>
    Autonomous DEM Integration for User Experience Management
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. New Features Released in GlobalProtect App 5.2
    4. Autonomous DEM Integration for User Experience Management
    Download PDF
    GlobalProtect

    Autonomous DEM Integration for User Experience Management

    Table of Contents

    Autonomous DEM Integration for User Experience Management

    Starting with GlobalProtect™ app 5.2.6 with Content Release version 8393-6628 or later.
    OS Support: Windows 10 and macOS
    Prisma Access: Cloud Managed Prisma Access or the 2.0 Innovation Release of Panorama Managed Prisma Access with an active Prisma Access for Mobile Users license
    You can now gain visibility into the user experience, application, and network performance in your Secure Access Service Edge (SASE) environment by integrating the Autonomous DEM (ADEM) service into the GlobalProtect app and Prisma Access without deploying any additional appliances or agents. By natively integrating the ADEM service into the GlobalProtect app, the ADEM service enables synthetic tests for applications you specify both from the endpoint and from the different vantage points in Prisma Access. By using the ADEM service, you can now quickly identify real and synthetic traffic analysis that enables the ability to drive autonomous remediation of digital experience problems when they arise. You must enable ADEM in the GlobalProtect app to connect to the ADEM service and to perform endpoint, WiFi, and synthetic monitoring tests. To learn more about the various monitoring techniques to determine performance levels by using ADEM, see ADEM Monitoring and Tests. You can use ADEM to get visibility into the user experience for mobile users and remote networks.

    Enable Autonomous DEM (Panorama Managed Prisma Access)

    With the 2.0 Innovation Release of Prisma Access, the Panorama web interface can be used to install the ADEM endpoint agent on your end user devices so that the ADEM endpoint agent can authenticate with the Autonomous DEM service.
    1. Generate a client certificate for the ADEM endpoint agent to authenticate to the Autonomous DEM service.
    2. .
    3. Configure the ADEM settings on the GlobalProtect portal.
      You must enable the GlobalProtect app to use the certificate you just created to authenticate to the ADEM service. You can define how your end users install the ADEM endpoint agent on their endpoints and whether to let them enable and disable ADEM.
      1. In Panorama, select NetworkGlobalProtectPortalsGlobalProtect_PortalAgent DEMAppEnable Autonomous DEM and GlobalProtect Log Collection for Troubleshooting.
      2. In Panorama, select NetworkGlobalProtectPortalsGlobalProtect_PortalAgent DEMAppAutonomous DEM endpoint agent for Prisma Access (Windows & MAC only).
        Select Install and user can enable/disable agent from GlobalProtect to install the ADEM endpoint agent during the GlobalProtect app installation, and allow end users to enable or disable user experience tests from the GlobalProtect app. Select Install and user cannot enable/disable agent from GlobalProtect to install the ADEM endpoint agent during the GlobalProtect app installation, and not allow end users to enable or disable user experience tests from the GlobalProtect app. Select Do Not Install (default) to not install the ADEM endpoint agent during the GlobalProtect app installation.
    4. Click OK twice.
    5. Make sure you have security policy rules required to allow the and run the synthetic tests.
    6. Commit the configuration to Panorama and push the configuration changes to Prisma Access.
    7. Verify that the ADEM endpoint agent can perform user experience tests only when GlobalProtect is connected.
      If you have configured the portal to install the ADEM endpoint agent during the GlobalProtect app installation and either allow end users to enable the tests or not allow them to enable the tests, they can verify if the GlobalProtect app is enabled to run user experience tests on Windows and macOS devices. By default, heartbeat alerts are still forwarded to ADEM even when GlobalProtect is disabled.

    Enable Autonomous DEM (Cloud Managed Prisma Access)

    With Cloud Managed Prisma Access, the certificate is retrieved automatically so that it can be pushed to your end user devices and authenticate their devices to the Autonomous DEM service.
    1. From the Prisma Access app on the hub, create a new GlobalProtect app settings configuration and enable Autonomous DEM.
      You can enable Autonomous DEM for the selected end users under App Configuration by expanding Show Advanced Optons User Behavior and selecting the option to enable Digital Experience Monitoring (DEM) for Prisma Access (Windows and Mac only). You can select whether to let end users enable or disable user experience tests from the GlobalProtect app by selecting Install and User can Enable or Disable DEM or Install and User cannot Enable or Disable DEM.
    2. Make sure you have security policy rules required to allow the and run the synthetic tests.
    3. Save and Push the configuration to Prisma Access.
    4. Verify that your end users can run user experience tests only when GlobalProtect is connected.
      If you have configured the portal to install the ADEM endpoint agent during the GlobalProtect app installation and either allow end users to enable the tests or not allow them to enable the tests, they can verify if the GlobalProtect app is enabled to run user experience tests on Windows and macOS devices. By default, heartbeat alerts are still forwarded to ADEM even when GlobalProtect is disabled.

    © 2024 Palo Alto Networks, Inc. All rights reserved.