Recently, Cloudflare published a blog post that compared their ZTNA performance with that of ZScalar. Unsurprisingly they found themselves to be faster.
ZScalar CEO, Jay Chaudhry, was asked about this in an interview and unsurprisingly brushed off the criticism and pointed out some issues he had with Cloudflare instead.
All in all, standard behavior from big corporate organizations. However what was interesting was how the question was posed to Jay:
The comparison isn’t between Cloudflare and ZScalar. It’s between Cloudflare, ZScalar and hairpining of the traffic back to the data center. And a difference of a couple of milliseconds one way or the other when you are doing thirty hops instead of three hops isn’t meaningful. So, it’s really a functionality problem, isn’t it?Alex Henderson – Needham
This reveals something we’ve mentioned before in previous blogs. If your infrastructure isn’t top notch and you aren’t located close to a provider’s PoP, performance can suffer.
My feeling is that this criticism is well-understood, but brushed aside too easily. It’s easy when you live in Silicon Valley to say “Yeah, we’ll build a PoP close to your branch office” or “Why don’t you just buy more bandwidth?”.
These are valid solutions in some cases, but in others this might be prohibitively expensive or indeed impossible. We believe this limitation will become increasingly noticeable as ZTNA is rolled out to more and more users globally.
How Does Replify Improve Zero Trust Performance?
Yes, as was outlined in the question above, extra latency is an inevitable problem with a ZTNA solution. Indeed, in another part of the interview, we hear about the ZScalar ZDX solution. This will give metrics on how badly the user experience is affected. There was no mention on how it could be addressed though.
The easy answer to this in a lot of cases is either to buy more bandwidth or to make better use of the bandwidth you already have. Many of the vendors can claim they’ve got this covered. They can talk about their backbones and the cool things they are doing with transport protocols like QUIC etc. They often refer to this as “WAN Optimization”. This is all great, but it isn’t going to work if your clients and data centre are in Angola, but your nearest PoP is in South Africa. Likewise, if your users have poor home or remote connections to the PoP or internet in general.
WAN Optimization products such as Replify WAN Accelerator use techniques such as lossless compression and de-duplication to reduce the amount of bandwidth used between client and server. Put simply, if we reduce the amount of data the server sends, it will arrive at the client more quickly and the perceived speed of the connection will be greater.
Best of Both Worlds
From a security perspective, it’s a no-brainer to use Zero Trust to secure your infrastructure. However let’s face it, most of your users don’t care about security, they just want to get things done quickly. If your rollout stops them doing this, it will be deemed a failure. With WAN Optimization, you can both increase security and performance of your Zero Trust Product. Also, you might get away without having to pay for extra bandwidth too.
Replify has experience here. We’ve seen similar problems in the SD-WAN market and we saw vendors come to the realization that WAN optimization is a must-have feature. The Zero Trust market will also come to the same realization. When they do, we’ll be happy to help out. Replify has helped several vendors develop an SD-WAN solution with fully integrated WAN optimization capabilities. We are doing the same with ZTNA and in fact we already work alongside the main vendors out of the box!
If you want to know more, please contact us at email@example.com