on 04-26-2023 10:45 AM
Hello PANCasters. Welcome back. Today we talk about ADEM, which stands for Autonomous Digital Experience Management. This is specifically for our Prisma Access platform. A quick recap of Prisma Access for those who may not know the details. Prisma Access is the Palo Alto Networks SASE platform; SASE stands for Secure Access Service Edge. I am not going to go into too much detail but Prisma Access is a cloud-based solution to allow connectivity and security services for your users wherever they are including Internet access and also access to your services in your data centre.
So where does ADEM fit into this? Well one of the benefits of Prisma Access is that your users can get the same access and same security whether they are in the office, at home or connected to the hotel wifi. This lines up with the very different way of working we have seen emerge in the last few years. But what is the down side to this? And specifically for your support staff? Well, the infrastructure you now need to troubleshoot in case of issues has just grown enormously. Think about the hotel wifi, the local ISP, the home modem. All of this is playing a part in the connectivity to Prisma Access. And what ADEM does is gives you visibility into all of it.
To start with, ADEM runs on the client workstation and does various tests and collects data to be able to give you the details. There are various types of tests. We have what are called synthetic tests and these monitor the various points along the path. For example, we will collect response times from the workstation to the local router or modem, then from the workstation to the Prisma Access gateway, and then with specific application tests we also monitor from the workstation to the actual application. We have some pretty specific tests as well, we are not just using ping. We collect things like TCP response times, SSL response times and even times to receive data.
Along with the synthetic tests, ADEM is also monitoring the actual endpoint to collect data on things like CPU and memory. And finally it is also capturing stats on the actual application traffic.
OK, we have all of this data being collected now. How exactly can it help? I’ll give an example to try and explain. You have a report from a particular user who is saying applications are running slow today. The first thing you see when you log into the ADEM console is a summary. This has stats, including an overall experience score, for all of your users. So straight away you can see if you are looking at a widespread issue or not. Assuming everything looks ok, let's find the user and drill in. The first thing we can see is all the application tests we have created. In this case we want to monitor Microsoft 365, google and zoom. Looking at the graphs it looks like all of these apps have degraded performance today. So it’s not an application issue. Let’s move onto the next check. We can see a visual of the path from the workstation to the application. This also highlights any areas that could be a concern.
The way this is done is by checking things like latency, jitter and packet loss. Looking at the visual representation of the path, it looks like there are some issues with the local network. We can drill down further for graphs over time. This is specifically for the local network, so the workstation to the local modem or router. We can see that from this morning, there is a lot more packet loss. We can change the time period to look for the last 7 days and it definitely looks like it started today. We now at least know where to start looking.
That’s just one example but the information we can see using ADEM gives us data to be able to determine things like, is this a widespread issue or only one user? If it is multiple users is there anything in common, like they are all using the same ISP? If this is an issue with a single user, does it look like it could be the local network? The wifi? Or the ISP? I hope you can see now that if you have a lot of users working remotely, this is like having a management system that has visibility to where you normally would not.
There is a great benefit in having ADEM. Really it is for your support teams as they can troubleshoot issues with a lot more information.
As always, there are a few things to keep in mind. Firstly, as I said at the beginning, this is only available for Prisma Access. It does cover both mobile users and remote networks though.
Next, this is an add on so you will need to be licensed to run ADEM. It also requires configuration, for example you need to specify what applications you want to test, and which users you want to run those tests.
And finally, there are some limitations. Most are around the versions of Prisma Access, GlobalProtect client, etc which you can check on our admin guides but also there is a limit of 10 synthetic tests per user. On that note, and I know some of you will be thinking what is the impact on the workstation? Well, there is minimal impact to CPU and memory on the workstation when running these tests. They’re only done periodically and only using pretty simple tests.
So for those of you who either have Prisma Access or are thinking about deploying Prisma Access, then please at least have a look at ADEM. Again the real benefit is that if you have Prisma Access, you most likely have users connecting from multiple remote locations with no way to see what is happening on the wifi, the local network or the ISP. ADEM gives you that visibility.
That’s a wrap for today. As always you can get the transcript and any relevant links on live.paloaltonetworks.com and remember you can now listen to PANCast on most popular podcast platforms. Hope you found this helpful and see you next time.
Check out the full PANCast YouTube playlist: PANCast: Insights for Your Cybersecurity Journey.