenant placement: Click the Select two vSmarts drop-down list. Cisco vManage lists the hostnames of the available Cisco vSmart Controllers. For each Cisco vSmart Controller, Cisco vManage shows whether the controller is reachable and reports the following utilization details: Tenant hosting capacity Each Cisco vSmart Controller can serve a maximum of 24 tenants. Tenant hosting capacity represents the number of tenants to which the Cisco vSmart Controller is assigned in the form of a percentage. This value indicates whether you can assign another tenant to this controller. Used device capacity Each Cisco vSmart Controller can support a maximum of 1000 tenant WAN edge devices. Used device capacity represents the number of tenant WAN edge devices connected to the Cisco vSmart Controller in the form of a percentage of the maximum capacity (1000 WAN edge devices). This value indicates whether the Cisco vSmart Controller can support the number of devices forecast for the tenant that you are onboarding. Memory utilized This value represents memory consumption as a percentage. CPU utilized This value represents CPU usage as a percentage. Select two Cisco vSmart Controllers to assign to the tenant based on the utilization details. To select a Cisco vSmart Controller, check the check box adjacent to its hostname.

6. To save the tenant configuration, click Save.

7. To add another tenant, repeat Step 4 to Step 6.

8. To onboard tenants to the deployment, click Add.

Cisco vManage initiates the Create Tenant Bulk task to onboard the tenants.

As part of this task, Cisco vManage performs the following activities:

• creates the tenant

• assigns two Cisco vSmart Controllers to serve the tenant and pushes a CLI template to these controllers to configure tenant information

• sends the tenant and Cisco vSmart Controller information to Cisco vBond Orchestrators

When the task is successfully completed, you can view the tenant information, including the Cisco vSmart Controllers assigned to the tenant, on the Administration > Tenant Management page.