Configuring SaaS acceleration
When you have configured SAM for SaaS acceleration, you can configure the Client Accelerator Controller and create a client policy to accelerate Client Accelerator endpoint SaaS traffic.
You can also register the controller with SAM using the CLI. For more information, see the Riverbed Command-Line Interface Reference Manual.
To configure the controller for SaaS acceleration
1. In SAM, choose Configure > Client Appliances and copy the registration token.
2. On the controller, choose Administration > SaaS: SaaS Accelerator and add these values:
– SaaS Accelerator Manager Hostname or IP Address.
– SaaS Accelerator Manager Port. The controller uses port 3900 to communicate with the SAM and the port needs to be open on the branch firewall. The field for the port number is editable but we do not recommend changing the value.
– Registration Token. Paste the registration token you copied in
Step 1 to this field.
3. Click Register.
4. In SAM, move this controller to the whitelist. For details see the SaaS Accelerator Manager User Guide.
You cannot enable SaaS acceleration without moving the controller to the whitelist. In SAM, if a controller is moved from the whitelist to the blacklist, SaaS acceleration stops working.
5. Enable SaaS acceleration on the controller. Choose Administration > SaaS: SaaS Accelerator and in the Configure SaaS Acceleration section, select Enable Acceleration and click Apply.
When you click Apply, be patient. It can take several minutes to start acceleration.
6. Enable SSL optimization on the Client Accelerator policies that include SaaS acceleration.
– Choose Manage: Services > Policies and open the policy and select the SSL tab. Then select the Enable SSL Optimization check box and the Enable SSL Proxy Support check box. You cannot enable SaaS acceleration without enabling SSL. If SSL was disabled after SaaS acceleration was enabled, SaaS acceleration will stop working.
7. On the controller, add an in-path rule to each policy for which you want SaaS acceleration enabled. The in-path rule is based on an application or application bundle, which allows the client-side appliance to connect to the service endpoint of the SaaS service cluster that is deployed for the selected application.
– Choose Manage > Services: Policies and select the In-Path Rules tab and click Add a New In-Path Rule.
– For the Destination Subnet, select SaaS Application. A second menu appears to the right.
– In the second menu, select a SaaS application or an application bundle for acceleration. Only applications and application bundles set up for SaaS acceleration appear in the list.
– Click Add.
SaaS in-path rule
8. Enable SaaS acceleration in a policy to configure SaaS acceleration for groups of Client Accelerator endpoints. Choose Manage > Services: Policies and open a policy to configure and select the SaaS Acceleration tab. A helpful list of remaining configuration tasks appears on the page. Completed tasks are prefaced by a check mark.
Enabling SaaS acceleration for a policy
– Select Enable SaaS Acceleration.
– Optionally, select Proxy Chaining interoperability. Proxy chaining enables you to connect to third-party cloud access security broker (CASB) services. For details, see
Configuring client-side proxy chaining.
Make sure you configure proxy chaining after you have enabled SaaS acceleration. If you configure proxy chaining before you haven enabled SaaS acceleration, you will receive an error message.
– Click Update Policy.
You cannot enable SaaS acceleration in a policy without enabling SaaS acceleration in the controller.
9. Click Save to Disk to save your settings permanently.
To verify, generate SaaS traffic. For details about monitoring the first connections, see
Monitoring SaaS acceleration.