Overview of SaaS Accelerator
This chapter provides an overview of the SaaS Accelerator. It includes these sections:
SaaS Accelerator is a Riverbed managed service controlled through the SaaS Accelerator Manager that works with Riverbed client-side appliances to accelerate SaaS traffic. The SaaS Accelerator is a replacement for SteelHead Cloud Accelerator with Akamai, which has been renamed to Legacy Cloud Accelerator.
About SaaS Accelerator
Riverbed client-side appliances such as SteelHeads, SteelFusion Edges, and SteelHead Mobile clients can accelerate SaaS traffic by working with SaaS Accelerator. Through SaaS Accelerator Manager, you can configure SaaS applications for acceleration, and then register Riverbed client-side appliances with SaaS Accelerator Manager to accelerate their SaaS traffic.
SaaS Accelerator is a service that consists of these components:
•SaaS Application - The application delivered as Software as a Service.
•SaaS Accelerator Manager (SAM) - SAM provides the management interface for SaaS acceleration and manages the acceleration for registered Riverbed client-side appliances. SaaS Accelerator Manager also configures and manages the SaaS service cluster.
•Organization - SAM allows logical separation and segmentation of resources into organizations to support multi-tenant deployments. You can have different organizations to support deployments in different regions. You deploy SaaS Accelerator within an organization.
•Client-side appliances - The client-side appliances located in the customer branch office that intercept any connections destined for the SaaS platform to be accelerated. We strongly recommend that you configure and push SaaS acceleration policies from a SteelCentral Controller for SteelHead (SCC) to managed appliances, particularly in large-scale deployments and production networks with multiple client-side appliances.
•SaaS service cluster - A cluster of service instances behind a service endpoint that peers with client-side appliances. Application acceleration occurs between the client-side appliance and the SaaS service cluster. SAM configures and manages the SaaS service cluster.
•Service instance - The application optimization service node deployed in a SaaS service cluster.
•SteelHead Mobile clients - SteelHead Mobile clients can accelerate SaaS traffic by connecting directly to the SaaS service cluster. SteelHead Mobile clients get their SaaS acceleration configuration through the policy defined in the SteelCentral Controller for SteelHead Mobile.
When you configure a SaaS application for acceleration, SAM deploys a SaaS service cluster in a public cloud to accelerate SaaS traffic. (You do not need a cloud account, and Riverbed configures and manages the SaaS service cluster.) Each SaaS application is accelerated by a dedicated service cluster. For best performance, you need to deploy the SaaS service cluster in the same region as the SaaS application servers.
The service endpoint is the IP address and port where client-side appliances connect to the SaaS service cluster, and you need to open port 7810 on the firewall to allow for this communication.
With SaaS acceleration configured in SAM, the end-user traffic meant for the SaaS server goes to the client-side appliance. The client-side appliance has in-path rules configured that direct the traffic to the SaaS service cluster, and the SaaS service cluster forwards the traffic to the SaaS server. The traffic between the client-side appliances and the SaaS service cluster is accelerated.
SaaS acceleration overview
As an example of the flow, let’s consider a deployment with Microsoft Office 365 traffic. This traffic is sent to the Microsoft Office 365 SaaS server. When you configure SaaS acceleration through SAM, SAM deploys a SaaS service cluster in a cloud and traffic from the user network to the SaaS service cluster is accelerated.
In its default configuration, the SaaS Accelerator automatically manages SSL certificates for proxy and peering. You can, however, use your organization’s Certificate Authority (CA). In this configuration, you use SAM to generate and download a Certificate Signing Request (CSR) and use it to obtain an Intermediate Certificate Authority (ICA) certificate from your organization’s CA that is already trusted by your clients. After you obtain the ICA certificate, you upload it to SAM to complete the process.
Supported SaaS applications
SAM 1.1.0 and later supports accelerating these applications:
•Box
•Microsoft Office 365 (including Exchange, SharePoint, Office WebApps, and Authentication and Identify Services)
•Salesforce
•ServiceNow
•Veeva
Riverbed periodically adds support for new SaaS providers.
