SaaS Optimization Template
Use this template to select the SaaS applications/services you want to optimize.
To use this template, your EdgeConnect appliance must be registered with an Account Name and Account Key for the SaaS optimization feature.
SaaS optimization requires three things to work in tandem: SSL (Secure Socket Layer), subnet sharing, and Source NAT (Network Address Translation).
Enable SaaS optimization enables the appliance to contact the Cloud Intelligence Service and download information about SaaS services.
-
If Advertise is selected for a service (for example, SFDC), the appliance will:
-
Ping active SaaS subnets to determine RTT/metric
-
Add subnet sharing entries locally for subnets within RTT threshold
-
Advertise subnets and their metric (within threshold) via subnet sharing to client-side appliances
-
-
Upon seeing an SFDC flow, generate a substitute certificate for an SFDC SSL domain (one substitute certificate per domain)
-
Auto-generate dynamic NAT rules for SFDC (but not for unchecked services)
-
-
When Optimize is selected for a service (for example, SFDC), the appliance will:
-
Ping active SFDC subnets to determine the RTT (metric)
-
Does not advertise metric via subnet sharing (unless Advertise is also selected)
-
Receives subnet sharing metric (RTT) from associated appliances
-
Compares its own RTT (local metric) with advertised metric
-
If its own RTT is lower, then the packet is sent pass-through (direct to the SaaS server).
-
If an advertised RTT it lower, then the packet is tunnelized.
-
-
Generate a substitute certificate for an SFDC SSL domain (one sub cert per domain)
-
No NAT rules created
-
-
When Optimize is not selected for a service (for example, SFDC), the appliance:
-
Receives subnet sharing advertisements for SFDC but does not use them
-
Does no RTT calc pinging
-
Does not participate in SSL
-
Creates no NAT rules
-
Sends all SFDC traffic as pass-through
-
The RTT Calculation Interval specifies how frequently Orchestrator recalculates the Round Trip Time for the enabled Cloud applications.
The RTT Ping Interface specifies which interface to use to ping the enabled SaaS subnets for Round Trip Times. The default interface is wan0.
TIPS
-
Initially, you might want to set a higher RTT Threshold value so that you can see a broader scope of reachable data centers/servers for any given SaaS application/service.
-
If the Monitoring page shows no results at 50 ms, you might want to reposition your SaaS gateway (advertising appliance) closer to the service.