Seeing the Invisible: Network Monitoring in a Zero Trust World

BrandPost By Zscaler
Nov 15, 2021
IT LeadershipZero Trust

Identify latency and packet loss faster to improve the user experience and IT operations.

zscaler article 7 image large
Credit: iStock

Performance monitoring of private applications accessed remotely via VPN has always been a challenge. The encrypted tunnel between the user and the data center blocked the ability to truly understand what might have been causing performance issues on those network connections. Without a proper flashlight, this dark tunnel often hid the root cause of persistent problems.

This is the bane of any VPN administrator’s existence—the all-too-predictable support ticket: “my experience accessing this app over the VPN is extremely slow! But it works fine when I’m at my desk…” 

How do you even begin to troubleshoot? It could be a memory or CPU constraint on the user’s device, slow local WiFi, congestion in the local ISP, problems on the backbone, congestion in the data center or cloud hosting environment, or latency on the back-end app server.

Enter Zscaler…

The Zscaler Zero Trust Exchange (ZTE) provides seamless, zero trust access to private applications running on the public cloud or within the data center; and Zscaler Private Access (ZPA) ensures that applications are never exposed to the internet, making them completely invisible to unauthorized users and traditional monitoring tools. With the integration of Zscaler Digital Experience (ZDX) and ZPA, it is now possible to understand the user’s experience accessing internal applications, from both the application and network perspective.

Visibility is the foundation of zero trust; you can’t protect what you don’t know. Replacing your legacy VPN with ZPA allows ZDX to shine a bright light into that dark tunnel, an area where even traditional monitoring tools have no visibility.

article 7 new image 1 zscaler

Figure 1: Traditional monitoring tools cannot monitor the performance of private applications, but ZDX uniquely provides deep visibility.

Using ZDX, application, network performance, and device health statistics are collected for every employee every few minutes and are used to calculate a ZDX score that reflects the user’s experience with that private (or public) application. The health data is aggregated across all regions, offices, and users to provide macro-level visibility into company-wide performance and degradations.

zscaler article 7 new image 2 zscaler

Figure 2: ZDX shows the performance of both public and private applications by calculating the ZDX score of individual users.

This ZDX score is combined with hop-by-hop network path analytics using CloudPath to provide segment-by-segment latency and loss breakdowns to easily isolate the network’s contribution to performance degradations (see Figure 3).

zscaler article 7 new image 3 zscaler

Figure 3: CloudPath calculates segment latency every few minutes from every employee for both private and public applications.

CloudPath leverages Zscaler’s integrated agent and the Zero Trust Exchange itself to measure network performance. This allows CloudPath to make use of ZDX’s unique 360-degree monitoring (see my recent blog here). CloudPath creates an end-to-end view of the network path by stitching the entire packet journey together (see Figure 4).

zscaler article 7 new image 4 zscaler

Figure 4: ZDX exposes hop-by-hop network details

This is particularly useful because ZDX exposes the hops and network details of the connection between the user’s device, their gateway, and the connection to their ISP. These hops would be invisible to traditional monitoring tools and in VPN environments, and is often where the performance issue is coming from (see Figure 5).

zscaler article 7 new image 5 zscaler

Figure 5: ZDX displays the connection between the user device and their gateway and ISP.

We finally have the solution we need to address that painful support ticket and identify exactly why access to an application may be slow for a remote user when it works fine on premises. ZDX and ZPA, working together, illuminate the invisible by shining a bright light into zero trust environments.

Further reading:

ZDX: Fast, Seamless Digital Experiences – Now For Your Collaboration Apps