VPN vs ZPA Side by Side Comparison

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
I am Patrick Bach Sylvan and I'm Lisa Lorenzen and today we're gonna do a interesting side-by-side demo we're going to show you what it is like for a traditional user experience going through a traditional VPN and compare and contrast that and show what that experience looks like as a user goes through private access so I'll be playing the role of the Z scaler private access user as you can see on my desktop and Lisa is going to be playing the role of an old-school VPN user I spent about 15 years doing this professionally so now I'm just doing it on camera so we're gonna do it in a challenge scenario so the first challenge we're gonna do is we're gonna do something that everyone is familiar with everyday we're going to connect to our corporate network and fire up email often companies don't expose their email servers or in this case we're going to show at Microsoft Outlook in exchange to the Internet and so they usually require the user to do something first like log on to a VPN so we're gonna compare and contrast this experience live showing both of our desktops you ready let's go okay we're gonna start now so one of the first things you'll see is there is no concept in private access of logging in or out of a VPN once you've enrolled in the solution you're never logging in and out there's no such thing and so as a result for me to launch outlook I just launched outlook the way I normally always would have I on the other hand I'm having to connect to the VPN establish an IPSec tunnel and then go into my outlet client so as soon as I get my connection up which we will notice very shortly I will be able to get into my email so if we were racing I think you won that one maybe just by a little bit yeah but I have a challenge that I think I can win let's give it a shot let's see what we can learn on the network yeah so because we're both connected to the corporate network and online we're gonna demonstrate what kind of access or visibility we have to the remote environment and we thought we'd do that a little technical and do so by launching a port scanner so here's an example port scanner we're both configured to scan the exact same address ranges and if we go ahead and start our scans we're probably gonna see that the results come back pretty different even though my machine is connected to the same network as Lisa's we're both getting email proving that my results are zero I don't find anything on the other hand I can see all sorts of things around me and I think when we say we're both connected to the network really that's no longer true because I am clearly connected to the network you're connected to an application that's right that's illustrating something very different that's happening with private access because we're never putting the machine on the remote network never even gets an IP address in that environment there's absolutely nothing for it to port scan it doesn't even know the actual network that it's communicating with even though I still have application access so I think I won this one okay you can call that winning if you can call it so the next step that would normally happen and our third challenge is as the as the CIO of Z scalar I didn't like what Lisa just did so I'm gonna punch her off the network I don't want her on anymore but she still needs to get access to applications like I can so we're gonna illustrate how that works so I'm gonna connect through an SSL VPN and what that's going to allow me to do is it's gonna allow me to connect to a specific webpage rather than connecting to the whole network and I'm even giving Lisa a head start here so I'll let her login we're gonna demo using a web application that we use internally called JIRA this works with any port protocol not just web applications but we're just using that to illustrate it and so Lisa is gonna try to go to JIRA through a web eyes version of JIRA and I'm just going to go to it directly the way I always have as a user in this environment you'll see my dear page is up and running and we're thinking Lisa's attempting to load Terra Europe except sort of I'm not really getting a lot of information here yeah so so what's happening is it's actually breaking because it's trying to act as a reverse proxy and rewrite the content to keep that machine off that network and it's completely broken which is what happens an awful lot whereas in my case I've got Jerry fully loaded and operating so I don't think we can actually kick you off the network fully like that anymore not sure I could get a lot of work done this way yeah so for our next demo we're going to show you something that I do several times a day which is switch networks and this could happen when you go from a wired or wireless network or you walk out the door off the Wi-Fi and switch to LTE this would be just as true with phone as a desktop device and probably more so right now we're both connected to the Z scaler or guest network and we're going to show what happens if we disconnect from that network and connect to you a hotspot instead I'm actually going to load my Z scalar app just so you can visually see what's happening but I'm gonna do the exact same steps that Lisa is doing so I'm disconnecting from guest and we're both going to connect to a different network in this case a hotspot that we have set up and my VPN tunnel has gone down so I'm being prompted to connect yet again and if you noticed you had to watch quickly my Z scale our app showed that a network connection changed I got a completely different public Internet address but I'm already up and fully authenticated as an end-user I don't even have to worry about doing anything different when I'm on different network connections so if I go load up my browser and I go back to gerra you'll see that I'm still accessing it as without any hiccups as if nothing ever happened and I'm waiting for my VPN to reconnect one more time and as soon as it reconnects I will be able to go back to you JIRA as well it's not that you'd ever have network disconnects when you're on an airplane isn't it oh my gosh no that's actually one of the areas where I realize the biggest difference that ZF and DPA make I connect to inflate Wi-Fi all the time and bandwidth is well poor and with Z app the connectivity is so lightweight that it's really easy to continue to work even if I'm having dropouts in the underlying airplane Wi-Fi whereas with a VPN I would go through this process multiple times in a row of waiting for it to reconnect noticing that I was disconnected etc so when we went to put this demo together I disabled the Z app on my laptop and put the VPN client back on for the first time and I think two years and I realized I really don't miss this so hopefully