ZPA Supporting COVID-19 Response

Thought I would start a thread for us to help each other with the huge demand I’m sure we are all under with our staff being asked to work from home.

Anyone want to start us off of with hints, tips, problems and questions.

Should we build more connectors or add more CPU’s?
Is there a balance between both of those?
We are using the 6 x m5a.xlarge in AWS. Should we just upgrade all these to m5.2xlarge?

What are the key indicators to monitor to know when you need to upgrade or add more connectors?

In our experience it’s CPU. We see some connectors run at 100% CPU with just 200Mb/s of traffic but others run at 50% CPU with 600Mb/s.

We’ve been using https://www.netdata.cloud/ to gather data from the connectors and it’s really lightweight and proven very useful. We send all the data into a local influxdb and then mine the artifacts from there.

How do we support remote workers in Egypt where the government heavily restrict ZPA connectivity?

While adding more CPU and RAM will increase the maximum throughput capacity of a connector, generally we recommend adding additional connectors within the group instead. This assures that if a connector is down for a scheduled or unscheduled reasons the impact is smaller, and there are more options available for that traffic to be served. Always think n+1.

2 Likes

Ok so both are viable options. You just need to consider the failure scenario.
We have used all the IP addresses in our /28 so scaling up is the only option for us at the moment.

Thanks for kicking off a thread @GordonWright, I’ve started collecting resources in the CFA category here - Business Continuity During COVID-19 / Corona Virus

1 Like

Gordon, I had a call with your team last Friday to review ZPA Private Service Edge. With Service Edge, the ZPA broker functionality can be hosted by customers on their own infrastructure. This enables ZPA in regions where a Zscaler DC may not be close enough.

2 Likes

Thank you. We are looking forward to doing some testing especially in our challenging remote locations.

We had a very successful first day with the whole company working from home (approx 70k users). The extra capacity we added in Azure & AWS performed very well. Some connectors peaking at over 400Mb/s at times !!

1 Like

Day 3 of working from home and running the ZPA infrastructure at this scale almost feels like BAU already.

1 Like