Please explain the concept described for Network Tunnel Groups.

1. Can we create one Tunnel Group with Hubs and connect multiple sites using its settings - up to the limit described in the link below.

OR

2. We create one Tunnel Group with Hubs per site.

This url statement would make me think it is item 1 https://docs.sse.cisco.com/sse-user-guide/docs/add-network-tunnel-group#about-network-tunnel-groups 

Provisioning high-availability network tunnel groups at a hub site allows a group of tunnels to share a primary and secondary hub. Network devices that are capable of establishing an IPsec tunnel can join a network tunnel group using the credentials created when the tunnel group is deployed.

Each data center hub in a network tunnel group can connect to multiple tunnels. A hub configured for NAT can support up to 100 tunnels. A hub that is not configured for NAT is limited to 10 tunnels.

Would non-NAT tunnels include up to 10 tunnels for Static and BGP configured groups?

Or is it #2 On this page regarding multiple tunnels it states https://docs.sse.cisco.com/sse-user-guide/docs/secure-access-network-tunnels#throughput-and-multiple-tunnels 

You can initiate multiple IPsec tunnels from the same device to increase the bandwidth (1 Gbps per tunnel); however, you cannot aggregate multiple tunnels from different devices in the same network tunnel group. Multiple tunnels in one network tunnel group must originate from the same network device.

Does this apply only to Multi tunnel ECMP per device setup or all devices. 

Are there concept/archtecture documents anywhere? Diagrams? A document with diagrams explaining archtecture would go a long way.

Thanks