BrandPosts are written and edited by members of our sponsor community. BrandPosts create an opportunity for an individual sponsor to provide insight and commentary from their point-of-view directly to our audience. The editorial team does not participate in the writing or editing of BrandPosts.
Performance monitoring of private applications accessed remotely via VPN has always been a challenge. The encrypted tunnel between the user and the data center blocked the ability to truly understand what might have been causing performance issues on those network connections. Without a proper flashlight, this dark tunnel often hid the root cause of persistent problems.
This is the bane of any VPN administrator’s existence—the all-too-predictable support ticket: “my experience accessing this app over the VPN is extremely slow! But it works fine when I’m at my desk…”
How do you even begin to troubleshoot? It could be a memory or CPU constraint on the user’s device, slow local WiFi, congestion in the local ISP, problems on the backbone, congestion in the data center or cloud hosting environment, or latency on the back-end app server.
The Zscaler Zero Trust Exchange (ZTE) provides seamless, zero trust access to private applications running on the public cloud or within the data center; and Zscaler Private Access (ZPA) ensures that applications are never exposed to the internet, making them completely invisible to unauthorized users and traditional monitoring tools. With the integration of Zscaler Digital Experience (ZDX) and ZPA, it is now possible to understand the user’s experience accessing internal applications, from both the application and network perspective.
Visibility is the foundation of zero trust; you can’t protect what you don’t know. Replacing your legacy VPN with ZPA allows ZDX to shine a bright light into that dark tunnel, an area where even traditional monitoring tools have no visibility.
Using ZDX, application, network performance, and device health statistics are collected for every employee every few minutes and are used to calculate a ZDX score that reflects the user’s experience with that private (or public) application. The health data is aggregated across all regions, offices, and users to provide macro-level visibility into company-wide performance and degradations.
This ZDX score is combined with hop-by-hop network path analytics using CloudPath to provide segment-by-segment latency and loss breakdowns to easily isolate the network’s contribution to performance degradations (see Figure 3).
CloudPath leverages Zscaler’s integrated agent and the Zero Trust Exchange itself to measure network performance. This allows CloudPath to make use of ZDX’s unique 360-degree monitoring (see my recent blog here). CloudPath creates an end-to-end view of the network path by stitching the entire packet journey together (see Figure 4).
This is particularly useful because ZDX exposes the hops and network details of the connection between the user’s device, their gateway, and the connection to their ISP. These hops would be invisible to traditional monitoring tools and in VPN environments, and is often where the performance issue is coming from (see Figure 5).
We finally have the solution we need to address that painful support ticket and identify exactly why access to an application may be slow for a remote user when it works fine on premises. ZDX and ZPA, working together, illuminate the invisible by shining a bright light into zero trust environments.