SAC integrated with WSS.
Japanese users, connecting to WSS pods in Japan, reporting slow initial access to protected servers when accessing servers via SAC segment Applications.
Reproduced by users located both in office and at home.
Testing with a sample Web server, HAR file shows DNS stage taking up to 500ms whilst connectivity to server is completed quickly.
DNS server accessed by users physically located in Japan.
SAC Segment Applications created to integrate with WSS.
MacOS 12.5 with WSS Agent 8.1.1.
Cisco umbrella client running too.
DNS requests hitting WSS pods in Japan but going into SAC via US west coast (nearest SAC instances) adding 500ms delays.
Path for DNS requests is local Proxy <-> SAC in US <-> DNS server in Japan.
Short term solution is to make sure that the SAC configured DNS server is located in the US, near where the SAC instance is. By doing this, any DNS requests that SAC needs to evaluate are local to the GEO and resolved more quickly.
Longer term is to build a SAC service in Japan that will keep the SAC / WSS / DNS server comms local.