Skip to main content
Versa Networks

Configure Regions

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.pngFor supported software information, click here.

In large enterprise networks that have hundreds or thousands of sites, you can segment the network into multiple regions for better scalability, easier management, and more granular access control. Creating regions allows you to configure role-based access on a region-by-region basis and to create different network topologies with hub priorities based on regions.

When you create a region in Concerto, you can assign hubs that service the spoke devices in the region. You can also associate one or more Director nodes to the region. When a new site is created with in a region, user can select only from the Director nodes serving the region. Hubs can belong to multiple regions, but spoke devices can only belong to one region. If a hub serves multiple regions, you can set its priority on a region-by-region basis so that a single hub can have different priorities assigned to it in different regions.

Note: You can create a region that does not contain hubs.

When you first install Concerto, it automatically creates a Default region. You can use that Default region, or you can create additional regions as required.

When you upgrade to Releases 10.2.1 or later from an earlier release, existing sites are assigned to the Default region. When you create a user role, you associate one or more regions to the role, and this determines which regions the users with that role can access. You can create a region that is used only by user roles and is not used for networking purposes. For more information, see Configure Role-Based Access to Regions.

In Releases 11.3.1 and later, you can specify a root domain for individual regions. Doing this allows you to configure a country-specific root domain for a region. The region-specific root domain is used by all applicable gateways that the tenant and its child tenants use. Concerto uses this region-specific root domain while generating a tenant's FQDNs for SASE gateways within the region.

Note the following:

  • Configuring the root domain for regions is optional and, when configured, applies only to SASE tenants.
  • If you do not configure a root domain for any region in a tenant, Concerto uses the root domain of the region's parent tenant.
  • If a root domain has not been configured at at parent-tenant level, Concerto uses the root domain from the tenant's grandparent tenant.

Add a New Region

To create a new region:

  1. In the left menu bar, select Deploy, and then select the Regions tab in the horizontal menu.

    Deploy-Regions-dashboard-border.png
     
  2. Click + Region. In the Create Region screen, select the General tab, and then enter information for the following fields.

    Deploy_add_region-v6-border.png
     
    Field Description
    Name Enter a name for the region.
    Region ID

    Enter a region ID number. The next available region ID number is displayed. You can enter a different ID number.

    Range: 0 through 64000
    Hubs

    Select one or more hubs to service the region. Click the down arrow to expand the window. The following screen displays.
     

    Deploy_region_add_region_hubs.png

    Select a hub, and then select a priority number to assign to the hub for that region.

    Click Add Another to assign additional hubs to the region.
    Directors (Required) Select one or more Director nodes to serve the region. The same Director node can serve multiple regions. You can use the Director node associated with the Default region or use the search box to find additional Director nodes to add to the region.
  1. Click Next. On the Sites tab, you assign sites to a region. All available sites display in the left column. Sites displayed in blue have been selected and added to the region, and sites displayed in gray are not currently assigned to a region. The right column displays only the sites that have been added to the region.

    Deploy_region_edit_sites-v4-border.png
     
  2. To add or remove a site from the region, click a site name in the left column. To add all sites to a region, click Select All. If you have selected all sites, to remove all sites from a region, click Unselect All.
  3. Click Next. The Permissions tab displays.
  4. Click Save.

Delete a Region

  1. In the Edit Region > Sites tab, remove all sites from the region by clicking X next to the site name to deselect them. You can then assign the sites to different regions.

    regions-sites-deselect-v2-border.png
     
  2. Click the Permissions tab, and then click Save.
  3. In the main Regions screen, click the vertical ellipsis in the row of the region that you want to delete.

    delete-region-v2-border.png
     
  4. Select Delete. The following screen displays.

    delete-region-confirm-v2-border.png
     
  5. To delete the region, click Yes.

Configure Role-Based Access to Regions

You can grant specific roles permission to access a region, sites in a region, or appliances within those sites. You set region permissions in the DeploymentLifecycleGraph and MonitoringLifecycleGraph resources when you create a new role or edit an existing role.

Note: Before assigning access to a region, you must first create the region.

To assign permissions based on regions for the Deploy or Monitor lifecycle:

  1. In a Tenant home screen, select the Users lifecycle in the left menu bar, and then select Roles and the role to edit. You can also assign permissions based on regions by clicking + Role to create a new role.

    Users-lifecyle-user-roles-border.png
     
  2. Click the role to be updated. The Edit Role screen displays.
  3. Select the Permissions tab, and then click the down-arrow in front of Resource Permissions to expand the selection.

    Users-edit-role-border.png
     
  4. Under DeploymentLifecycleGraph, click More Permissions. The Permissions > Regions screen displays.
  5. Under Regions, click More Permissions. The following screen displays.

    edit-role-permission-region-all-border.png
     
  6. To set identical permissions for all regions, click Select All Regions, and then select Edit, Read, or Hide. The Edit permission allows users that are assigned this role to change sites in the region. The Read premission allows users that are assigned this role to view sites in the region. The Hide permission prevents users who are assigned this role from viewing sites in the region.

    edit-role-permission-region-all-select-border.png
     
  7. To set permissions for a specific region, select Edit, Read, or Hide for the region.

    edit-role-permission-region-specific-select-border.png
     
  8. To set permissions for specific sites in a region, or for specific appliances within a site, click the right arrow in front of the region name. If you select a permission level for the site (in this case, San Francisco), all appliances at the site inherit that permission. You can also set permissions for individual appliances using the drop-down menu to the right of the appliance name.

    edit-role-permission-region-select-one-site-border.png
     
  9. Click Save.
  10. Click the left arrow in the top left corner twice to return to the New Role screen.
  11. You can use these same steps to configure region permissions for the MonitoringLifecycleGraph resource.

Supported Software Information

Releases 10.2.1 and later support all content described in this article, except:

  • Release 11.3.1 adds support for region-specific root domains.

Additional Information

Concerto Deploy Lifecycle Overview