Hybrid Cloud Connectivity Deployment for Cisco NX-OS

Deploying the Tenant

Once the underlay and overlay connectivity is established between the sites, you must then deploy the endpoint network/VPC/VNet to establish communication between tenant endpoints deployed in the on-premises and in the cloud sites.

NDO uses the notions of schemas and templates for defining VRFs and networks. In the context of NDFC, VRFs are used to isolate one tenant from another. All the endpoint networks (subnets) of one tenant are mapped to the respective VRF. The same notion of VRFs can also be extended to the cloud, where a VRF corresponds to a VPC in AWS and a VNet in Azure.

The following procedures for deploying the tenant applies to all the topologies previously described and leverage the specific infra config deployed, and also applies for any of the following use cases.

Note

NDO has a pre-built dcnm-default-tn tenant, which can be associated with on-premises sites as well as cloud sites. We recommend that you associate this pre-built dcnm-default-tn tenant with the NDFC and cloud sites when deploying hybrid cloud connectivity, but you can also create your own tenant from scratch, if necessary.

Procedure

Step 1	In NDO, navigate to Application Management > Tenants. Figure 1. The Tenants window appears. Figure 2.
Step 2	Click the `dcnm-default-tn` tenant. The Update Tenant page for the `dcnm-default-tn` tenant appears. Figure 3.
Step 3	Select the sites shown in the screen. Note that the external fabric site does not appear in the list. The external site is only used to provide connectivity between the on-premises site to the cloud sites and there are no end hosts in the external fabric, so no tenant deployment required for the external fabric. Figure 4.
Step 4	For the cloud sites, click the Edit button (the pencil icon) and provide the necessary information for each cloud account. You need an additional account for AWS for the user tenant, but for Azure, you can use the same subscription as the Azure infra tenant. For example, after clicking the Edit button for the AWS cloud site, in the AWS Account Setting area, you might click Trusted for the Access Type and enter the associated AWS account ID in that field. Figure 5. See the section "Setting Up the AWS Account for the User Tenant" in the Cisco Cloud Network Controller for AWS Installation Guide, Release 25.1(1) or later, for more information on the different access types for the tenants in AWS. Similarly, after clicking the Edit button for the Azure cloud site, you would enter the necessary information, depending on whether the tenant is managed or unmanaged. Figure 6. See the section "Adding a Role Assignment" in the Cisco Cloud Network Controller for Azure Installation Guide, Release 25.1(1) or later, for more information on the different access types for the tenants in Azure.
Step 5	Verify the tenants were deployed correctly. For example, in the figure below, the `dcnm-default-tn` tenant has three sites mapped (one on-premises NDFC site and the two cloud sites). Figure 7. You can also check the `dcnm-default-tn` tenant deployed in the Cisco Cloud Network Controllers for the cloud sites. Figure 8.