Citrix SaaS Gateway Service
The Citrix SD-WAN SaaS Gateway Service delivers SD-WAN functionalities as a cloud service through reliable and secure delivery for all internet-bound traffic regardless of the host environment (data center, cloud, and internet). This improves network visibility and management. It enables partners to offer managed SD-WAN services for business critical SaaS applications to their end customers.
NOTE
Citrix Cloud Direct is the rebranded name for Citrix SaaS Gateway Service. Although the two names might be used interchangeably in 10.2, both the GUI and documentation would reflect the rebranded name in upcoming release.
Citrix SaaS Gateway service offers the following advantages:
- Redundancy - Uses multiple links and provides failover.
- Link aggregation uses of all internet links at the same time.
- Intelligent load-balancing across connections from different providers:
- Measuring packet loss, jitter and throughput.
- Custom application identification.
- Application requirement and circuit performance matching (adapt to real time network conditions).
- SLA-grade Dynamic QoS Capability to internet circuit:
- Dynamically adapts to varying circuit throughput.
- Adaption through tunnel at ingress and egress endpoints.
- Rerouting VOIP calls between circuits without dropping the call.
- End-to-End monitoring and visibility.
Citrix SaaS Gateway Service Workflow:
Before you begin using the SaaS Gateway Service, ensure that the following steps are completed:
- Have a 410-SE or 210-SE platform edition appliance shipped with SD-WAN release version 9.3.5 or higher. If the factory shipped SD-WAN version of the appliance is earlier than 9.3.5, then you need to follow the USB reimaging procedure to upgrade the appliance to release version 9.3.5.
- Perform single step upgrade procedure to install the software version that supports SaaS Gateway Service.
-
Configure MCN appliance and set up the 410-SE or 210-SE appliance.
- Configure site. See Configure Branch for more information.
- Create application objects for application-based routes.
- If you want to steer specific applications through the Citrix SaaS Gateway service, then create an Internet service at the site, add the desired application objects, and activate configuration by performing change management.
- If you want to steer all internet traffic through the Citrix SaaS Gateway service, then you do not need to create specific application objects.
Configure Citrix SaaS Gateway service in SD-WAN Center
SD-WAN Center workflow for SaaS Gateway Service:
- Pull active configuration - The current active configuration from MCN is updated with the SaaS Gateway Service configuration, and the new configuration is activated by performing a change management on the network automatically when you deploy the service.
- Select POPs and configure SaaS gateway service based on available bandwidth for the corresponding WAN link.
-
In the SD-WAN Center GUI, navigate to Configuration > Cloud Connectivity > Citrix SaaS Gateway.
-
Click Pull Active Config to retrieve latest MCN configuration. An alert notifying that the active configuration overwrites undeployed changes is displayed. Click Yes or No based on your requirement.
-
Click Add a new site. You can configure site from the Site Name drop-down menu. When a site is chosen, the WAN links associated with the site are displayed.
-
Select the WAN Link Type, Application Objects, Subscription Bandwidth, Primary POP, and Secondary POP options. You can choose to select All Internet Traffic or a specific application.
To use external NAT, it is required that the public internet traffic from the branch LAN network is source natted from a specific IP address. This is automatically performed as part of the SD-WAN network configuration. If you want to configure the NAT IP (LAN Network) outside the SD-WAN (for example; in an external firewall), you can choose the External NAT option when adding sites.
In the SaaS Gateway Site Details section the IP address for NAT is displayed which can be used for the external configuration.
-
Enter the bandwidth that the SaaS Gateway Service can use exclusively. The selected bandwidth must be lesser than the configured permitted bandwidth and cannot be available for use by Virtual Path, Internet, and Intranet services. Ensure that the primary and secondary POP is not the same. Click Add.
-
After the sites are added, select the site for which you want to deploy SaaS Gateway service and click Deploy.
A notification stating that the deploy operation initiates a change management on the MCN appliance is displayed. You can click Yes or No.
Verify that the SaaS Gateway service is active in SD-WAN configuration editor.
Firewall settings:
Provisioning Sites in SD-WAN application GUI:
Edit site
You can choose to edit the sites to modify bandwidth and wan link type.
The service status displays as redeployment pending. Deploy the site.
Delete site
You can choose to delete the sites that no longer require SaaS Gateway connectivity. To delete sites, select the site and click Delete. A confirmation message to delete sites is displayed.
Monitoring SaaS Gateway Service
You can view the configured SaaS Gateway service after the sites are deployed and enabled. The SaaS Gateway service logs are useful in troubleshooting configuration and connectivity issues. Click the exclamation icon in the Details column to view the site details.