With every webpage loaded, email sent, or video streamed, network traffic takes a complex journey…
As businesses increasingly rely on Microsoft SaaS and Azure-based applications to support their distributed workforce, ensuring optimal performance and user experience becomes crucial. With complex corporate network architectures like SDWAN, Secure Access Service Edge (SASE), or Cloud Access Security Brokers (CASB), and a reliance on Microsoft’s vast network architecture, monitoring and troubleshooting performance issues can be challenging. However, cloud-based synthetic sensors offer an effective solution to measuring network performance, overhead, and latency.
This article explores:
- Support challenges presented by SaaS application
- How Microsoft’s Global Network’s Distributed Service Front Door architecture enhances the user experience and highlights the limitations of legacy monitoring tools.
- How and why leveraging synthetic and digital experience monitoring reveals performance issues and ensures productivity within a distributed workforce.
- Remedies for the lack of Microsoft SaaS application monitoring and cloud visibility
Challenges of Supporting SaaS Applications
Adopting and using any SaaS applications changes the playing field for many businesses. Small, medium, and large businesses can increase their agility by adopting cloud and SaaS platforms. To successfully adopt and support these platforms, IT staff, and in particular, network administrators, must address challenges first:
- Extreme loss of visibility: Before the proliferation of SaaS apps, IT could insert a line of code or add a telemetry product to get good visibility end-to-end into how the systems perform. With the advent of SaaS apps, that cloud and SaaS performance visibility is lost.
- Numerous network hops and network variability: Microsoft and most SaaS providers recommend as few network layers or proxies in place as possible. Especially for home and hybrid users. Additional network hops further impact latency, availability, and deliverability of SaaS apps.
- Outage detection and possible single points of failure: Detecting outages proactively becomes impossible with lots of complex distributed SaaS apps like Microsoft 365 or Google Suite.
- SaaS application deliverability: Ensuring optimal SaaS app delivery becomes even more murky for remote and branch office users. Determining root cause for remote users can be a struggle, traversing the layers of VPNs and Software Defined Wide Area Network (SDWAN).
- Network assessment and capacity planning: Assessment, planning, and network testing becomes difficult as the network and app delivery becomes more complex. When servers were local to the LAN and user, only the internal network needed to be tested. Now that SaaS access occurs via the Internet and various ISP gateways, capacity planning is a shot in the dark and dependent on vendor architectures.
Microsoft’s Answer: Azure Front Door
While the location of your Microsoft 365 tenant is important from a locality perspective, connectivity to Microsoft 365 services is scaled through hundreds of network locations in a global architecture known as their “highly distributed service front doors”. In most cases, connecting directly to Microsoft’s front doors is preferable rather than centralizing egress via corporate network. The user experience will be optimal the more you utilize Microsoft’s network front door architecture and features such as global load balancing, SSL offline, and application acceleration that are built into Microsoft’s front door network architecture.
But still, Microsoft’s front door network architecture requires respect, observance, and at least some understanding from network and application support engineers. There are rules and recommendations that will assist in optimizing the overall digital experience for end-users connecting to Microsoft and Azure services:
- Identify and Differentiate Microsoft 365 traffic
Once Microsoft-specific traffic is identified within the network or egress, specific optimizations can be taken against that traffic. For more information about Microsoft 365 endpoints, see the following link, which is an updated list of Office 365 endpoints and URLs for the different services. - Egress Network Connections Locally
To properly take advantage of Microsoft’s distributed network architecture and balanced DNS, corporations should exit their WAN’s as quickly as possible and avoid back hauling Microsoft traffic unnecessarily. See the diagram below. Because Microsoft 365 runs on the global Microsoft network, there’s often a front-end server closer to the user. Once traffic is back hauled to the corporate LAN, latency and overhead will be introduced will negatively impact the user experience. - Avoid Network Hairpins
A network hairpin occurs when WAN or VPN traffic is redirected to an intermediate or geographically distant destination introducing latency and delays. Network hairpins can also be caused by suboptimal DNS lookups. While corporate entities often feel the need to enforce their security stacks, at a minimum, their overhead should be regularly measured and their points of failure monitored to ensure the digital experience isn’t severely impacted. Exoprise CloudReady synthetics are designed to operate through VPNs, proxies, and other in-data-path redirection. - Assess and Avoid Proxies, Traffic Inspection Devices, and Duplicate Security Technologies
Most enterprise networks enforce security measures for Internet traffic but can dramatically reduce performance, scalability, and impact the quality of the user experience when applied to Microsoft 365 services. Often, there is a native security service within the Microsoft 365 platform that can be a better substitute and won’t impact the digital experience of the user. - Make Increment Changes Where Overall Re-architecture Isn’t Possible
Finally, while Microsoft offers many recommendations to optimize the connectivity to Microsoft services, each enterprise has different network topologies and security layers to deal with. Microsoft recommends employing some changes incrementally; Local DNS resolution, Local Internet egress, Regional Internet Egress if local can’t be accomplished, bypass proxies and network inspection devices, enable direct connections vs VPN overlay networking, utilize an SD-WAN vs a traditional WAN architecture.
Synthetic and Real-User Monitoring Designed for SaaS Yields Results
When it comes to traversing complex networking to assess Microsoft SaaS applications, synthetic sensors from CloudReady are designed to quickly pinpoint the root cause of any issue – even in SASE and CASB products.
Exoprise addresses these challenges by providing comprehensive monitoring and visibility of Microsoft SaaS applications. With the use of CloudReady synthetics sensors, Service Watch (end-user RUM) and Service Watch Active Test (end-user synthetic monitoring), IT professionals possess the metrics and experience scores to assess the performance of each Microsoft application independently. This combination of RUM and synthetics enables IT to get back the visibility that once existed when systems were delivered solely behind the firewall and on-premises.
IT personnel can enable the prioritization, capacity planning, and fine-tuning of their networks to resolve issues and recover Service-Level Agreement violations from SaaS or network suppliers.
Additionally, Exoprise synthetic and RUM applications facilitate performance assessment in remote office and home office environments. IT support teams can quickly set up tests to troubleshoot user issues proactively, ensuring productivity. This capability allows real-time evaluation of factors such as local ISP performance, Wi-Fi access point performance, and user network choices (VPN, Wi-Fi, or Ethernet).
For examples of, see the following videos
- How To Test and Monitor SharePoint Online Performance
- How To Test Microsoft Teams Audio Video Conferencing
- Introduction to Service Watch Active Test for Network Synthetics from User Machines
Conclusion
Troubleshooting Microsoft SaaS performance and Microsoft’s Azure Front Door network topology is crucial for organizations with distributed workforces. Legacy monitoring tools turn out to be ineffective in providing the necessary visibility into the complex infrastructure that supports Microsoft 365 and Azure.
As part of implementing SaaS applications like Microsoft 365, organizations should consider adopting SaaS synthetic sensors and leveraging digital experience monitoring to establish baselines, improve root cause and provide support. By implementing these solutions, businesses can stay ahead of performance issues, enhance user satisfaction, and ensure the success of their distributed workforce in the era of SaaS applications.