Jamie Bodley-ScottMarch 27, 2023
How Zero Trust Network Access Drives Enterprise Agility and Performance
Fiercely competitive global markets drive “faster, smarter, better” digital transformation initiatives built on AI and machine learning, IoT, data analytics and cloud adoption. But a disparate patchwork of legacy security tools can significantly hinder productivity. That’s why organizations are deploying Zero Trust Network Access (ZTNA) that easily scales with enterprise roadmaps, and ensures fast, on-demand secure access for employees and third parties to the resources they need to do their jobs.
The security, operational and business benefits of Zero Trust Network Access are widely known as accelerated adoption makes ZTNA the fastest-growing network security segment, according to Gartner’s 2023 forecast on worldwide security and risk management spending.
However, not all Zero Trust access solutions are created equal, so when assessing ZTNA vendors it’s essential to investigate their high performance and scalability capabilities for several very important enterprise productivity and security reasons:
- User experience: Comprehensive ZTNA is expected to provide a seamless experience to users, regardless of their location or device. Users should be able to access resources quickly and easily without experiencing any delays or interruptions. High performance is necessary to ensure that resources are delivered in real-time and that users can work efficiently.
- Business continuity: 24/7 availability ensures that users located anywhere can access resources scattered everywhere whenever they need them. Any downtime or interruptions can have severe consequences for business operations and productivity. High availability and scalability are necessary to ensure that the solution can handle large volumes of traffic and users without experiencing any performance issues or downtime
- Security: ZTNA solutions rely on real-time policy enforcement and contextual access controls to ensure that only authorized users and devices can access resources. This requires high-performance processing of data, traffic, and user behaviors to identify threats and enforce policies quickly and accurately. Scalability is also essential to ensure that the solution can handle large volumes of traffic and users without compromising security.
Why Appgate SDP?
Appgate SDP, the industry’s most comprehensive ZTNA solution, offers several points of differentiation. For instance, its Gateways operate entirely independently of one another allowing you to scale them out to any number on a Site. And the distributed nature of the Sites provides the additional benefit of eliminating VPN bandwidth-constrained network choke points.
This decentralized architecture allows users to connect directly to legacy resources, virtualized workloads or cloud instances. This helps to overcome network performance drawbacks that some organizations experience with other vendor solutions that carry a ZTNA label but fall short because they still rely on centralized routing hosted in the cloud or a single choke point.
When Appgate SDP Gateways are deployed on physical hardware, they have been shown to outperform VPNs by as much as 10x. Our Ax-G5 appliance with a 10Gb network interface card (NIC) can deliver over 9Gb/s of throughput and still have 50% vCPU capacity available for other tasks!
With this level of performance now available on a low-cost physical appliance, enterprise network teams can practically consider scrapping the use of traditional managed (high-performance) networks infamous for decades-old, centralized VPN architecture, massive hardware appliances and single chokepoints that threat actors can exploit to gain entry into the network.
But not all enterprises want to use physical appliances—instead preferring to use hypervisors that would normally time-share any NICs between the VMs. This approach comes at a cost of reduced network speeds and high CPU loads.
Appgate SDP Gateways have been designed to take full advantage of the 2007 Single Root I/O Virtualization (SR-IOV) hardware standard which enables PCI Express devices such NICs to appear on the PCI Express bus as multiple virtual NICs. These NICs replicate the usual hardware resources allowing Appgate SDP Gateways to operate more like they would on physical appliances.
While this does not yield the same efficiency in terms of CPU utilization, SR-IOV does make it possible to achieve any desired network throughputs—in this case, nearly 25Gb/s with three VM Gateways on one host:
By carefully planning the deployment of virtual Appgate SDP Gateways it is entirely possible to achieve 100Gb/s throughputs on a Site if that was required! This could be done using just three quite modest (approximately $10K) VM hosts each equipped with a 40Gbe NIC card.
So, now that the stage is now set for the wider adoption of comprehensive Zero Trust Network Access ... let the performance begin.
For more specifics on the scale and performance of Appgate SDP, read the technical guide.
Additional ZTNA resources
Blog: Redefining Network Access Control: Zero Trust for the Corporate Network
Podcast: Zero Trust Access for the Corporate Network
Solution Brief: Securing the Hybrid Enterprise with ZTNA
Blog: Robust Resilient Architecture: The Game Changer for Software-Defined Perimeter Specifications