Onboarding Citrix SD-WAN Orchestrator
Here is an overview of the Citrix SD-WAN Orchestrator service onboarding process:
-
Onboarding provider and tenants: Our customers can consume a managed SD-WAN service from Citrix partners, enabled by the multitenant Citrix SD-WAN Orchestrator service
-
Onboarding “Do It Yourself” (DIY) Enterprises: Citrix SD-WAN Orchestrator service is also available as a self-managed service for enterprises.
Onboarding provider and tenants
This section describes the onboarding process for Citrix partners and their tenants. Here is a summary of the onboarding process:
- A prospective partner sign-up as a Citrix Partner.
- Citrix Partner registers as a Citrix SD-WAN Reseller.
- Partner on boards Customers using one of the following two options:
- Partner and customers can now access their Citrix SD-WAN Orchestrator service accounts.
Partner signs up for a Citrix partnership program
A prospective partner would need to sign up for the Citrix Service Provider Program (CSP) - CSP sign-up. A partner can also sign up for the Citrix SD-WAN Managed Service Provider Program, which has been specially crafted for Citrix SD-WAN partners - SD-WAN MSP Sign Up.
A Citrix Cloud (CC) account is created for the partner as part of the registration process. For more information, see Signing Up for Citrix Cloud.
Partner registers as a Citrix SD-WAN reseller
Partner logs into the Citrix Cloud account.
A menu of all the available services offered on Citrix Cloud is displayed on the home page. The Citrix SD-WAN Orchestrator service tile can be found in the Available Services section. The partner clicks Resell SD-WAN on the tile to register themselves as a Citrix SD-WAN reseller or service provider.
Partner can now access the Citrix SD-WAN Orchestrator service. The Citrix SD-WAN Orchestrator service tile now shows up under My Services. Click Manage to access the Citrix SD-WAN Orchestrator service Provider Dashboard.
At this point, there are no SD-WAN customers. The partner navigates back to the Citrix Cloud home page to onboard customers.
Partner on-boards customers using one of the following two options:
Partner adds a customer who is new to Citrix Cloud
-
On the Citrix Cloud home page, click View Details under the Customers icon or click My Customers from the hamburger menu.
-
Click Invite or Add.
-
Select Add a customer and click Continue.
-
Enter the admin and customer details and click Finish.
Note
The company name and email-id used must be associated with only one Citrix Cloud account.
The added customers are visible in the Customer Dashboard.
-
Partner links their SD-WAN account with the customer SD-WAN account
In the partner’s Customer Dashboard, the partner selects the customer and clicks Link Customer’s SD-WAN Account.
-
Partner requests for Citrix SD-WAN Orchestrator service trial on behalf of the customer.
In the Citrix Cloud dashboard, the partner selects the Change Customer option and selects the appropriate customer.
The partner navigates to the customer’s Citrix Cloud home page, and clicks the Citrix SD-WAN Orchestrator service Request Trial button.
The customer’s Citrix SD-WAN Orchestrator service account gets provisioned.
The partner can now manage the customer’s Citrix SD-WAN Orchestrator service account after switching back to their account using Change customer option again.
Partner’s dashboard on the Citrix SD-WAN Orchestrator service now reflects the new customers added. Partner can click the customer tile to drill down into the customer’s network and manage it.
Partner invites an existing Citrix Cloud customer
-
On the Citrix Cloud home page, click View Details under the Customers icon or click My Customers from the hamburger menu.
-
Click Invite or Add.
-
Select Invite a Citrix Cloud customer and click Continue.
-
Copy the link and share it with the customer.
-
The customer clicks the link received and is redirected to the Citrix Cloud login page.
-
Customer logs in and accepts the partner’s request to manage their Citrix Cloud account and services.
The partnership between the partner and the customer is established.
The customer details show up in the partner’s customer dashboard.
-
Partner links their SD-WAN account with the customer SD-WAN account
In the partner’s Customer Dashboard, the partner selects the customer and clicks Link Customer’s SD-WAN Account.
-
Customer requests for Citrix SD-WAN Orchestrator service trial
Once the partner links the Customer’s Citrix SD-WAN Orchestrator service account to their own, the partner or the customer navigates to the customer’s Citrix Cloud home page, and clicks the Citrix SD-WAN Orchestrator service Request Trial button.
The customer’s Citrix SD-WAN Orchestrator service account gets provisioned. The partner can now manage the customer’s Citrix SD-WAN Orchestrator service account from within their own account.
The Citrix SD-WAN Orchestrator service option is displayed in the customer’s list of the Citrix Cloud services. Clicking it redirects the admin to the customer’s Citrix SD-WAN Orchestrator service account.
Partner’s dashboard on the Citrix SD-WAN Orchestrator service now reflects the new customers added. Partner can click the customer tile to drill down into the customer’s network and manage it.
