The Service Access allows to configure the services that can be accessed by a customer.

To configure Service Access:

Procedure

  1. In the Partner portal, navigate to Manage Customers.
  2. Select a customer and click Actions > Modify or click the link to the customer.
  3. In the Enterprise portal, click Configure > Customers.
  4. In the Customer Configuration page, the Service Access section displays the existing services configured for the selected customer. If required, you can modify the settings.
    • SD-WAN - The customer can access the SD-WAN services. When you select this service, the following options are available:
      Option Description
      Default Edge Authentication

      Choose the default option to authenticate the Edges associated to the customer, from the drop-down list.

      • Certificate Deactivated: Edge uses a pre-shared key mode of authentication.
      • Certificate Acquire: This option is selected by default and instructs the Edge to acquire a certificate from the certificate authority of the SD-WAN Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Edge uses the certificate for authentication to the SD-WAN Orchestrator and for establishment of VCMP tunnels.
        Note: After acquiring the certificate, the option can be updated to Certificate Required.
      • Certificate Required: Edge uses the PKI certificate. Operators can change the certificate renewal time window for Edges using the system property edge.certificate.renewal.window.
      Edge Licensing The existing Edge Licenses are displayed. Click Modify to add or remove the licenses.
      Note: The license types can be used on multiple Edges. It is recommended to provide your customers with access to all types of licenses to match their edition and region.
    • Edge Network Intelligence – You can select this option only when SD-WAN is selected. When you select this service, the Edge Network Intelligence Configuration is available. Enter the maximum number of Edges that can be provisioned as Analytics Edge in the Nodes field. By default, Unlimited is selected.
      Note: This option is available only when the Analytics feature is activated on your SD-WAN Orchestrator.

      If Edge Network Intelligence service is enabled for a customer, you can activate Self-Healing capability at the Customer level by selecting the Self Healing checkbox. For more information, see the Self-Healing Overview section in the VMware Edge Network Intelligence User Guide published at https://docs.vmware.com/en/VMware-Edge-Network-Intelligence/index.html.

      Note: Customers who do not have a Partner should contact [email protected] with details such as Orchestrator URL and customer name.
    • Cloud Web Security – You can select this service only when a SASE PoP Gateway Pool is selected. Cloud Web Security is a cloud hosted service that protects users and infrastructure accessing SaaS and Internet applications. For more information, see the VMware Cloud Web Security Configuration Guide.
    • Secure Access – You can select this service only when a SASE PoP Gateway Pool is selected. Secure Access solution combines the VMware SD-WAN and Workspace ONE services to provide a consistent, optimal, and secure cloud application access through a network of worldwide managed service nodes. For more information, see the VMware Secure Access Configuration Guide.
    • Global Settings - By default, Global Settings is selected. This Service Configuration provide privileges to user management and settings that are shared across all services. You can choose the services that the customer can access along with the Global Settings (roles and permissions).
    In the General Configuration, enter the domain name to be used to activate Single Sign-On (SSO) Authentication for the Orchestrator. This is also required to activate Edge Network Intelligence for the customer.
  5. Click Save Changes.