Summary

Zentera CoIP Access Platform provides a secure access and segmentation capabilities that protect sensitive applications and data.   Such security is often best, and quickest, to achieve with the agent-based onboarding of the sensitive servers, VMs, or containers.  A natural question then arises about the impact of adding an agent to a machine already processing heavy workload traffic.  

This article reviews the performance of different access types between two application servers, having agents on both sides.  Other communication methods, such as user-to-application, or agent-less alternatives are not covered here.

The platform's flexible access and chambering policies provide the following general control mechanisms for communications between application servers:

• Filtering

• Encapsulation with optional encryption (tunnel)

• WAN support for unconnected networks via ZNS appliance

Each of these mechanisms has corresponding security benefits, potential operational implications to already running applications, as well as performance impact.  Three methods are analyzed:

• CoIP WAN Access Policy - Tunnel via ZNS node

• CoIP LAN Access Policy - LAN-based encapsulated application traffic

• Chambering Policy - LAN-based traffic only applying filtering at both ends of the connection

Performance Measurement Setup

<to be added>

Performance Analysis

<to be added>

CoIP WAN

<to be added>

CoIP LAN (No Encryption)

<to be added>

Chamber Only

<to be added>