SaaS Accelerator licensing
SaaS Accelerator is a service, and the license defines the parameters of the service. A SaaS Accelerator license applies to an SAM organization for a specific time period and includes these components:
•AppUnits - This component defines how many users can accelerate SaaS traffic for an application. You specify the number of users to support when you configure acceleration for an application. The number of users allowed is determined based on the number of available AppUnits, as well as the minimum and maximum size number supported by the application. When configured, SAM allocates the AppUnits to the application.
AppUnits provide flexibility so you can easily change which applications to accelerate, or resize your configuration based on usage.
This table provides guidance for AppUnits for each currently supported SaaS application.
SaaS applications | Minimum/maximum number of users | AppUnits per user |
Box | 400 – 10,000 | 5 |
Microsoft Office 365 | 200 – 5000 | 10 |
Salesforce | 200 – 5000 | 10 |
ServiceNow | 200 – 5000 | 10 |
Veeva | 200 – 5000 | 20 |
As you configure SaaS acceleration in SAM, tooltips provide recommendations specific to each application.
•AppData - This component defines the amount of egress data (in GiB) allowed through the SaaS service cluster. You can track the total amount of data used and data usage trends per application on the SaaS Accelerator Cumulative Egress Data Usage page (choose Reports > Data Usage).
Each AppUnit includes 0.3 GiB of AppData. For example, if you buy 10,000 AppUnits, you can deploy 1000 users for Office 365, and you would get a total of 3000 GiB per month for those users. With a yearly subscription, that provides a pool of 36,000 GiB (12 months x 3000 GiB per month).
AppData is pooled for all applications and all users. AppData allows monthly carryovers through the end of the subscription, providing flexibility for usage variations.
You can purchase additional AppUnits or AppData through add-on licenses.
The SaaS Accelerator license is specific to your SAM organization, not per client-side appliance. You can register any number of client-side appliances in your organization with SAM managing the SaaS Accelerator service.
Before you activate SaaS Accelerator on a client-side appliance, ensure that you account for the added connection and throughput usage in the same way you would when introducing any other additional application for optimization on the appliance. Registering a client-side appliance with the SaaS Accelerator service does not change the optimized session limit for that appliance.
User and data limits are enforced based on the available license.
Service cluster limits
The SaaS service cluster has the following deployment characteristics:
•A SaaS service cluster for any application can handle a maximum of 50,000 connections.
•The minimum size of the service cluster depends on the license. The minimum license is 2000 AppUnits and the minimum number of users is 200 for Microsoft Office 365, Salesforce, ServiceNow, and Veeva and 400 for Box.
•SaaS service clusters deployed in different SAM organizations are independent of each other.
•Each SAM organization can deploy only one cluster per SaaS application.
SaaS Accelerator connection and user definition
This table provides some guidance to help size a client-side appliance for use with SaaS Accelerator.
SaaS applications | Minimum/maximum number of users | Connections per user |
Box | 400 – 10,000 | 5 connections |
Microsoft Office 365 | 200 – 5000 | 10 connections |
Salesforce | 200 – 5000 | 10 connections |
ServiceNow | 200 – 5000 | 10 connections |
Veeva | 200 – 5000 | 10 connections |
SaaS Accelerator lets individual users consume more TCP connections per user than those allocated, but does not allow the total number of TCP connections for the SaaS acceleration cluster to exceed the limit. If you exceed the total number of available connections for the cluster, or if the number of active users is significantly higher than the configured value, SaaS Accelerator enters admission control and new connections matching the SaaS application defined in the client-side appliance in-path rule will not be accelerated.
Compatibility with SteelHead models
SaaS Accelerator is supported on SteelHead models CX255, CX570, CX770, CX3070, CX5070, CX7070, CX580, CX780, CX3080, CX5080, CX7080, and GX10000. All SteelHead SD and SteelHead (virtual edition) models also support SaaS Accelerator. The SteelHead requires RiOS software 9.8.1a or later.