Autonomous DEM Integration for User Experience Management
Starting with GlobalProtect™ app 5.2.6 with
Content Release version 8393-6628 or later.
OS Support
:
Windows 10 and macOSPrisma Access
: Cloud Managed Prisma
Access or the 2.0 Innovation Release of Panorama Managed Prisma
Access with an active Prisma Access for Mobile Users licenseYou
can now gain visibility into the user experience, application, and
network performance in your Secure Access Service Edge (SASE) environment
by integrating the Autonomous DEM (ADEM) service into the GlobalProtect
app and Prisma Access without deploying any additional appliances
or agents. By natively integrating the ADEM service into the GlobalProtect
app, the ADEM service enables synthetic tests for applications
you specify both from the endpoint and from the different vantage
points in Prisma Access. By using the ADEM service, you can now quickly
identify real and synthetic traffic analysis that enables the ability
to drive autonomous remediation of digital experience problems when they
arise. You must enable ADEM in the GlobalProtect app to connect
to the ADEM service and to perform endpoint, WiFi, and synthetic
monitoring tests. To learn more about the various monitoring techniques
to determine performance levels by using ADEM, see ADEM Monitoring and Tests.
You can use ADEM to get visibility into the user experience for mobile users and remote networks.
Enable Autonomous DEM (Panorama Managed Prisma Access)
With the 2.0 Innovation Release of Prisma
Access, the Panorama web interface can be used to install the ADEM
endpoint agent on your end user devices so that the ADEM endpoint
agent can authenticate with the Autonomous DEM service.
- Generate a client certificate for the ADEM endpoint agent to authenticate to the Autonomous DEM service.
- .
- Configure the ADEM settings on the GlobalProtect portal.You must enable the GlobalProtect app to use the certificate you just created to authenticate to the ADEM service. You can define how your end users install the ADEM endpoint agent on their endpoints and whether to let them enable and disable ADEM.
- In Panorama, select .
- In Panorama, select .SelectInstall and user can enable/disable agent from GlobalProtectto install the ADEM endpoint agent during the GlobalProtect app installation, and allow end users to enable or disable user experience tests from the GlobalProtect app. SelectInstall and user cannot enable/disable agent from GlobalProtectto install the ADEM endpoint agent during the GlobalProtect app installation, and not allow end users to enable or disable user experience tests from the GlobalProtect app. SelectDo Not Install(default) to not install the ADEM endpoint agent during the GlobalProtect app installation.
- ClickOKtwice.
- Make sure you have security policy rules required to allow the and run the synthetic tests.
- Committhe configuration to Panorama and push the configuration changes to Prisma Access.
- Verify that the ADEM endpoint agent can perform user experience tests only when GlobalProtect is connected.If you have configured the portal to install the ADEM endpoint agent during the GlobalProtect app installation and either allow end users to enable the tests or not allow them to enable the tests, they can verify if the GlobalProtect app is enabled to run user experience tests on Windows and macOS devices. By default, heartbeat alerts are still forwarded to ADEM even when GlobalProtect is disabled.
Enable Autonomous DEM (Cloud Managed Prisma Access)
With Cloud Managed Prisma Access, the certificate
is retrieved automatically so that it can be pushed to your end
user devices and authenticate their devices to the Autonomous DEM
service.
- From the Prisma Access app on the hub, create a new GlobalProtect app settings configuration and enable Autonomous DEM.You can enable Autonomous DEM for the selected end users under App Configuration by expanding and selecting the option to enableDigital Experience Monitoring (DEM) for Prisma Access (Windows and Mac only). You can select whether to let end users enable or disable user experience tests from the GlobalProtect app by selectingInstall and User can Enable or Disable DEMorInstall and User cannot Enable or Disable DEM.
- Make sure you have security policy rules required to allow the and run the synthetic tests.
- SaveandPushthe configuration to Prisma Access.
- Verify that your end users can run user experience tests only when GlobalProtect is connected.If you have configured the portal to install the ADEM endpoint agent during the GlobalProtect app installation and either allow end users to enable the tests or not allow them to enable the tests, they can verify if the GlobalProtect app is enabled to run user experience tests on Windows and macOS devices. By default, heartbeat alerts are still forwarded to ADEM even when GlobalProtect is disabled.
