Cloud OnRamp for SaaS Workflow

Cloud OnRamp for SaaS Workflow

Table 1. Feature History

Feature Name

Release Information

Description

Cloud OnRamp for SaaS Workflow

Cisco IOS XE Catalyst SD-WAN Release 17.15.1a

Cisco Catalyst SD-WAN Manager Release 20.15.1

Cisco SD-WAN Manager provides a fully-guided workflow for selecting specific applications to enable Cloud OnRamp for SaaS. Cloud OnRamp for SaaS identifies the best paths for handling traffic for each of these applications.

Information About Cloud OnRamp for SaaS Workflow

Cloud OnRamp for SaaS can determine the best network path for each type of cloud traffic. Select specific SaaS applications and Cloud OnRamp for SaaS identifies the best traffic paths for each of the SaaS applications.

Prerequisites for Cloud OnRamp for SaaS Workflow

  • Ensure that Cisco SD-AVC is enabled (Administration > Cluster Management).


    Note


    Cisco SD-AVC is required only for enabling Cloud OnRamp for SaaS for Webex and Microsoft Office 365 applications.


  • Ensure that Cisco SD-AVC Cloud Connector is enabled (Administration > Settings).


    Note


    Cisco SD-AVC Cloud Connector is required only for enabling telemetry on Webex and Microsoft Office 365 applications.


Use Cases for Cloud OnRamp for SaaS Workflow

If you have multiple branch offices, use the Cloud OnRamp for SaaS workflow to configure each branch to connect to SaaS applications through the most efficient path. Using the most efficient path ensures that the employees at different locations experience consistent and high-quality access to cloud services like Office 365, Salesforce, or Google Workspace.

Choose Applications Using the Cloud OnRamp for SaaS Workflow

  1. From the Cisco SD-WAN Manager menu, choose Workflows > Workflow Library > Cloud OnRamp for SaaS.

  2. Follow the on-screen instructions to complete the workflow.

  3. When the workflow is complete, you'll be prompted with a success screen to add policies to a policy group or associate devices with the policy groups or deploy the policy groups to the devices.

Add SaaS Applications Using Policy Groups

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Policy Groups > Application Priority & SLA.

  2. Create a new Application Priority & SLA or edit an existing Application Priority & SLA.

    For more information, see Application Priority & SLA.


    Note


    Use either Secure Internet Gateway or Direct Internet Access to choose an application list.


  3. If you are an advanced user, switch to the Advanced Layout and configure Cloud OnRamp for SaaS. For more information, see Advanced Layout.


    Note


    • Choose Cloud OnRamp for SaaS applications from the Application (Lists) drop-down list in the Match field. For more information on match conditions, see Configure Traffic Rules.

    • Choose Cloud Monitoring and Cloud SLA as Action conditions. For more information on action conditions, see Configure Traffic Rules.


Deploy SaaS Applications Using Policy Groups

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Policy Groups > Application Priority & SLA. The application priority you just created would appear here in the list.

  2. In the Policy Group tab, choose a policy group to deploy. Choose the respective application priority from the drop-down list and click Deploy. For more information on deploying policy groups, see Deploy Policy Groups Workflow.


    Note


    When you've included included Cloud OnRamp for SaaS applications in the policy group, the deploy workflow provides you with options to choose the device variables such as Site Type, TLOC. Cisco SD-WAN Manager populates these fields with default selections. Enable Secure Internet Gateway (SIG) Interface if you want to secure your internet gateway. Select Enable Load Balancing to balance the traffic using cloud SaaS probe.


Monitor Cloud OnRamp for SaaS

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for SaaS.

  2. The Application Snapshots section displays information such as the number of active sites, and device health.

  3. Click the Sites tab to view the applications that Cloud OnRamp for SaaS is monitoring.

    Table 2. Site Information

    Field

    Description

    Site Name

    Site name.

    Sites List

    Site list that the site is associated with.

    Device Name

    Device name.

    Monitored Applications

    Monitored applications.

    Site Role

    Site role.

    Choose between Activated and Inactivated options to view the active and inactive sites.

  4. To view the details of the site, click the Site Name. A tab opens displaying the site details.

    Table 3. Site Details

    Field

    Description

    Application

    Application associated with the site.

    vQoE Status

    The vQoE Status. A green circle with a tick indicates that vQoE is good, the status with ! indicates that the vQoE needs some attention, and red X indicates that the vQoE is poor.

    vQoE Score

    The vQoE score. Click the score to view detailed charts about the score.

    DIA (Dedicated Internet Access) Status

    The interface providing the best path for the cloud application.

    Selected Interfaces

    List of interfaces associated with the application.

    Activated Gateways

    For a site that connects to the internet through a gateway site, this indicates the IP address of the gateway site.

    Local color

    For a site that connects to the internet through a gateway site, this is the local color identifier of the tunnel used to connect to the gateway site.

    Remote color

    For a site that connects to the internet through a gateway site, this is the remote (gateway site) color identifier of the tunnel used to connect to the gateway site.

    Application Usage

    You can apply filters to view the specific types of data.

  5. View Configuration details like config source, policy, number of devices and so on, using the Configuration tab.

Migrate Older Cloud OnRamp for SaaS Path Selection

If you have enabled Cloud OnRamp for SaaS best path selection using the Application and Policy page before Cisco Catalyst SD-WAN Manager Release 20.15.1, you must perform the following procedure to configure these applications using the Cloud OnRamp for SaaS workflow:

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for SaaS > Configuration.

  2. The first entry in the configuration tab shows the old app route policies in your Cisco SD-WAN Manager named as Template Config.

  3. In the Actions column, click ... and choose Gateways.

  4. Choose the respective Site id and click Detach Gateways.

  5. Follow the same instructions to detach Applications and Policy, Client Sites, DIA Sites, and Custom Application Lists.

  6. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  7. On the Device Templates page, click ... adjacent to the device and choose the Detach Devices option next to the respective device template to detach the device.

  8. Configure the device using Configuration Groups. For more information, see Configuration Groups.

  9. Follow the instructions to access the Cloud OnRamp for SaaS workflow and deploy using policy groups. For more information, see Deploy policy group.