Multidepartment CPE Device Support
Multitenancy enables a single NFX Series device to be mapped to serve across multiple departments within a single tenant. Each department has its own Layer 3 VPN and all Layer 3 VPNs are carried over to the hub using a shared overlay. The traffic is segregated to each department. A single overlay of IPsec or generic routing encapsulation (GRE) tunnels is used to carry all department traffic from the site through MPLS-based traffic separation.
Multitenancy is a cost-effective approach where the cost of a device and its maintenance is shared among multiple departments across a tenant. With multitenant device support, a dedicated share of the device is allocated to each department, and the data is kept private from the other tenants that access the same device.
Only users with the Tenant Administrator role have access to the Customer Portal GUI.
The tenant administrator can perform the following tasks:
Manage and monitor all policies and dashboards for all departments.
Manage applications in the dashboard for each tenant.
Create SD-WAN and security policies for each tenant and monitor the dashboard at the site level or at the department level.
View or select SD-WAN or security services on the shared CPE device through the management portal.
View the shared CPE device and its services and networks even though the WAN links might be shared by multiple departments.
The service provider administrator can see all departments within the CPE device and activate the device.