Welcome to SaaS Accelerator 1.5.1

The following is an overview of the changes in this release.

New features in 1.5.1

New TLS Blade

This release introduces an updated TLS Blade for interoperability with SteelHead RiOS 9.14 and later, assuring continued optimization of HTTPS traffic.

This enhancement uses one additional TCP port (7881) for communication between client-side SteelHead appliances and the SaaS Accelerator service. Customers may need to add or update firewall rules to enable TCP port 7881 out-bound from their client-side SteelHeads to the SaaS Accelerator endpoint IP address for each deployed application.

Support added for new CASB provider: Microsoft Defender

Microsoft Defender for Cloud Application has been added to the CASB supported list.

Improved interoperability with Microsoft AIP

This release improves interoperability with Microsoft AIP for Office 365 applications and Exchange.

Introduced a user feedback form

This release introduces a feedback form that customers can use to provide easy and direct product feedback to the Riverbed product team.

General report enhancements were made

Report enhancements provide a better and more intuitive user experience.

Enhanced security with JIT privileged access for support

Improved security posture by allowing customers to set auto-expiring privileged access for the support team.

Smaller Additions, Improvements, and Bugfixes

  • None present in this release

Known Issues

  • ZAK-2674 - SaaS optimization fails when traffic is load balanced across multiple public IP addresses.
  • Detailed Description:

    Symptom: SaaS optimization fails.

    Condition: This issue occurs when traffic is load balanced across multiple public IP addresses for a single branch appliance (SteelHead or Client Accelerator).

    Suggested Workaround: Only use a single public IP address for traffic originating from a branch device (SteelHead or Client Accelerator).

  • ZAK-2846 - SaaS Accelerator instances do not automatically renew an expiring peering certificate.
  • Detailed Description:

    Symptom: A SaaS Accelerator instance may stop accelerating SaaS connections one year after it was deployed or last upgraded. Client-side SteelHead logs include error messages showing that they do not trust the peering certificate of the affected SaaS Accelerator instance.

    Condition: The peering certificate for each SaaS accelerator instance is valid for one year from when it is deployed or last updated. If some other condition prevents an instance from successfully upgrading, then its peering certificate may expire before the next upgrade cycle.

    Suggested Workaround: Open a support ticket to replace the peering Certificate Authority certificate for the organization. This will cause all SaaS Accelerator instances within the organization to automatically replace their individual peering certificates with ones signed by the new peering Certificate Authority certificate.

  • ZAK-3088 - Concurrent TLS requests may create duplicate proxy certificates.
  • Detailed Description:

    Symptom: The SaaS Accelerator audit log may show that multiple copies of the same proxy certificate were created and signed within a short period of time.

    Condition: When SaaS application clients open concurrent connections to different SaaS service hostnames that return the same origin server certificate, multiple requests may get triggered to generate corresponding proxy server certificates.

    Suggested Workaround: No workaround is required. Duplicate valid proxy certificates for the same SaaS sites do not disrupt acceleration.

To view the release notes for previous versions, visit SaaS Accelerator support and select the software version.

If you have questions regarding this update, contact Riverbed Support for assistance.