Link Search Menu Expand Document

SaaS Optimization Template

Use this template to select the SaaS applications/services you want to optimize.

To use this template, your EdgeConnect appliance must be registered with anAccount NameandAccount Keyfor the SaaS optimization feature.

img

SaaS optimizationrequires three things to work in tandem:SSL(Secure Socket Layer),subnet sharing, andSource NAT(Network Address Translation).

Enable SaaS optimizationenables the appliance to contact the Cloud Intelligence Service and download information about SaaS services.

  • IfAdvertiseisselectedfor a service (for example, SFDC), the appliance will:

    • Ping active SaaS subnets to determine RTT/metric

      • Add subnet sharing entries locally for subnets within RTT threshold

      • Advertise subnets and their metric (within threshold) via subnet sharing to client-side appliances

    • Upon seeing an SFDC flow, generate a substitute certificate for an SFDC SSL domain (one substitute certificate per domain)

    • Auto-generate dynamic NAT rules for SFDC (but not for unchecked services)

  • WhenOptimizeisselectedfor a service (for example, SFDC), the appliance will:

    • Ping active SFDC subnets to determine the RTT (metric)

    • Does not advertise metric via subnet sharing (unlessAdvertiseis also selected)

    • Receives subnet sharing metric (RTT) from associated appliances

    • Compares its own RTT (local metric) with advertised metric

      • If its own RTT is lower, then the packet is sent pass-through (direct to the SaaS server).

      • If an advertised RTT it lower, then the packet is tunnelized.

    • 生成一个用证书代替an SFDC SSL domain (one sub cert per domain)

    • No NAT rules created

  • WhenOptimizeisnot selectedfor a service (for example, SFDC), the appliance:

    • Receives subnet sharing advertisements for SFDC but does not use them

    • Does no RTT calc pinging

    • Does not participate in SSL

    • Creates no NAT rules

    • Sends all SFDC traffic as pass-through

TheRTT Calculation Intervalspecifies how frequently Orchestrator recalculates the Round Trip Time for the enabled Cloud applications.

TheRTT Ping Interfacespecifies which interface to use to ping the enabled SaaS subnets for Round Trip Times. Thedefault接口是WAN0.

TIPS

  • Initially, you might want to set a higherRTT Thresholdvalue so that you can see a broader scope of reachable data centers/servers for any given SaaS application/service.

  • If theMonitoringpage shows no results at50 ms, you might want to reposition your SaaS gateway (advertising appliance) closer to the service.

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go toAruba EULA.

Baidu