Note
Customers can also choose to add multiple administrators from partner organizations to manage their Citrix SD-WAN Orchestrator service account. For more information, see Add administrators to a Citrix Cloud account
Customer accesses Citrix SD-WAN Orchestrator service
At this point, the Citrix SD-WAN Orchestrator service tile also shows up on the customer’s Citrix Cloud home page, under My Services, click Manage.
The customer can now access their Citrix SD-WAN Orchestrator service Network Dashboard. That completes the onboarding process.
Multi-MCN providers and tenants
A multi-MCN partner network is a network in which each provider network can have multiple MCN sites. If you are a partner or a tenant, and you want to be onboarded as multi-MCN partner, you need to contact your administrator.
A multi-MCN partner can add a tenant directly through Citrix SD-WAN Orchestrator service. While adding the tenant, the partner needs to configure a domain name for each tenant. If the domain name is not configured, any user onboarded through Citrix Cloud (Identity and Access Management > Administration) is added as a provider-level admin.
The domain name is unique across tenants under that provider. A multi-MCN partner can configure only one domain for each tenant. For example, if Tenant1 is configured with @domain1, no other tenants can have @domain1 configured.
If a multi-MCN network partner grants full access to the tenants while adding them on Citrix SD-WAN Orchestrator service, then the tenant admin can add or remove users through Citrix Cloud (Identity and Access Management > Administration). If full access is not granted, the tenant admin cannot add or remove other users.
The multi-MCN partner must maintain a mapping of all the tenant names against their domain names. When a multi-MCN partner admin adds a user for a tenant, through Citrix Cloud (Identity and Access Management > Administration), Citrix SD-WAN Orchestrator service identifies the domain name from the user’s email address and adds the user under that tenant.
Note
Domain name mapping is available only for multi-MCN network partners. It is not available for regular partners.
Onboarding DIY Enterprise Customers
This section describes the process to onboard DIY enterprise customers and the procedure to invite administrators to manage their SD-WAN network.
Onboarding DIY customers
-
Customer logs into Citrix Cloud account.
A menu of all the available services offered on Citrix Cloud is displayed on the home page. The Citrix SD-WAN Orchestrator service tile can be found in the Available Services section.
Note
Ensure that you sign up for Citrix Cloud using only one official account. The company name and email-id used must be associated with only one Citrix Cloud account.
-
The customer clicks Request Trial.
The customer’s SD-WAN account gets provisioned.
-
The Citrix SD-WAN Orchestrator service tile now shows up under My Services. Click Manage.
The customer can now access their Citrix SD-WAN Orchestrator service Network Dashboard. That completes the onboarding process.
Note
If the customer has Citrix Secure Internet Access subscription as well, then the customer can also click Manage on the Secure Internet Access tile to view the Citrix SD-WAN Orchestrator service Network dashboard. For information on onboarding Citrix Secure Internet Access, see Citrix Secure Internet Access.
Adding Administrators
An enterprise customer can invite an administrator to manage their SD-WAN network.
-
Log into Citrix Cloud and navigate to Identity and Access Management.
-
Enter the new administrator email id and click Invite.
-
Select Full access and click Send Invite.
The administrator details are displayed.
Once the administrator accepts the request, the status changes to Active.
No access role
There are multiple services available under Citrix Cloud including Citrix SD-WAN Orchestrator service. Customers who have a Citrix Cloud account only can access those services. To get access to Citrix Cloud, refer Sign up for Citrix Cloud.
Earlier, at a provider level, all the users had the full administrator access to the Citrix SD-WAN Orchestrator service UI. In this case, a tenant uses a public domain or where the domain is not configured for a particular tenant, any new user added can access to all the tenant accounts and the information which is a potential security risk.
Also, for multiple domains, it is difficult to add/update a user every time. For a multi-MCN setup, multiple users can be added at a time with no access role.
With the No access role feature, initially a provider administrator can avoid giving the full access role to a newly added user. When the user clicks the Citrix SD-WAN Orchestrator service, the UI gets stuck on loading, and you cannot perform any actions. The administrator can later decide whether to restrict access to the newly added user or add them to a specific tenant.
However, the details of a newly added user are available under the User Settings page with the Provider-No-Access role.
You can add a user under Identity and Access Management > Administrators. Select Citrix Identity from the drop-down list, add the user’s email address, and click Invite.
Click the Custom access radio button, select the Provider: No Access check box, and click Send Invite.
At any time, the provider administrator can decide to give read only or full access to the user and by that time the user settings details can be updated to a specific MCN.
A newly added user gets an email notification to accept the invite. Once the invitation is accepted, the user details are verified from back-end and the user is added with a no operational access role under provider level within Citrix SD-WAN Orchestrator service.