This is the third blog in a three part series. Here is are blogs #1 and #2 if you missed them: “3 Things You Should Know About HTTPS, SSL or TLS traffic with Wireshark” and “How to Decrypt an HTTPS Exchange with Wireshark”
Encrypted applications are everywhere:
- Most internal applications are now encrypted using SSL/TLS
- SaaS is a massive global market worth $160Bn growing by 20% YoY
- Over 80% of the companies used SaaS applications in 2018
- Legacy application vendors are quickly transitioning to SaaS
Source: BetterCloud “2017 State of the SaaS-Powered Workplace”
SaaS is also everywhere and IT departments have lost control over it. IT Operation teams are often unaware of what applications business units have subscribed to until they complain about its poor performance.
Sooner or later, you will go through this experience. It will be helpful to know what challenges lie ahead of you and how can you bring visibility into cloud services.
What are the challenges around SaaS Traffic Analysis?
First, let’s look at what makes dealing with performance complaints on SaaS and cloud services a challenge:
- Encryption: cloud services and SaaS will be encrypted, mostly using SSL and TLS. This takes away visibility of what is flowing through the network.
- Network latency: network response time has a huge impact on end user experience (EUE). Of course, latency can be compounded due to the longer distances between users and servers hosted in the cloud. But, even more challenging is that latency is not predictable. You don’t know where these servers are located which can change through time and may even be dynamic!
- Less control and visibility from IT: IT teams have no visibility into the host environments and servers. They may not have any data on the network requirements or the volume of users or their usage profiles, and so on. All of this will make both capacity planning and troubleshooting more complicated.
- Shadow IT: in most cases, IT will not be consulted before a department subscribes to a new SaaS application.
- Finally, we often think of SaaS as a very simple application. But, as more business critical applications move to the cloud, SaaS is no longer an isolated application sitting in the cloud but a critical asset connected to other IT assets hosted on-premise and in the cloud. The need for visibility has become more critical and more complex to address.
Here are a couple of more technical and hands-on issues that IT troubleshooters will have to overcome:
- Classification: classifying external applications using HTTPS can be a challenge. It’s not like before when you could connect to the corresponding server and discover what application was hosted on-premise. And, unlike classical web applications, you cannot take a look at the URL/URI and figure out what application a certain conversation is about.
- Transaction analysis: encryption means no ability to analyze traffic contained in the payload and as a consequence, no ability to analyze transactions passed by clients to the SaaS servers.
What are the Options to Measure Performance of Cloud Services?
Synthetic testing simulates user interactions with applications and websites hosted in the cloud. It enables IT teams to obtain information about application uptime and the performance of critical application transactions. It lets them test out new locations before they go live to make sure they are likely to deliver the required performance.
What synthetic doesn’t do is provide real user experience because it uses scripted interactions that simulate how users might use a SaaS or cloud app. Because of that, synthetic testing doesn’t predict complicated user behavior. It just assumes how users might use the apps, but does not reflect the actual end user experience.
That can be adequate for establishing SaaS and cloud application availability thresholds. But, it won’t find the issues real users might experience. That would leave a significant gap in performance monitoring, which is why some enterprises combine real user monitoring (RUM) with synthetic testing to obtain a more complete performance picture.
As described in my previous post, “How to Decrypt an HTTPS Exchange with Wireshark“, it’s possible to decrypt network packet traffic that uses TLS or SSL and to monitor SaaS and cloud application performance.
How? By using the following methods:
- Private Key and Wireshark
- Private key and SkyLIGHT PVX
- SSL Inspection
- Other devices offloading the SSL layer
It’s important to emphasize that the information conveyed by the network from the client to the server remains encrypted and safe – while the analysis device receives a clear copy of the communication.
Analyzing the Performance on Encrypted traffic
It’s also possible to obtain performance metrics from SaaS and cloud application traffic without decrypting their network traffic by evaluating the following information:
- Recognizing the apps contained in the encrypted network traffic flow based on Service Name Identification (SNI) and Common Name (CN) information in security certificates
- TLS Handshake time
- TLS attributes (CN, SNI, key length, encryption and hash algorithms)
the TCP behavior for a given TLS conversation
- Round Trip Time (RTT)
- Retransmission Events and Times
- TCP Flags
- Server Processing Time
- Data Transfer Times
This allows IT to view end user experience for each user accessing each cloud service across their network.
This information can be stitched together and be displayed in graphs and tables to provide an emblematic overview of SaaS and cloud application performance.
In conclusion, in order to evaluate the performance of SaaS and cloud applications, you need to know the challenges around SaaS Traffic Analysis and your options to measure the performance of cloud services.
To read the first or second blog in this three part series, please visit the following: