Cloud, SaaS and SASE – Three reasons why DEM needs DPI

Sebastian Müller portrait

By Sebastian Müller
Published on: 04.05.2021

Reading time: ( words)
Categories: Cloud visibility, SASE, DEM

When we started researching for our first-ever report on digital experience monitoring (DEM), we did not anticipate that application awareness would turn out to be such a critical enabler of IT monitoring tools. Our aim when approaching DEM vendors globally was to seek their views on the need for traffic visibility, and the importance of deep packet inspection (DPI) in providing this visibility.

As results started coming in, it became apparent that application awareness has become central to application performance monitoring. Establishing how each application is performing and identifying possible performance or security issues requires deep insights into the application traffic layer. This begins with identifying applications and extends to various attributes such as speed, latency, traffic origin, throughput and anomalies, enabling application monitoring tools to identify application errors, network issues and cyber-attacks, all in real time.

DPI software such as our OEM DPI engine R&S®PACE 2 offers unrivaled traffic filtering capabilities. R&S®PACE 2 specifically delivers application awareness with in-depth insights into applications and application attributes. As a software, it is easily integrated into any network monitoring solution – traditional, virtualized or cloud-native architectures supporting packet-processing frameworks such as DPDK and VPP – enabling rapid expansion of these networks globally. It does therefore not come as a surprise that a whopping 91 % of DEM vendors surveyed agreed that DPI is a critical capability for DEM.

DEM needs DPI more than any other IT monitoring tool as it requires visibility into not just a particular link or infrastructure stack, but into the entire application delivery pathway and across every end user accessing these assets. DEM deploys two main methods to deliver application performance insights – synthetic transaction monitoring (STM) and real-user monitoring (RUM). STM has been widely used in application performance monitoring (APM) focusing on testing the performance of enterprise applications using digital agents (test codes) that simulate various transactions artificially. RUM, on the other hand, involves JavaScript injection directly into the application.

Cloud and SaaS need more STM

As the use of cloud and software as a service (SaaS) applications started surging across enterprises, STM became the instrument of choice. Companies that traditionally monitored the performance of their applications using code injected into applications and probes placed across their infrastructure and networks could no longer do so, as most application traffic now navigates domains outside the control of their IT teams. As a result, monitoring dashboards started to show more blind spots, making it difficult for IT teams to track traffic packets no longer on the enterprise WAN across application pathways and ultimately, to gain insight into the experience of users accessing the applications.

DEM emerged into this vacuum, redeploying STM on a wider scale, allowing companies to learn about the performance of their cloud and SaaS applications before any performance or security issues could start impacting the end user. By deploying digital agents across their monitoring networks globally, DEM vendors are able to sniff out application performance issues – be it at the network layer, the infrastructure stack or the application code. Digital agents are deployed to simulate hundreds of transactions – testing the webpage, initiating orders and making purchases. The transaction times, delays and responsiveness are then established for each transaction and reported accordingly.

The data provided by STM, however, requires further diagnostics to identify the problem spots. DPI software provides exactly these. With its traffic filtering and metadata extraction capabilities, coupled with statistical analysis, heuristics and machine learning methodologies, it is able to identify the source of any issue, which could be a congested transport link, hardware running out of memory or an application code error. It can identify issues within a WAN or ISP and issues with a web or database server by inspecting and identifying packets originating from these sources and analyzing them in real-time.

The diagnostics data provided by DPI enriches STM. At the same time, it also enriches RUM. DPI provides insights that enable RUM data to be analyzed further to identify issues with enterprise applications and helps segregate issues arising at the application layer from issues residing in the enterprise network, data center or infrastructure.

The next big thing in networking: SASE

The role of deep packet inspection in providing traffic visibility is expanding rapidly to various other areas within the enterprise network, the latest being SASE (secure access service edge), which is an emerging architecture that combines networking and security. SASE grew in its significance following the surge in remote working worldwide caused by the ongoing pandemic.

SASE is basically a network of nodes that act as enterprise gateways. External endpoints connect to these gateways for secure access into enterprise networks. SASE combines access control and security functions such as firewalls and IPS/IDS to ensure only authorized users have access to enterprise IT resources. SASE essentially shifts access management from enterprise data centers to gateways located closer to the end users, effectively inversing the traditional architecture with security management implemented at the edge.

SASE requires DPI to identify traffic flows traversing its nodes so that it can better manage access requests and filter and block unauthorized traffic from entering the enterprise network perimeter. A SASE gateway connects to the enterprise WAN and SD-WAN where traffic routing and prioritization decisions are taken and where network traffic insights provided by DPI enable these decisions to be implemented in real time.

DPI for remote access traffic

This intersection of WAN and SASE calls for DEM and, by extension, DPI. Traffic traversing these points is basically application traffic from enterprise, cloud and SaaS applications accessed by thousands of external endpoints, namely employees working remotely. STM instituted along these gateways combined with data from DPI enables visibility into the performance of not just domains inside the perimeter, but also domains outside the perimeter, including third-party devices and networks such as ISP networks. It enables end-user experience for all enterprise users, internal and external, to be included on the enterprise monitoring dashboards. Deploying DPI for SASE not only simplifies the deployment of DEM, it also provides a more accurate representation of the experience of external users accessing today’s enterprise networks.

The verdict

The most interesting revelation from the survey is perhaps the fact that more than two-thirds of the DEM vendors surveyed are already deploying DPI, planning to deploy it, or are interested in exploring the integration of DPI into their DEM tools. From a market perspective, this points to huge opportunities for both DPI and DEM, especially as cloud and SaaS applications continue to rule the enterprise application domain.

The takeaway

As users shift in and out of existing network perimeters, and as new end devices, connections and gateways are added to the ecosystem, old architectures become obsolete, giving way to networks that are more complex, yet more agile and responsive. Against this background, what remains unchanged are the user application goals. Users want fast and seamless access to any application they need, with productivity hinging on how well these applications are delivered, regardless of whether they are corporate, cloud or SaaS applications. As such, digital experience monitoring will increasingly enter the focus of all enterprises. which means the need for network traffic visibility provided by advanced DPI software such as R&S®PACE 2 will continue to rise. DEM vendors well supported with these technologies, of course, stand to gain the most.

Our DEM report provides key findings on digital experience monitoring, including market opportunities and deployment challenges, from the perspective of leading DEM vendors from across the globe. It also looks at how deep packet inspection complements synthetic transaction monitoring & real-user monitoring and how it enables the rapid expansion of DEM networks. Don’t miss your free copy of our DEM report.

Sebastian Müller portrait

Sebastian Müller

Contact me on LinkedIn

Sebastian is a passionate DPI thought leader guiding a cross-functional team to build the networks of the future with leading traffic analytics capabilities. He has over ten years of dedicated experience in the telecom and cybersecurity domain, providing him with deep understanding of market requirements and customer needs. When he’s not at work, you can either find him on his road bike or hiking in the mountains.


Related material

ipoque blog - discover the latest news and trends in IP network analytics

Sign up for our newsletter

Stay informed about the latest news and insights from ipoque