Getting the most from your WAN.pdf

Getting the Most from Your WAN an Networking eBook contents] [ Getting the Most from Your WAN This content was adapted from Internet.com's Enterprise IT Planet and Enterprise Networking Planet Web sites. Contributors: Mark Weiner, Sean Michael Kerner Charlie Schluting, and Sandra Gittlen. 2 2 The Challenge of Branch Office Networking Mark Weiner 6 8 WAN Acceleration Will Play Big in 2009 Sean Michael Kerner WAN Optimization 101: Know Your Options Charlie Schluting 6 8 12 14 12 14 WAFS: Building a Better Pipe for Remote Locations Charlie Schluting Getting Branch Office VoIP Deployments Right Sandra Gittlen Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. 1 [ Getting the Most from Your WAN ] The Challenge of Branch Office Networking By Mark Weiner O ne of the biggest challenges facing the networking industry today is how to deal with the needs of the branch office. As businesses become more global and more decentralized, the role of the branch office becomes ever more important. In fact, more than 90 percent of employees now work outside of corporate headquarters, according to Nemertes Research Inc. These employees are in sales, customer support, R&D, administration, manufacturing, marketing, finance, and other vital functions that contribute to the bottom line. And they are using sophisticated applications such as customer relationship management (CRM), enterprise resource planning (ERP), and supply chain management (SCM). extensions of the central IT network and equipped only with connectivity nodes. Now more branches have their own devices and systems to support mission critical applications, but they typically have a smaller set of capabilities than headquarters and little or no IT staff, making it very difficult to cope locally with any problems that arise. Since not all networking devices at the branch can be managed remotely, IT personnel from headquarters may need to go on-site to troubleshoot problems. As a result, the total cost of ownership of branch office networking can be quite high, both in business and monetary terms, yet until recently no one has been paying attention to this issue. Jupiterimages Yet historically, the branch office has been largely ignored. A Nemertes survey found that 73 percent of enterprise participants had not created a comprehensive strategy—including cost-benefit analysis—to support remote workers. Headquarters typically has the latest networking technologies, services, and applications, and also has the IT staff required to keep the network up and running 24x7. However, despite the increasingly crucial role they play, branch offices have simply been Many Boxes Lead to Many Problems The typical branch office of a Fortune 500 company has six or seven discrete network appliances—firewalls, routers, intrusion detection/prevention, VPNs, voice systems, and more. Purchasing decisions may be made at the branch, not at headquarters. Each branch may thus have a hodge-podge of different equipment from different vendors that may not pro- The typical branch office of a Fortune 500 company has six or seven discrete network appliances—firewalls, routers, intrusion detection/prevention, VPNs, voice systems, and more. “ ” 2 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] vide the necessary level of intelligence or security. This lack of uniformity means different offices may have very different capabilities, which makes it extremely difficult to provide a consistent, easy-tomanage networking experience across the enterprise. Enterprises See Need for Change Enterprises are beginning to realize that the current branch-office networking paradigm does not really work—it is actually a bottleneck to introducing new services that will improve productivity. To perform their jobs well, personnel at the branch office need the same kind of advanced network products available to their colleagues at headquarters—solutions purpose-built to address branch office needs, support enterprise business processes, protect critical data, enable high-speed access to the corporate data center, provide predictable performance, and are functional, reliable, and available on a 24x7 basis. Deploying and managing so many boxes is a formidable task. Because there is a veritable conga-line of boxes in the network, adding a new box or application or updating software can have unexpected repercussions. These boxes were born as point products; they were never designed to tightly integrate with multiple boxes from multiple vendors. Coordinating equipment across multiple services can be a serious issue; if one box in the line is reconfigured or updated, it may not Equipment vendors have attempted to address the work well with the other boxes. Security and communishortcomings of networks based on multiple, discrete cations can be at odds with one another, so any devices by developing multi-services systems that conchange in the security server may block an applicacentrate multiple appliances and tion that is critical to users in the services in a single box. These sysbranch site. For example, a tems offer the benefit of uniformity, branch office that updates a firebut because they have no common Enterprises cannot wall filtering rule may suddenly architecture, operating system, or find that it is not receiving voice necessarily gain management, they are still merely service; the filter update may have uniformity by a collection of independent point blocked a port. products. Consolidated network purchasing their appliances thus offer little in the Enterprises cannot necessarily branch equipment way of economies of scale, cost, gain uniformity by purchasing processing, or management. from a single vendor. their branch equipment from a “ ” single vendor. Since many vendors add important new technologies to their product lines via acquisition, their products—branch routers and firewalls for example—will not necessarily work well together. Solving the problems associated with branch office networking requires a completely new approach, one that combines the following characteristics: • Any new technology must reduce the number of devices, which in turn will reduce the demand for management, support, and maintenance • Installing, supporting, and maintaining the device must not disrupt network services • The hardware must be fully manageable from a remote location • The product must have a single interface and policy for all services. • The services performed by the device must leverage common resources for the most efficient performance • Performance must be sustained as new services are added or as regular software updates are performed. Updating any part of the branch office network also requires more truck rolls, more management, more support, and more maintenance—and causes more disruption, sometimes even shutting down the entire network. Software upgrades can account for a large proportion of support problems; nine times out of ten branches that have problems when they update their voice system find they are due to software issues. The network and the inter-relationship of its hardware and software elements is so complex and difficult that IT staff can spend 40 percent or more of their time on troubleshooting errors, misconfigurations, interoperability and compatibility problems, and in general making sure that all the boxes in the network work together. 