In the Operator portal, you can create customers and configure the customer settings.

Only Operator Super Users and Operator Standard Admins can create a new customer.

Note: As an Operator Super User, you can temporarily deactivate creating new customers by setting the system property session.options.disableCreateEnterprise to True. You can use this option when SD-WAN Orchestrator exceeds the usage capacity.

In the Operator portal, navigate to Manage Customers.

  1. In the Customers page, click New Customer or click Actions > New Customer.
  2. In the New Customer window, enter the following details. You can also choose the Clone from Customer option to clone the configurations from an existing customer. For more information, see Clone a Customer.

Customer Information

Option Description
Company Name Enter your company name
Account Number Enter a unique identifier for the customer
Domain Enter the domain name of your company
VeloCloud Support Access

This option is selected by default and grants access to the VMware Support to view, configure, and troubleshoot the Edges connected to the customer.

For security reasons, the Support cannot access or view the user identifiable information.

VeloCloud User Management Access Select the checkbox to enable the VMware Support to assist in user management. The user management includes options to create users, reset password, and configure other settings. In this case, the Support has access to user identifiable information.
Street Address, City, State, Country, ZIP/Postcode Enter relevant address details in the respective fields.

Administrative Account

Option Description
Username Enter the username in the [email protected] format.
Password Enter a password for the Administrator.
Note: Starting from the 4.5 release, the use of the special character "<" in the password is no longer supported. In cases where users have already used "<" in their passwords in previous releases, they must remove it to save any changes on the page.
Confirm Re-enter the password.
First Name, Last Name, Phone, Mobile Phone Enter the details like name and phone number in the appropriate fields.
Contact Email Enter the Email address. The alerts on service status are sent to this Email address.

Customer Configuration

As an Operator User, you can manage the software images assigned to an enterprise directly by assigning an Operator Profile to an enterprise or allow an Enterprise Super User to manage the available list of software images for an enterprise by enabling Manage Software Image.

Option Description
Manage Software Image Select the checkbox if you want to allow an Enterprise Super user to manage the software images available for the enterprise.
Software Images Click Add and in the Select Software Images pop-up window, select and assign the software images from the available list for the enterprise and select an image to be used as default.
Note: This field appears when you enable Manage Software Image.

After adding the images, you can modify the assigned list of software images to the enterprise by clicking Modify under Customer Configuration area.

Note: You can remove an assigned image from an enterprise only if the image is not currently used by any edge within the enterprise.
Operator Profile Select an Operator profile to be associated with the customer from the available list. This field will not be available if Manage Software Image is enabled.

For more information on Operator profiles, see Manage Operator Profiles.

Service Configuration

You can choose the services that the customer can access along with the roles and permissions available for the selected service.

Note: This section is available only when the system property session.options.enableServiceLicenses is set as True.
  • SD-WAN - The customer can access the SD-WAN services. When you select this service, the following options are available:
    Option Description
    Default Edge Authentication

    Choose the default option to authenticate the Edges associated to the customer, from the drop-down list.

    • Certificate Not Required: Edge uses a pre-shared key mode of authentication.
    • Certificate Acquire: This option is selected by default and instructs the Edge to acquire a certificate from the certificate authority of the SD-WAN Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Edge uses the certificate for authentication to the SD-WAN Orchestrator and for establishment of VCMP tunnels.
      Note: After acquiring the certificate, the option can be updated to Certificate Required.
    • Certificate Required: Edge uses the PKI certificate. Operators can change the certificate renewal time window for Edges using the system property edge.certificate.renewal.window.
    Edge Licensing Click Add and in the Select Edge Licenses pop-up window, select and assign the edge licenses from the available list for the enterprise. After adding the licenses, you can click Modify under Customer Configuration area to add or remove the licenses.
    Note: The license types can be used on multiple Edges. It is recommended to provide your customers with access to all types of licenses to match their edition and region.

    For more information, see Edge Licensing.

  • Edge Network Intelligence – You can select this option only when SD-WAN is selected. When you select tis service, the Edge Network Intelligence Configuration is available. Enter the maximum number of Edges that can be provisioned as Analytics Edge in the Nodes field. By default, Unlimited is selected.
    Note: This option is available only when the Analytics feature is enabled on your SD-WAN Orchestrator.

    For more information, see Activate VMware Edge Network Intelligence on a VMware SD-WAN Orchestrator.

  • Cloud Web Security – You can enable this service only when a SASE PoP Gateway Pool is selected. Cloud Web Security is a cloud hosted service that protects users and infrastructure accessing SaaS and Internet applications. For more information, see the VMware Cloud Web Security Configuration Guide.
  • Secure Access – You can enable this service only when a SASE PoP Gateway Pool is selected. Secure Access solution combines the VMware SD-WAN and Workspace ONE services to provide a consistent, optimal, and secure cloud application access through a network of worldwide managed service nodes. For more information, see the VMware Secure Access Configuration Guide.

,

Configure the following in the General Configuration section:

Option Description
Domain Enter the domain name to be used to enable Single Sign-On (SSO) Authentication for the Orchestrator. This is also required to activate Edge Network Intelligence for the customer.
Gateway Pool Select an existing Gateway pool from the drop-down list.

For more information on Gateway pools, see Manage Gateway Pools.

Click Create.

The new customer name is displayed in the Customers page. You can click on the customer name to navigate to the Enterprise portal and add configurations to the customer.

For more information, see Configure Customers and the Enterprise Administration section of VMware SD-WAN Administration Guide available at https://docs.vmware.com/en/VMware-SD-WAN/index.html.