time-taken is Not Exposed in Cloud SWG Portal
search cancel

time-taken is Not Exposed in Cloud SWG Portal

book

Article ID: 409644

calendar_today

Updated On:

Products

Cloud Secure Web Gateway Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

The time-taken field in Cloud SWG proxy logs is often referenced as a metric to gauge request latency. However, it is not a reliable measure of end-user experience due to multiple factors affecting its accuracy. As a result, the Cloud SWG Portal does not expose time-taken to customers in UI reporting, dashboard elements. This KB explains the environment, underlying causes, and recommended approach for accurate performance measurement.

Environment

 

  • Cloud SWG Proxy/Edge logs (Forwarding Proxy Mode, Edge SWG, or Hybrid deployments)

  • Portal UI: Reporting Dashboards

  • Scenarios involving:

    • ICAP/Malware/DLP scanning

    • Large file downloads or streaming content

    • SSL/TLS inspection

    • Cached and uncached requests

 

Cause

The time-taken metric is heavily influenced by factors unrelated to network or proxy efficiency, making it unsuitable as an absolute measure:

  1. Large Files and Streaming Content

    • Requests for large files or long streams count the entire transfer duration, artificially inflating time-taken.

  2. ICAP / Malware / DLP Processing

    • Requests requiring scanning or sandbox detonation include scanning time in the metric, which can vary significantly and is not representative of network or proxy latency.

  3. Caching Effects

    • Cached responses (TCP_HIT) show significantly lower time-taken than cache misses (TCP_MISS), resulting in inconsistent comparisons.

  4. Parallel / Chunked Transfers

    • Pipelined or chunked requests may overlap, causing time-taken to reflect the last chunk rather than the actual request completion for the client.

  5. Network Variability

    • Latency between proxy and origin servers, retransmissions, or congestion can skew time-taken independent of proxy performance.

Because of these factors, exposing time-taken in the Cloud SWG Portal could mislead users into thinking that latency is higher or lower than it truly is, leading to incorrect operational conclusions.

Resolution

 

  • Portal Behavior

    • The Cloud SWG Portal does not expose time-taken in UI.

  • Alternative Metric: time-to-first-client-byte (TTFCB)

    • Engineering is introducing time-to-first-client-byte to measure when the first byte of a response reaches the client, excluding file transfer or scanning delays.

    • TTFCB provides a more accurate and consistent representation of perceived latency.

  • Best Practices

    • Avoid using time-taken as a benchmark for end-user performance or SLA measurement.

    • Use synthetic probes, client-side monitoring, or TTFCB for accurate performance assessment.

 

Powered by Wolken Software