Enable Multitenancy and Migrate the First Tenant
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Enable Multitenancy and Migrate the First Tenant
Use the following workflow to enable multitenancy
and migrate your existing configuration to the first tenant you
create. If you don’t have any existing configuration, you can Enable Multitenancy and
add your tenants; then configure them.
When you enable multitenancy,
Prisma Access migrates the following components of your configuration:
- All service connection and remote network tunnel onboarding information, including tunnel configuration.
- Existing mobile users onboarding information.
- Strata Logging Serviceinformation.
- Existing Autonomous DEM (ADEM) configuration
- The templates, template stacks, and device groups for service connections, remote networks, and mobile users.
You need to specify the number of users (for a mobile user deployment), bandwidth (for a remote
networks deployment), and Autonomous DEM (ADEM) to allocate for each
deployment (if you have purchased an ADEM license).
Because
of these device group changes, you create an access domain and add
the migrated device groups, templates, and template stacks, as shown
in the following workflow.
If you don’t have an existing
Prisma Access configuration, and you are creating an all-new multitenant
deployment, do not use this workflow; instead, complete the steps
in Add Tenants to Prisma Access to create
the first tenant.
- Determine the number of licensed units you want to allocate to this deployment.While Prisma Access migrates your configuration to the first tenant, you need to specify:
- TheBandwidthto allocate for the tenant’s remote users deployment (if applicable).
- TheUsersto allocate for the tenant’s mobile users deployment (if applicable).
- The number of ADEM units to allocate for mobile uses and remote networks (if applicable).
- Select.PanoramaCloud ServicesConfiguration
- SelectEnable Multitenancy(located on the upper right of the page).After you enable multitenancy, Panorama displays a notification informing you that the existing Prisma Access configuration are moved to the first tenant.After you enable multitenancy, your deployment permanently changes to a multitenant deployment, and you cannot revert to single tenant mode.
- ClickOKto migrate the existing configuration to the first tenant.TheTenantspage displays, and pie charts in the center of the window display.
- If you have a remote networks or mobile users license, the available amount of licensed remote network bandwidth and mobile users display.
- (Remote Networks and Mobile User Deployments Only) If you have purchased an Autonomous DEM license, the available number of units for ADEM uses displays.
- If you have a Clean Pipe deployment, the amount of bandwidth for the tenant displays.
- Choose the type of deployment you want to use for the tenant.
- For a remote network, mobile user deployment, or to configure both deployment types for a tenant, selectRemote Networks/Mobile Users.
- For a clean pipe deployment, selectClean Pipe.This section only describes how to configure tenants for remote network, mobile user, or both remote network and mobile user deployment types. To configure the clean pipe service, see Create and Configure Prisma Access for Clean Pipe.
- Migrate the existing configuration to the first tenant.
- Specify aNamefor the first tenant.
- Create a newAccess Domainby clicking the down arrow selectingNew Access Domain.
- Enter aNamefor the access domain and clickOK.Prisma Access adds theMobile_User_Device_Group,Remote_Network_Device_Group, andService_Conn_Device_GroupDevice Groupsto the new access domain.
- (Optional) ClickTemplatesto verify that Prisma Access added the following templates and template stacks:
- Explicit_Proxy_Template
- Explicit_Proxy_Template_Stack
- Mobile_User_Template
- Mobile_User_Template_Stack
- Remote_Network_Template
- Remote_Network_Template_Stack
- Service_Conn_Template
- Service_Conn_Template_StackThese are the default template stacks and templates for a standard Prisma Access deployment; if you added other templates, be sure that Prisma Access added them.
- (Optional) If you have other templates associated with this configuration, select them.
- ClickOKto close theAccess Domainpage and return to theTenantspage.
- Enter the values inBandwidth (Mbps)for remote networks,Usersfor mobile users, and the number ofAutonomous DEM Usersyou want to allocate for each deployment type.Use the following guidelines when allocating ADEM units for a tenant:
- The number of ADEM units you can allocate for mobile users and remote networks can be only equal to or less than base license.
- The minimum number of units you can allocate is 200.
- After you allocate the ADEM units for a tenant, you can edit or remove those units.
- If you did not purchase an ADEM license for your deployment type (Mobile Users or Remote Networks), that choice is grayed out.
- ClickOK.Thepage shows the first tenant successfully migrated, and aPanoramaCloud ServicesConfigurationTenantsdrop-down is added above theTenantsarea.
- Select the tenant you created in theTenantsdrop-down to verify that all settings were onboarded.
- Selectto save your changes locally on the Panorama that manages Prisma Access.CommitCommit to PanoramaIf you do not perform a local commit, Prisma Access components do not display in the Push Scope when you Commit and Push your changes.
- Commit and push your changes to make them active in Prisma Access.
- SelectandCommitCommit and PushEdit Selectionsin the Push Scope.
- SelectPrisma Access, then select the tenant you created,Service Setup,Remote Networks, andMobile Users.
- ClickOKto save your changes to the Push Scope.
- CommitandPushyour changes.
- Select.PanoramaCloud ServicesStatusThe status page shows the status of all tenants. Because you have created only one tenant, that tenant is the only one that displays. If you select that tenant from the drop-down, you show a detailed status of that tenant.Selecting a tenant from the drop-down list returns you to the Status page for that tenant.
- Continue to add more tenants to Prisma Access.