All Products
Search

This Product

    Secure Access Service Edge:SASE operations management with CloudMonitor

    Document Center

    Secure Access Service Edge:SASE operations management with CloudMonitor

    Last Updated:Nov 14, 2025

    This topic describes how to use CloudMonitor of Alibaba Cloud to send alerts for excess traffic over the access points and connectors of Secure Access Service Edge (SASE), and monitor exceptions in the SASE client and notify alert contacts of the exceptions.

    Scenario

    An enterprise uses SASE to connect its office network. The enterprise failed to identify the following issues, which adversely affected its business operations:

    1. Traffic spikes or insufficient system resources: If traffic over SASE access points or connectors is greater than expected or system resources are insufficient, network performance may deteriorate or service interruptions may occur.

    2. Client exceptions: The SASE client installed on terminals may experience exceptions and requires troubleshooting. For example, the client stops responding, a connector is disabled, a handling process for dynamic decision-making is generated, or a connection to the internal network fails.

    To solve these issues, the enterprise uses CloudMonitor to send alerts for system resource usage and excess traffic over SASE access points and connectors, and monitor exceptions in the SASE client and notify alert contacts of the exceptions.

    Note

    CloudMonitor Basic is activated by default and provides a free quota of 1,000 alert text messages per month. If the free quota cannot meet your business requirements, you can activate Cloud Monitor Basic (pay-as-you-go) to increase the quota.

    Prerequisites

    An alert contact or an alert contact group is created.

    Configure alert rules

    CloudMonitor automatically obtains access point and connector resources within your current Alibaba Cloud account. You can view related charts to monitor the resources. You can also create alert rules to monitor the resources. When the conditions in an alert rule are met, CloudMonitor automatically sends alert notifications.

    1. Log on to the CloudMonitor console.

    2. In the left-side navigation pane, choose Cloud Resource Monitoring > Cloud Service Monitoring.

    3. On the Cloud Service Monitoring page, click Office Security Platform - SAAS Access Point.

      image

    4. Configure alert rules for SaaS access points, connectors, and dedicated access points.

      Configure an alert rule for SaaS access points

      SaaS access points allow access to internal networks of an enterprise from the SASE client, support zero trust-based permission management, and provide optimized network experience. However, SaaS access points may cause network latencies because they are shared among all users. Therefore, we recommend that you configure alert rules to monitor bandwidths of SaaS access points and send alerts when bandwidth usage exceeds a specific threshold. This helps provide users with stable and efficient connections.

      1. Click Create Alert Rule. In the Rule Description section, choose Add Rule > Simple Metric.

      2. In the Configure Rule Description panel, specify the Alert Rule, Metric Type, and Metric parameters.

        image

      3. Click OK.

      4. Specify the Alert Contact Group parameter, retain other settings, and then click Confirm.

        image

      Configure an alert rule for connectors

      Connectors allow connections between the local network of an enterprise and resources outside Alibaba Cloud and allow access between business resources. We recommend that you configure alert rules to monitor system resources such as CPU, memory, and disk resources and to generate alerts when the CPU load is high or memory is insufficient. This helps ensure the stability and performance of connectors.

      1. Click the Office Security Platform - Exclusive Access Point tab and click Create Alert Rule.

      2. In the Create Alert Rule panel, choose Add Rule > Simple Metric.

      3. In the Configure Rule Description panel, specify the Alert Rule parameter and configure parameters in the Metric section based on your business requirements.

      4. Specify the Alert Contact Group parameter, retain other settings, and then click Confirm.

      image

      Configure an alert rule for dedicated access points

      Dedicated access points support secure access in scenarios in which users work from home, work in office areas, or work remotely and scenarios that require large bandwidth and low latency. We recommend that you configure alert rules to monitor both bandwidth usage and system resources such as CPU and memory resources. This helps provide stable and quality network environments for users.

      1. Click the Office Security Platform - Exclusive Access Point tab and click Create Alert Rule.

      2. In the Create Alert Rule panel, choose Add Rule > Simple Metric.

      3. In the Configure Rule Description panel, specify the Alert Rule parameter and configure parameters in the Metric section based on your business requirements.

      4. Specify the Alert Contact Group parameter, retain other settings, and then click Confirm.

      image

    View alert rules

    1. Click the required tab and click View Alert Rules.

      image

    2. On the Alert Rules page, view all alert rules that are configured for your resources. You can view rule details, alert history, and alert contacts. You can also manage rules, such as editing, deleting, disabling, and copying rules.

    Configure an event subscription policy

    If a system event or metric of a resource meets an alert condition, CloudMonitor automatically sends an alert notification to the specified alert contacts. You can also use the event subscription feature to configure custom alert notifications. For example, you can subscribe to system events or threshold-triggered events, merge and denoise alerts, upgrade alert contact groups, specify custom alert notification methods, and push alert notifications to destination channels based on data templates in the JSON format.

    1. Log on to the CloudMonitor console.

    2. In the left-side navigation pane, choose Event Center > Event Subscription.

      Note

      You can also perform the following steps to create a subscription policy by using the System Event menu:

      1. In the left-side navigation pane, choose Event Center > System Event.

      2. In the Welcome to the New Event Center section, click Create Immediately to create a subscription policy.

    3. On the Subscription Policy tab, click Create Subscription Policy.

    4. On the Create Subscription Policy page, configure the subscription policy for SASE.

      1. Basic Information: Enter a name and description for the subscription policy.

      2. Alert Subscription: Specify the Subscription Type parameter. In the Subscription Scope section, select Office Security Platform for Products and configure other parameters based on your business requirements.

        image

      3. Combined Noise Reduction: Configure the method for reducing the frequency at which alert notifications are sent.

      4. Notification: Create a notification configuration.

      5. Push and Integration: Configure a push channel for alert notifications. Example: Simple Log Service.

    5. Click Submit.

    References