How to validate the performance of WFH network security methods
by Greg Ross Greg Ross on

This blog is the second in a series from our Solutions Consultant team giving their point of view on the most pressing challenges facing IT teams in 2021.

Thanks to the pandemic you now have hundreds or even thousands of users at home, accessing applications in your data centers, public cloud infrastructure, and through various SaaS platforms. You may be thinking about a WFH monitoring solution but need to make sure all your services are taken into account. You may also be planning to implement a SASE solution or already have a CASB in place along with VPN options for in house apps but, may not be sure how to identify performance degradation or benefits for end users, ie. What are the key metrics? Which paths do you focus on?

As enterprises continue to transition to cloud and SaaS applications the security concerns only increase, particularly for “work from anywhere” users. Many organizations are adopting additional security solutions including cloud access security broker (CASB) services to prevent data loss and consistent security of company data regardless of the location or application being used but an additional benefit is the performance improvement through WAN optimization.

Building upon this is the SASE model, which combines CASB services to deliver network security from the cloud to protect user data and applications while optimizing their network performance. As Gartner points out this new solution “combines functions of SD-WAN, SWG, CASB, ZTNA and FWaaS capabilities”.

But how and when will you know the performance is impacted either positively or negatively when using SASE or any other type of security architecture?

All roads to lead to home

Since WFH is here to stay for most enterprises, we have to be more strategic about the long term visibility needs within the IT teams supporting WFH users. There are the typical performance concerns discussed previously around in-home wireless stability and throughput, ISP degradation, and outages. There are additional concerns of identifying each of the paths your users may leverage when connecting to various applications or services. In that context the questions still remain about the specific routes taken by an application and how to gain visibility into each of those use cases.

  1. Leverage bidirectional monitoring with a dual ended path: The majority of ISPs, especially residential internet options, are asymmetric connections, meaning the network speed is typically much higher for download vs. upload. In this context, it is helpful to see performance changes in the egress and ingress from source and from the destination. A single ended path by comparison is showing you the responses to outbound synthetic packets only. You can set up a dual ended path by targeting one of the AppNeta WAN targets or by having an Enterprise Monitoring Point in place within your infrastructure.

  2. Verify your VPN configuration and/or tunneling options. Is all your traffic backhauled to the data center or are some applications split tunneled? The most common VPN Split Tunnel application examples include Zoom, Teams, Webex, and Google Meet along with other streaming technologies or collaboration tools. These technologies would be most impacted by VPN performance degradation so split tunneling is a common practice to improve performance and also provides an opportunity to gain visibility to the underlay performance with your WFH user by monitoring one or more of these direct to internet applications.
  3. Identify policy or routing exceptions with your CASB or SASE solutions, similar to the VPN considerations, to measure underlay performance. Examples here include DSCP markings to forward specific traffic to a given service or add routing rules to allow certain traffic to go direct so you can see data and voice traffic performance for the overlay and underlay route in each scenario.

There are many paths but only one journey

Within the context of Appneta Delivery our customers are able to identify optimized vs unoptimized connections whether that is an SD-WAN solution at the data center and office level or CASB/SASE solutions at the remote user/WFH scenario. When monitoring multiple paths, over direct internet and the SASE connection you have an easy way to make a side by comparison historically. Our Data Performance Comparison Report allows you to focus on specific monitoring points and paths to identify the changes over time compared to your KPIs.

You need to have a way to quickly show this information to IT operations and to management so there is confidence in the WFH strategy and end user experience.


Digital Experience Monitoring from AppNeta
To learn how AppNeta arms enterprises with this remote visibility, read our whitepaper, Digital Experience Monitoring from AppNeta.

Download Whitepaper

Filed Under: Performance Monitoring

Tags: network management , network performance monitoring , network monitoring , end user performance , end user experience , remote user security , remote security , work from anywhere , wfa , work from home , wfh , remote workforce , remote work , enterprise IT , edge computing , edge , SASE , CASB , security