Link Search Menu Expand Document

SaaS Optimization Template

Use this template to select the SaaS applications/services you want to optimize.

To use this template, your EdgeConnect appliance must be registered with an Account Name and Account Key for the SaaS optimization feature.


SaaS optimization requires three things to work in tandem: SSL (Secure Socket Layer), subnet sharing, and Source NAT (Network Address Translation).

Enable SaaS optimization enables the appliance to contact the Cloud Intelligence Service and download information about SaaS services.

  • If Advertise is selected for a service (for example, SFDC), the appliance will:

    • Ping active SaaS subnets to determine RTT/metric

      • Add subnet sharing entries locally for subnets within RTT threshold

      • Advertise subnets and their metric (within threshold) via subnet sharing to client-side appliances

    • Upon seeing an SFDC flow, generate a substitute certificate for an SFDC SSL domain (one substitute certificate per domain)

    • Auto-generate dynamic NAT rules for SFDC (but not for unchecked services)

  • When Optimize is selected for a service (for example, SFDC), the appliance will:

    • Ping active SFDC subnets to determine the RTT (metric)

    • Does not advertise metric via subnet sharing (unless Advertise is also selected)

    • Receives subnet sharing metric (RTT) from associated appliances

    • Compares its own RTT (local metric) with advertised metric

      • If its own RTT is lower, then the packet is sent pass-through (direct to the SaaS server).

      • If an advertised RTT it lower, then the packet is tunnelized.

    • Generate a substitute certificate for an SFDC SSL domain (one sub cert per domain)

    • No NAT rules created

  • When Optimize is not selected for a service (for example, SFDC), the appliance:

    • Receives subnet sharing advertisements for SFDC but does not use them

    • Does no RTT calc pinging

    • Does not participate in SSL

    • Creates no NAT rules

    • Sends all SFDC traffic as pass-through

The RTT Calculation Interval specifies how frequently Orchestrator recalculates the Round Trip Time for the enabled Cloud applications.

The RTT Ping Interface specifies which interface to use to ping the enabled SaaS subnets for Round Trip Times. The default interface is wan0.


  • Initially, you might want to set a higher RTT Threshold value so that you can see a broader scope of reachable data centers/servers for any given SaaS application/service.

  • If the Monitoring page shows no results at 50 ms, you might want to reposition your SaaS gateway (advertising appliance) closer to the service.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.

Open Source Code:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America