Deploy ADEM Universal Agent to Monitor SD-WAN

Table of Contents

Enable ADEM to Monitor SD-WAN for Remote Sites

Types of Application Experience Monitoring

Deploy ADEM Universal Agent to Monitor SD-WAN

ADEM Universal Agent provides a unified digital experience monitoring solution for all branch offices, including non-Palo Alto Networks® SD-WAN solutions.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)	ADEM or Strata Cloud Manager Pro license Prisma Access license Access to the Palo Alto Networks® image store Access to Palo Alto Networks® image repository Recommended host hardware specifications- 2 virtual CPUs, 1GB RAM, 2GB storage after installation

The Autonomous Digital Experience Management (ADEM) provides an Universal Agent to provide a unified digital experience monitoring solution for all branch offices, including non-Palo Alto Networks® SD-WAN solutions. ADEM Universal Agent is installed as a container for maximum adaptability. This agent removes hardware dependency for greater deployment flexibility. It installs seamlessly, including behind SD-WAN devices. This allows the agent to run synthetic tests from branch offices and provide consistent performance data across any network topology.

ADEM Universal Agent ensures uniform performance views for networks and applications in all scenarios. It supports diverse customer infrastructures and reduces architectural constraints. Through Strata™ Cloud Manager, it offers a secure, efficient process to deploy and manage agents with strong security and seamless lifecycle management for both single and bulk installations. This expanded coverage gives a complete view of the digital experience across the enterprise, including previously unmonitored branch locations.

Universal Agent Deployment Process

ADEM supports container-based agent deployment that is packaged as a Docker image. Strata™ Cloud Manager generates a customized installation script with user-provided parameters. This script contains commands to pull the agent image from the Palo Alto Networks® image repository. You must copy-paste the script to the Linux shell to deploy the agent within your container management platform. Each installation package is tied to a specific tenant and that initial registration is secured with a custom key provided per tenant per installation. This process provides secure and automated deployment.

Onboard and Manage ADEM Universal Agents

During registration, agents must be configured to communicate to the cloud portal via Prisma Access and not through a split tunnel configuration.
Ensure ADEM Portal FQDNs are routed through the Prisma Access Tunnel.
Use a granular policy that allows ADEM Universal Agent data subnet to reach the Prisma Access public IPs via Direct Internet Access.
It is recommended to have a dedicated Network Interface Card for management interface for easier troubleshooting.
It is recommended to enable tunnel monitoring for Remote Networks in Strata™ Cloud Manager.

Add an Universal Agent.
1. Login to Strata™ Cloud Manager and select System SettingsAccess Experience ManagementUniversal Agent.
2. Click Add Agent.
3. On the General tab, select Installation Type as Container and Quantity as Single for single agent deployment or Bulk for multiple agents.
4. Provide required identification and configuration details based on your selection:
  If Single is selected: Enter a unique Agent Name.
  If Bulk is selected: Enter an Agent Name Prefix and specify the Number of Agents.
5. Specify the Host Volume Directory path where you want to store your agent files. Optionally, you can add Tags to help you search for and identify this agent later.
Deploy the Universal Agent.
Execute the copied script in your container management platform (for example, a Linux terminal). The script pulls the container image from the Palo Alto Networks® image repository and deploys the agent, including a bootstrap token for initial registration.
Verify Agent Registration.
Select Access Experience ManagementUniversal Agent. Review the list of agents to confirm the new agent(s) are registered and show an Active status. Observe their assigned Agent Name, Location, and Experience Score.
Monitor the performance and health of Universal Agent.
1. Select an active agent from the list (for example, TlnTest-6-1) to view its detailed monitoring dashboard, which provides a comprehensive overview of its performance and health:
  Review the Application Domains to see the applications being monitored by this agent.
  Examine All Paths to understand the network paths taken by traffic from the agent to various destinations.
  Observe the Application Experience Trend chart to identify historical performance patterns and potential degradation.
  Examine the Path to [Destination] visualization for network path details, including individual IP hops from the agent to the target destination. This helps in pinpointing network bottlenecks.
  Observe Synthetic Performance Metrics such as Availability, Time To First Byte (TTFB), and Time To Last Byte (TTLB), which measure critical aspects of application responsiveness.
  Review container health metrics, including Memory and CPU utilization, to ensure the agent is operating within optimal resource parameters.
Configure Initial Application Tests.
1. Select InsightsApplication Experience Manage Monitor Settings.
2. On the Application Tests tab, select Create Application Test.
3. Define the test parameters. In the Source section, Select Remote Sites.
4. From the list, choose the desired Universal Agent(s) to run the test from and Save the updates.
Review Aggregated Performance and Topology.
1. Select InsightsBranch SitesUniversal Agent tab.
2. Review the aggregated Site Application Experience Score and the number of Monitored Sites, which provides a high-level overview of overall agent performance.
3. For segment-wise impact analysis, select InsightsApplication ExperienceSegment-Wise Remote Site Impact.
4. Observe the topology diagram showing the path from Universal AgentNetwork NodeWAN PathDatacenterMonitored Apps. This view is also present in the App Suite View and per Domain view, providing a clear visual representation of traffic flow and potential choke points.