You can deploy Kaspersky SD-WAN for multiple tenants which can be independent clients or offices or departments of your organization. A solution deployed for a tenant is referred to as an SD-WAN instance. After deploying the solution, you need to create at least one tenant and deploy an SD-WAN instance for it.
When you create a tenant, the tenant gets its own self-service portal for managing the SD-WAN instance. Created tenants are isolated and cannot gain access to each other's self-service portals, but can use a shared management subnet. The number of created tenants must not exceed the number of tenants that you specified in the external section of the configuration file when deploying the solution.
To deploy an SD-WAN instance for a tenant, you need to create an SD-WAN instance template. In the SD-WAN instance template, you must specify the basic settings of the SD-WAN instance, such as quality of service and transport service settings. You also need to add the tenant to the SD-WAN instance template to have the SD-WAN instance template settings applied to the SD-WAN instance when you deploy the SD-WAN instance for that tenant.
If the tenant has not been added to any SD-WAN instance template, the Default SD-WAN template is used when deploying an SD-WAN instance for that tenant. You can assign a different SD-WAN instance template as the default.
If the settings that you specified in the SD-WAN instance template do not match the actual parameters of the SD-WAN instance, that SD-WAN instance is not deployed for the tenant. For example, an SD-WAN instance is not deployed if the number of controller nodes specified in the SD-WAN instance template does not match the actual number of controller nodes of the SD-WAN instance.
After deploying the SD-WAN instance, you can view the monitoring results and service requests of that SD-WAN instance. You can also add tenants to a deployed SD-WAN instance to let them use the controller of that SD-WAN instance. This avoids the need to deploy a separate SD-WAN instance for each tenant.
You can group SD-WAN instances into SD-WAN instance pools for load balancing when a large number of CPEs are used. You can add CPE devices to an SD-WAN instance pool. If you have added a CPE device to an SD-WAN instance pool, the orchestrator automatically selects the SD-WAN instance with the lowest number of CPE devices and adds the CPE device to that SD-WAN instance. If the same number of CPE devices are added to the SD-WAN instances in the SD-WAN instance pool, the orchestrator adds a CPE device to a random SD-WAN instance.