This chapter describes how to monitor SaaS Accelerator components and usage. It includes these sections:

You can review the connection activity and status on the appliance on the Reports > Networking: Current Connections page.

For a new cluster, the SaaS application classification for the first connection is not recognized (it does not yet match the in-path rule) and the connection is passed through.

The appliance uses the first connection to classify the application, and the application classification will be recognized for the second connection.

Subsequent connections are recognized and redirected to the SaaS service cluster. The initial connection to each service instance will generate an SSL error while the SaaS service cluster obtains the proxy certificate for the traffic to accelerate.

For SteelHead Mobile, you can review the connection activity and status of clients either from the Endpoint Report on the SteelCentral Controller for SteelHead Mobile or from the Status tab of an individual SteelHead Mobile client.

SteelHead Mobile begins to accelerate SaaS traffic after receiving the updated policy with the SaaS application in-path rule and SaaS Accelerator is enabled. For SteelHead Mobile communication with a new cluster, the first connection is intentionally passed through to classify the application and acceleration begins with the second connection. SteelHead Mobile might encounter SSL errors and pass through traffic until the proxy certificate for the SaaS application is available on the SaaS service cluster.

AppUnits are required for SaaS acceleration, and you need available AppUnits to configure applications for SaaS acceleration.

The SaaS Accelerator Connection Count report shows information about SSL/TLS connections for accelerated applications. Monitor this page to ensure your connection count remains below your connection limit.

The report shows the concurrent SSL/TLS connections count for the selected application. Click the Connection Limit link at the bottom of the chart to display the connection limit based on the user limit specified on the SaaS Accelerator page when you configured the acceleration for the application.

The SaaS Data Usage report shows the amount of SaaS service data used since the SaaS Accelerator feature was licensed.

The SaaS Traffic Summary page has two tabs:

You can filter the results by time period ranging from the last hour to the last year.

The LAN Data column displays the amount of data transferred between the SaaS service cluster and the SaaS servers. The LAN data includes ingress and egress traffic on the SaaS LAN side.

The WAN Data column displays the amount of data transferred between the SaaS service cluster and the client-side appliances. The WAN data includes ingress and egress traffic on the WAN side.

Data Reduction is a percentage based on LAN data compared to WAN data.

This report provides insight into how well your SaaS Accelerator service is working with your Microsoft Teams and Microsoft Stream applications. Here you can view data that can help you determine:

Only compatible devices are included in report statistics. Noncompatible devices may also experience improved network performance but are not included in report data.

Combined metrics for all events on both applications are displayed across the top of the page, giving you a quick idea of how the service is performing. All events are listed under Recent Activity. Select an event to view performance data and other details for that event.

From SAM, you can download a compressed archive of log files that shows the history and details of the certificate signing operations for SaaS acceleration. The log includes information for root CA, intermediate CAs, proxy, and peering certificates.

Your browser downloads a ZIP-format archive file to your computer. Depending on your browser configuration, it might prompt you for a location to store the file or simply store the file in your default Downloads folder. The default name for this file is <organization>_SaaS Accelerator_CA_Audit_Log.zip where <organization> is the short name of your organization.

Opening the archive displays a text file with a name in the format:

where <organization>-xxxxxxxxxxxxxxxx identifies your organization. This is the most recent audit log of certificate activity. There might be additional files with a date/time string appended. Each of these files contains audit log records for a previous period up to the date and time in the filename.

Each audit log consists of multiple lines of text that provide you the following details:

When signing certificates for a SaaS Accelerator service instance, the log line includes the Service Endpoint IP address. This enables you to easily correlate proxy certificates with the accelerated SaaS service in case the common name is not self-explanatory.

From the SteelHead, you can use the SaaS Acceleration Status pane to monitor activity. This pane shows all SaaS applications configured for acceleration and shows the status of their in-path rules.

If the In-Path Rule Status is Operational, an in-path rule has been configured for this application. If the In-Path Rule Status is Not Configured, an in-path rule has not been configured. If the feature has been disabled, all SaaS applications display Not Operational.

The SteelHead gets data from SAM every five minutes and shows the time for the displayed data. Click Refresh Data to get the latest information.

From the Mobile Controller, you can use the SaaS Acceleration Status pane to monitor activity. This pane shows all SaaS applications configured for acceleration and the list of policies for which in-path rules have been set up for SaaS acceleration.

The SteelHead Mobile gets data from SAM every five minutes and shows the time for the displayed data. Click Refresh Data Now to get the latest data.

From SAM, you can monitor the status of the SaaS service cluster for each accelerated application. Choose the Configure > SaaS Accelerator page to display the status.

The service status can be one of these values: