>
    Autonomous DEM Integration for User Experience Management
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. New Features Released in GlobalProtect App 5.2
    4. Autonomous DEM Integration for User Experience Management
    Download PDF
    GlobalProtect

    Autonomous DEM Integration for User Experience Management

    Table of Contents

    Autonomous DEM Integration for User Experience Management

    Starting with GlobalProtect™ app 5.2.6 with Content Release version 8393-6628 or later.
    OS Support
    : Windows 10 and macOS
    Prisma Access
    : Cloud Managed Prisma Access or the 2.0 Innovation Release of Panorama Managed Prisma Access with an active Prisma Access for Mobile Users license
    You can now gain visibility into the user experience, application, and network performance in your Secure Access Service Edge (SASE) environment by integrating the Autonomous DEM (ADEM) service into the GlobalProtect app and Prisma Access without deploying any additional appliances or agents. By natively integrating the ADEM service into the GlobalProtect app, the ADEM service enables synthetic tests for applications you specify both from the endpoint and from the different vantage points in Prisma Access. By using the ADEM service, you can now quickly identify real and synthetic traffic analysis that enables the ability to drive autonomous remediation of digital experience problems when they arise. You must enable ADEM in the GlobalProtect app to connect to the ADEM service and to perform endpoint, WiFi, and synthetic monitoring tests. To learn more about the various monitoring techniques to determine performance levels by using ADEM, see ADEM Monitoring and Tests. You can use ADEM to get visibility into the user experience for mobile users and remote networks.

    Enable Autonomous DEM (Panorama Managed Prisma Access)

    With the 2.0 Innovation Release of Prisma Access, the Panorama web interface can be used to install the ADEM endpoint agent on your end user devices so that the ADEM endpoint agent can authenticate with the Autonomous DEM service.
    1. Generate a client certificate for the ADEM endpoint agent to authenticate to the Autonomous DEM service.
    2. .
    3. Configure the ADEM settings on the GlobalProtect portal.
      You must enable the GlobalProtect app to use the certificate you just created to authenticate to the ADEM service. You can define how your end users install the ADEM endpoint agent on their endpoints and whether to let them enable and disable ADEM.
      1. In Panorama, select
        Network
        GlobalProtect
        Portals
        GlobalProtect_Portal
        Agent
        DEM
        App
        Enable Autonomous DEM and GlobalProtect Log Collection for Troubleshooting
        .
      2. In Panorama, select
        Network
        GlobalProtect
        Portals
        GlobalProtect_Portal
        Agent
        DEM
        App
        Autonomous DEM endpoint agent for Prisma Access (Windows & MAC only)
        .
        Select
        Install and user can enable/disable agent from GlobalProtect
         to install the ADEM endpoint agent during the GlobalProtect app installation, and allow end users to enable or disable user experience tests from the GlobalProtect app. Select
        Install and user cannot enable/disable agent from GlobalProtect
         to install the ADEM endpoint agent during the GlobalProtect app installation, and not allow end users to enable or disable user experience tests from the GlobalProtect app. Select
        Do Not Install
         (default) to not install the ADEM endpoint agent during the GlobalProtect app installation.
    4. Click
      OK
       twice.
    5. Make sure you have security policy rules required to allow the and run the synthetic tests.
    6. Commit
       the configuration to Panorama and push the configuration changes to Prisma Access.
    7. Verify that the ADEM endpoint agent can perform user experience tests only when GlobalProtect is connected.
      If you have configured the portal to install the ADEM endpoint agent during the GlobalProtect app installation and either allow end users to enable the tests or not allow them to enable the tests, they can verify if the GlobalProtect app is enabled to run user experience tests on Windows and macOS devices. By default, heartbeat alerts are still forwarded to ADEM even when GlobalProtect is disabled.

    Enable Autonomous DEM (Cloud Managed Prisma Access)

    With Cloud Managed Prisma Access, the certificate is retrieved automatically so that it can be pushed to your end user devices and authenticate their devices to the Autonomous DEM service.
    1. From the Prisma Access app on the hub, create a new GlobalProtect app settings configuration and enable Autonomous DEM.
      You can enable Autonomous DEM for the selected end users under App Configuration by expanding
      Show Advanced Optons
      User Behavior
       and selecting the option to enable
      Digital Experience Monitoring (DEM) for Prisma Access (Windows and Mac only)
      . You can select whether to let end users enable or disable user experience tests from the GlobalProtect app by selecting
      Install and User can Enable or Disable DEM
       or
      Install and User cannot Enable or Disable DEM
      .
    2. Make sure you have security policy rules required to allow the and run the synthetic tests.
    3. Save
       and
      Push
       the configuration to Prisma Access.
    4. Verify that your end users can run user experience tests only when GlobalProtect is connected.
      If you have configured the portal to install the ADEM endpoint agent during the GlobalProtect app installation and either allow end users to enable the tests or not allow them to enable the tests, they can verify if the GlobalProtect app is enabled to run user experience tests on Windows and macOS devices. By default, heartbeat alerts are still forwarded to ADEM even when GlobalProtect is disabled.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.