Online is today’s default status. Everything we do, watch, buy, sell is online. The shift to the cloud and the advent of SaaS has made us cloud dependant, and with that, reliable connectivity is a must.
Slow is the new down
Gain insight into the IT services that underpin your productivity
Don't do a network analysis as a one-off exercise - Make it a part of continuous monitoring to ensure the problem does not reappear
How does CNA work?
It relies on CNA agents running on end-user devices, and/or IoT sensors to gather reachability information to online services and proactively report on service degradation.
This results in a comprehensive assessment of your IT service from the user point of view.
The service provided is fully managed and does not require any changes to your current environment.
CNA agents and sensors are used to emulate user activity, reporting on IT service performance and availability
Each element in the path is analysed to gain visibility of the IT landscape
Better visibility result in faster problem management and higher service availability
Application reachability monitoring is the foremost use for CNA. The sensors emulate user consumption, often browser requests to websites and business-critical applications.
Top-Level dashboard with changing colour tiles (Red-Amber-Green), one for each application, simplify the visualisation of the performance reported. The example below shows four application tiles with SharePoint reporting poor response.
The user experiences delays loading the webpage, and – in SharePoint case - with uploading and downloading items.
A more detailed view shows how the problem manifests with increased response time.
Humans can remember names, such as www.cnassess.co.uk but the internet operates with numbers called IP addresses. DNS failure means delay or no IP address resolution for the destination name requested.
CNA agents and sensors consume DNS services the same way the end-user does.
The service intelligence is in the ability to report and validate the DNS response.
The graph below was captured during a DNS malfunction that affected all customer services. The graph shows that the DNS was responding with delays up to 1.5 seconds. The customer was able to resolve the issue by diverting requests to an alternative DNS whilst the issue on the primary DNS was investigated.
CNA sensors are fix point of observation for wireless service. Once deployed at site, our team can create intuitive dashboard with floorplan view similar to what seen below.
CNA sensors report on the WiFi signal reading, and colour-changing icons are used to represent the quality of the signal received. These can be made interactive, with pop-up graphs when hovering on top with the mouse.
The detailed view can highlight issues with the signal broadcasted and the availability of the Wi-Fi service to the users.
The graph below was captured during an intermittent availability of wireless signal, this was due to a code issue with the access-point.
CNA agent and sensor can also periodically run wireless scan to produce an historical report of the SSID broadcasted.
This information can be useful to troubleshoot noise and interference issues.
Connectivity is the enabler for all the activities online. When compromised, access to the IT services is undermined and users experience is degraded.
Monitoring of connectivity is often isolated to the network devices, limiting visibility of the bigger picture. This is exacerbated by the disjointed support teams from the multiple providers.
CNA uses the data collected from the agents and the sensors, and combine it with the data captured from the cloud monitoring system to evaluate the performance of the connectivity of the location.
The graphs in the pictures below show how the applications are affected by WAN (Wide Area Network) problems.
The WAN packet loss, reported on the bottom right graph, is reflected on the WAN Performance, bottom left graph, and on the two application graphs on the top (O365 and ServiceNow).
Connectivity has to be able to serve the required amount of throughput demanded by the user’s traffic.
If the bandwidth is suddenly reduced, the user’s traffic is constrained at a higher contention rate, resulting in drops and retransmissions.
CNA sensor can monitor around the clock the bandwidth available on the WAN by running periodical speed tests.
The Solution consist of 2 elements: the Cloud Unit and the Agents/Sensors.
The Cloud Unit (CU) is the environment that gathers the metrics collected by the sensors and display them in graphics the user interface (Portal).
CU can be consumed as a cloud services or hosted in private cloud/datacentre.
The sensors are small devices deployed at the user locations to emulate user activities (wifi consumption, browsing, accessing applications, etc.) and collect the performance data. Similar activity is performed by the CNA Agent deployed on the end-user devices (laptop, desktop).
CNA agent is aimed to perform connectivity check to user defined applications and it can also gather information of the machine it is running on, reporting on CPU, memory, disk and network usage.
CNA sensors never sleep. Once deployed at site, you will be able to monitor your location connectivity around the clock. Ensuring that, no matter who is at site, you will have visibility of the status of your wireless, broadband, applications, etc.
CNA sensor are aimed at fix locations such as offices, schools, stations, shops, restaurants, etc.
CNA agents or sensors don’t hold data captured but have credentials/tokens to authenticate into the cloud unit (DB, orchestration, etc.) - in the sensor case, these are stored securely in an encrypted partition.
Cloud Unit can be hosted in public cloud dedicated private tenancy or in the customer facilities (datacentre or on-prem).
CU disks are encrypted and data transfer is protected with TLS.
The sensors are only testing responses to the designated targets (applications and infrastructure) and report the metrics back to the cloud unit.
Targets can be web applications, servers, DNS, network devices or the wireless signal.
No other activity is performed by the sensor.
Native cloud encryption –
AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Azure: https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss
GCP: https://cloud.google.com/security/encryption/default-encryption
IoT devices have no physical ports visible/enabled other than the power socket.
Connection inbound access is prevented by firewall rules (deny any). Only outbound communication is allowed, specifically the emulation of user traffic for application testing and the communication with the cloud unit. Data is encrypted in transit by TLS, and at rest with disk encryption.
This approach results in hardened devices with a very reduced attack surface, and prevent the hijack for use in malicious purposes such as DDoS.
CNA and its IoT devices have been issued IASME IoT Cyber Assurance Level1 Certification
Data is store in the Cloud Unit. CNA with CU as could service (SaaS) is currently hosted in the UK cloud availability zones/regions.
The Cloud Unit can be hosted in any location in most clouds, or on private hosted environments.