that gives you a little bit of a feel of the end user experience of what it's like going through a couple decade old legacy VPN and z scalar private access we also wanted to compare and contrast a little bit of the administration experience of getting reporting and analytics and seeing what users and applications are on your network and kind of compare those side-by-side in a in a contrasting basis as well so with that I'm going to login to the CPA admin UI and Lisa I believe is going to show some screenshots of an example legacy VPN there so legacy we don't even want them in our network anymore well and I want to be clear here that we're using my previous employers VPN because it's the one I'm comfortable with but this is true of any legacy VPN solution both the nature of the connecting the endpoint to the neck rather than connecting the user to the application also the disconnect and reconnect being fairly heavyweight and the differences in visibility that we're about to go through so we're not just picking on one VPN we're picking on all VPNs yeah Austrade that if you see on my screen when you when you log in to private access right out of the gate it is very application centric and user centric we're not surfacing ports and protocols and lower-level networking capability because that's not relevant in a solution where you're providing named users access to named applications and so right out of the gate you'll see I've got dashboards for applications that are in my environment I can see which ones exist I can see applications we've automatically discovered I can see which ones are in use the most and there's all kinds of different ways of visualizing this data but then I can also pivot and go into users and I can see what users that are connected to private access as well as what applications these users are using which ones are assuming the most bandwidth as an example when we look at what we can see for a user connecting to a VPN it's pretty standard that you can see who the user is you can see what role they have you can see when they connect and disconnect but you don't learn a lot more about what the user it was actually doing on the network and this is a place where zpa really shines we took it even a step further so if I go to the health of the network because we have to know where the users are what applications they're accessing how healthy those applications are are they up or down they often will be across different environments we can even visually represent these applications and and how we view them in the States so I can pick on a particular application in this case a CRM application and I can say visually how is this existing on my network and so here we see that there are two connectors that are seeing this CRM server that's running this application and again nothing like what Lisa showing with just text and and you know lower level networking capability so not to say that users have ever been the source of breaches through a corporate VPN but let's let's show a real-world example of the two experiences so let's say we want to understand what a user has been doing when they're connected or when they're getting privileged access so I'm going to pivot to my users tab this is a live dashboard in real time showing me all the user activity and I'm going to pick on any user here that I see I could search for them directly and end up getting a view of what that user has been doing what applications they've been going to I can even graph that activity in real time and see on a real-time basis that user to app AK activity that's happening whereas with a traditional VPN what you get in even the activity logs is fairly limited you're gonna see who connected maybe what IP address they logged in from when they connected you can stream some information like the total bandwidth total duration of the sessions but we don't have anything like what you get when you expand one of those entries yeah so I can still get very granular detail around everything all the networking level insights that that someone may want but you'll see that ultimately this is all summarized under and application called CRM and so because we understand what the application is it allows you to build your policies to be user centric and application centric not port and protocol another advantage of that is we also show the path through the network so if a user calls me on a helpdesk saying I have poor performance through the VPN well is the problem there upstream or is it the VPN gateway or is it the connection between the VPN gateway and the back-end application whereas with the diagnostic logs we see the path that they took through the Z scalar cloud and the connector into the application we also see round-trip time at various points along the way so you just get a little more detail on the experience the user is having as well as what the user is doing on the network and that's what I'm highlighting right here what Lisa was referring to so we've got latency measured points from you know every different perspective on that connection absolutely so one of the big advantages of zpa is it allows you to see who is connecting to your applications and what applications they're connecting to you get a lot of visibility into that and you also get more control over who is connecting to what application or even who can see that the application exists so if you liked what you saw here please come to the Z scalar website we've got a lot of resources on zpa from solution briefs and ebooks to video testimonials from people who are using it every day
Info
Channel: Zscaler Inc.
Views: 25,024
Rating: 4.8106508 out of 5
Keywords: internet security, web security, security as a service, cloud security, zscaler, zpa vs vpn
Id: EanV0tE9goU
Channel Id: undefined
Length: 12min 7sec (727 seconds)
Published: Tue Jan 29 2019
Related Videos
Zscaler, SASE Outbound inspection and protection, Season 1, Episode 3
Security Architecture Podcast
3.2K
How Zero Trust improves security and the user experience
Cisco Nederland
22K
If Brains are Computers, Who Designs the Software? - with Daniel Dennett
The Royal Institution
532K
Zscaler Private Access: Secure and Personalized Access to Internal Apps
Zscaler Inc.
38K
Your Cloud Transformation Journey with Zscaler
Zscaler Inc.
21K
Accomplishing Zero Trust Security Using SDP
The CISO Perspective
15K
VPN Replacement in less than 20 Minutes with Zscaler.
Adam P
2.2K
Securing your cloud transformation from the beginning
Zscaler Inc.
39K
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
2.2M
Network Security 101: Full Workshop
SecureSet
1.6M
Zscaler's Cloud Access Security Broker (CASB)
Zscaler Inc.
13K
AWS Certified Cloud Practitioner Training 2020 - Full Course
freeCodeCamp.org
2.1M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.