A Tenant is a logical container for application policies that enable an administrator to exercise domain-based access control. A tenant represents a unit of isolation from a policy perspective, but it does not represent a private network. Tenants can represent a customer in a service provider setting, an organization or domain in an enterprise setting, or just a convenient grouping of policies.
Tenants can be isolated from one another or can share resources. The primary elements that the tenant contains are filters, contracts, outside networks, bridge domains, contexts, and application profiles that contain EndPoint Groups (EPGs). Entities in the tenant inherit its policies, a tenant can contain one or more Virtual Routing and Forwarding (VRF) instances or contexts; each context can be associated with multiple bridge domains. Tenants are logical containers for application policies. ACI can hosts several thousands of
The diagram below represents the logical view of a Tenant where it shows a single Tenant with one VRF, one Application Network Profile and several End Point Groups with their respective contract. It also shows the logical connection to the outside world via a L3 Out and a L2 Out. It is important to note that ACI can support thousands of tenants, and within a tenant, ACI can support thousands of VRF's. By now, you should see the flexibility of ACI when it comes to designing a network where a user can leverage different type of Tenants, depending on the requirements.
To obtain the latest Verified Scalability Guide for APIC for a specific version of code, please visit http://cisco.com/go/aci