The Service Access allows to configure the services that can be accessed by a customer.
To configure Service Access:
Procedure
- In the Operator portal, navigate to Manage Customers.
- Select a customer and click Actions > Modify or click the link to the customer.
- In the Enterprise portal, click Configure > Customers.
- In the Customer Configuration page, the Service Access section displays the existing services configured for the selected customer. If required, you can modify the settings.
- SD-WAN - The customer can access the SD-WAN services. When you select this service, the following options are available:
Option Description Default Edge Authentication Choose the default option to authenticate the Edges associated to the customer, from the drop-down list.
- Certificate Deactivated: Edge uses a pre-shared key mode of authentication.
- Certificate Acquire: This option is selected by default and instructs the Edge to acquire a certificate from the certificate authority of the SD-WAN Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Edge uses the certificate for authentication to the SD-WAN Orchestrator and for establishment of VCMP tunnels.
Note: After acquiring the certificate, the option can be updated to Certificate Required.
- Certificate Required: Edge uses the PKI certificate. Operators can change the certificate renewal time window for Edges using the system property
edge.certificate.renewal.window
.
Edge Licensing The existing Edge Licenses are displayed. Click Modify to add or remove the licenses. Note: The license types can be used on multiple Edges. It is recommended to provide your customers with access to all types of licenses to match their edition and region.For more information, see Edge Licensing.
- Edge Network Intelligence – You can select this option only when SD-WAN is selected. When you select this service, the Edge Network Intelligence Configuration is available. Enter the maximum number of Edges that can be provisioned as Analytics Edge in the Nodes field. By default, Unlimited is selected.
Note: If Edge Network Intelligence service is enabled for a customer, ensure not to select the Self Healing checkbox as the Self Healing feature is not completely supported in the 5.0.0 release.Note: Customers who do not have a Partner should contact [email protected] with details such as Orchestrator URL and customer name.Note: This option is available only when the Analytics feature is enabled on your SD-WAN Orchestrator.
For more information, see Activate VMware Edge Network Intelligence on a VMware SD-WAN Orchestrator.
- Cloud Web Security – You can select this service only when a SASE PoP Gateway Pool is selected. Cloud Web Security is a cloud hosted service that protects users and infrastructure accessing SaaS and Internet applications. For more information, see the VMware Cloud Web Security Configuration Guide.
- Secure Access – You can select this service only when a SASE PoP Gateway Pool is selected. Secure Access solution combines the VMware SD-WAN and Workspace ONE services to provide a consistent, optimal, and secure cloud application access through a network of worldwide managed service nodes. For more information, see the VMware Secure Access Configuration Guide.
In the General Configuration, enter the domain name to be used to enable Single Sign-On (SSO) Authentication for the Orchestrator. This is also required to activate Edge Network Intelligence for the customer. - SD-WAN - The customer can access the SD-WAN services. When you select this service, the following options are available:
- Click Save Changes.