In the Operator portal, you can create Customers and configure the Customer settings. Only Operator Super Users and Operator Standard Admins can create a new Customer. As an Operator Super User, you can temporarily deactivate creating new Customers, by setting the system property session.options.disableCreateEnterprise to True. You can use this option when SASE Orchestrator exceeds the usage capacity.

Procedure

  1. In the Operator portal, go to Customers & Partners > Manage Customers, and then click New Customer.
    The New Customer page displays the following sections:
    1. Customer Information:
      Enter the details in the following fields and click Next.
      Note: The Next button is activated only when you enter all the mandatory details.
      Option Description
      Company Name Enter your company name.
      Account Number Enter a unique identifier for the Customer.
      SASE Support Access

      This check box is selected by default, and grants access to the VMware Support to view, configure, and troubleshoot the Edges connected to the Customer.

      For security reasons, the Support cannot access or view the user identifiable information.

      SASE User Management Access Select the check box to allow the VMware Support to assist in User Management. The User Management includes options to create users, reset password, and configure other settings. In this case, the Support has access to user identifiable information.
      Location Enter relevant address details in the respective fields.
    2. Administrative Account:
      Enter the details in the following fields and click Next.
      Note: The Next button is activated only when you enter all the mandatory details.
      Option Description
      Username Enter the username in the [email protected] format.
      Password Enter a password for the Administrator.
      Note: Starting from the 4.5 release, the use of the special character "<" in the password is no longer supported. In cases where users have already used "<" in their passwords in previous releases, they must remove it to save any changes on the page.
      Confirm Password Re-enter the password.
      First Name Enter the first name.
      Last Name Enter the last name.
      Phone Enter a valid phone number.
      Mobile Phone Enter a valid mobile number.
      Contact Email Enter the email address. The alerts on service status are sent to this email address.
    3. Services:
      Configure the following global settings:
      Option Description
      Domain Enter the domain name to be used to activate Single Sign On (SSO) authentication for the Orchestrator. This field is required when Edge Network Intelligence is activated for the Customer.
      Gateway Pool Select an existing Gateway pool from the drop-down list.
      Feature Access You can select either Role Customization or Premium Service, or both the check boxes.
      Allow Customer to Manage Software Select the check box if you want to allow an Enterprise Super User to manage the software images available for the Enterprise. Once selected, the Software Image field is displayed. Click Add and in the Select Software/Firmware Images pop-up window, select and assign the software/firmware images from the available list for the Enterprise. Click Done to add the selected images to the Software Image list.
      Note: You can remove an assigned image from an Enterprise, only if the image is not currently used by any Edge within the Enterprise.
      Operator Profile Select an Operator profile to be associated with the Customer from the available drop-down list. This field is not available if Allow Customer to Manage Software is selected.
      Service Access: This option is available above the Global Settings section. You can choose the services that the Customer can access along with the roles and permissions available for the selected service.
      Note: This option is available only when the system property session.options.enableServiceLicenses is set as True.
      • SD-WAN - When you select this service, the following options are available:
        Option Description
        Default Edge Authentication

        Choose the default option to authenticate the Edges associated with the Customer, from the drop-down list.

        • Certificate Deactivated: Edge uses a pre-shared key mode of authentication.
        • Certificate Acquire: This option is selected by default and instructs the Edge to acquire a certificate from the certificate authority of the SASE Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Edge uses the certificate for authentication to the SASE Orchestrator and for establishment of VCMP tunnels.
          Note: After acquiring the certificate, the option can be updated to Certificate Required.
        • Certificate Required: Edge uses the PKI certificate. Operators can change the certificate renewal time window for Edges using the system property edge.certificate.renewal.window.
        Edge Licensing Click Add and in the Select Edge Licenses pop-up window, select and assign the Edge licenses from the available list for the Enterprise.
        Note: The license types can be used on multiple Edges. It is recommended to provide your customers with access to all types of licenses to match their edition and region.
        Feature Access Select the Stateful Firewall check box to override the Stateful Firewall settings activated on the Enterprise Edge.
      • Edge Network Intelligence: You can select this service only when SD-WAN is selected. When you select this service, the following options are available:
        Option Description
        Nodes Enter the maximum number of Edges that can be provisioned as Analytics Edge. By default, Unlimited is selected.
        Feature Access Select the Self Healing check box to allow the Edge Network Intelligence to provide recommendations to improve performance.
        Note: This option is available only when the Analytics feature is activated on your SASE Orchestrator. Use the following settings:
        service.analytics.apiToken
        service.analytics.analyticsEndpointDynamicIP
        service.analytics.analyticsEndpointStaticIP
        service.analytics.apiUrl
        service.analytics.configEndpoint
      • Cloud Web Security: You can select this service only when you select a Gateway Pool with an activated Cloud Web Security role. Cloud Web Security is a cloud hosted service that protects users and infrastructure accessing SaaS and Internet applications. For more information, see the VMware Cloud Web Security Configuration Guide.
      • Secure Access: You can select this service only when you select a Gateway Pool with an activated Cloud Web Security role. Secure Access solution combines the VMware SD-WAN and Workspace ONE services to provide a consistent, optimal, and secure cloud application access through a network of worldwide managed service nodes. For more information, see the VMware Secure Access Configuration Guide.
      • Multi Cloud Service: You can select this service only when SD-WAN is selected.
  2. After entering all the details, click the Add Customer button. If you want to add another customer, you can select the Add another Customer check box before clicking Add Customer.
    The new Customer name is displayed on the Customers page. You can click the Customer name to navigate to the Enterprise portal and add configurations to the Customer.