This section covers the Secure Access Service option found at either the Profile or Edge level: where the option is located, what the option does, and which customers should turn it on or leave it off.

Secure Access Service

The Secure Access Service option can be turned on at either the Profile or Edge level by navigating to Configure > Device > Configure Segments. When Secure Access Service is set to On, the Edge will build tunnels to all Secure Access Gateways.

Note: This setting must be turned on for Secure Access users to reach applications sitting behind that Edge.

By default the Edge will only build tunnels to the Primary, Secondary, and Super Gateways based on the geolocation of the Edge. These Gateways can be different from the Gateways in use for Secure Access. For example if an Edge located in Japan builds a tunnel to the Tokyo PoP, by default it will not build a tunnel to the New York PoP even though the New York PoP is where VMware Secure Access is being used.

If the Edge uses Secure Access without also turning on Secure Access Service option, this can cause issues due to the Edge having no tunnels to the New York PoP. Turning on Secure Access Service corrects this issue.
Note: To see which Gateways are being used for a particular Edge, including the ones for Secure Access, go to Remote Diagnostics > List Paths .

The Secure Access Service option is recommended for customer sites with two exceptions:

  1. A customer site has no applications on their premises that need to be accessed by users at other locations.
  2. Turning on the Secure Access Service option incurs an additional five tunnels to be built which could exceed the tunnel capacity for entry level Edge models like the 510, 610, and 620. Usually a site with a lower-end Edge will have no applications that need to be accessed by other users and the option can safely be left off. The primary use case for this option is Hub Edge locations where on-premises applications usually reside. Hub Edges are usually higher-end models that can handle the additional five tunnels that are built when this option is on.