3 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] Heart of Gateway Services gateways converge a number of discrete applications and services into a single box—and convergence can bring with it a host of problems. As mentioned earlier, it is extremely difficult to make multiple services work together, since a change in one Services gateways have several important characterisservice can have repercussions that affect other servictics that make them particularly suited to the branch es. The key difference with a services gateway is that office. They classify and inspect packets only once; one-pass packet processing helps truly unify multiple they have an open, flexible, modular architecture; and devices while an open, flexible, modular architecture they have a separate management backplane, so they optimizes interprocess communications. The gateway can be managed centrally without provides a holistic approach to truck rolls. convergence; it understands all services and can check to make Packet Classification at sure all are configured properly. The services These requirements define a new product category known as services gateways, which simplifies branch networking and lowers total cost of ownership by unifying multiple services such as standards-based security, VoIP, data services, and access services into one remotely manageable platform. Because services gateways are designed from the ground up to support multiple services efficiently, the processing and management of all services are unified—not scattered across multiple boxes—so they are always available, accessible, and running at peak performance. Single pass classification ensures CPU efficiency, improves performance, and reduces the risk of errors. Single pass classification also ensures excellent scalability—adding new services will not add extra processing cycles to every packet. Many Services Unified in One Box “ ” Services gateways can correlate At the heart of full services unifiis open and modular— faults and alarms and understand cation is the gateway’s ability to traps, alarms, and events and how traits that can even handle packet classification and they play out across multiple inspection in one pass, for all extend to system devices. This capability makes it services. The importance of this is impossible to implement conflicting management. best understood by taking a look rule sets in different services and at how ordinary multi-services systhus prevents many problems tems handles a packet. When a before they even arise. Services unipacket enters the system, it goes fication is especially important when it comes to effecto the router, which classifies the packet for services tively deploying SIP phones in the branch, since this processing, determines where it is going, and sends it requires close coordination with other devices for servicon its way. Next stop is the firewall, where IPsec classies such as QoS and firewall. fies the packet—again. In fact, the system classifies and processes packets one service at a time—whether Service Down? Adding New or not the processing is necessary. This places a tremendous processing burden on the CPU, increases Services? No Problem latency, and wastes system resources. The services gateway architecture is open and modular—traits that can even extend to system manageA services gateway, on the other hand, defines classiment. The most advanced services gateways have a fication and specifies complex policies in a way that is dedicated management framework that connects all radically more efficient. A packet goes straight to the network services and enables them to keep on workfirewall—thus stopping virus, DoS, and other probing even if one of more services are down. This framelems before they can enter the gateway—where IPSec work not only makes all services at the branch comservice classifies it and attaches a tag with the classifipletely deployable and manageable from a central cation data. Once classified and tagged, a packet is location—but also makes them accessible even when processed only through the appropriate services. the primary path between corporate IT and the gate4 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. gateway architecture [ way at the branch is down. Getting the Most from Your WAN ] It’s the Business That Counts Services gateways offer a myriad of benefits; their architecture supports the branch, is remotely manageable, is easy to upgrade, reduces the need for IT staff at the branch, is highly efficient, eliminates truck rolls, reduces total cost of ownership, and more. Yet it is the sum of these benefits that matters most to the branch office—around-the-clock availability of the applications that keep the enterprise humming at a cost the branch can afford. In short, enabling branch offices to further power the business. I The modular architecture also enables IT to add new service modules as they become available. Users can start and stop modules, fix bugs, and hot-swap software without affecting any other services. If one service fails or is taken out of operation, the others keep on working. The gateway is also future-proof, because new services are added simply by plugging a new software module into the existing architecture. This degree of flexibility is extremely important at the branch, since it may have little ability to deal with system downtime and failures. 5 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] WAN Acceleration Will Play Big in 2009 By Sean Michael Kerner L ooking for faster WAN and SaaS access? The solution may well come from a WAN optimization solution. Don't worry if you can't lay out all the cash now, carriers are aligning themselves with equipment vendors to offer WAN acceleration as a managed service, which could lower capital expenditure costs for enterprises. WAN optimization technologies from vendors like Cisco, Riverbed, Juniper, Blue Coat, and others offer the promise of reduced latency and overall better bandwidth utilization for applications. As enterprises continue to seek out ways to do more with less, WAN optimization is a market that is projected to reach $1.2 billion in revenues by 2010. ceived to be attractive is a growing resource skills gap at enterprises as companies continue to downsize staffing. "If the 'enterprises' don't have the necessary people, processes, and tools needed to manage the systems on an ongoing basis, it can often be cheaper to engage a managed service provider (MSP) rather than build these capabilities themselves," Will Scott Cisco's director of service provider marketing, managed business solutions told InternetNews.com. "In addition, from a cost perspective, managed services often include the underlying technology, processes, and people as part of a predictable, monthly recurring charge -allowing the end user to adopt and consume the Jupiterimages wide area network (WAN) acceleration technology as OPEX rather than CAPEX." "Certainly in today's market with the financial conditions we're experiencing, most people would support the idea that a large contingency of the end user community are looking for alternatives to large scale capital expenditures," Randy Schirman, Riverbed's VP of service provider business, told InternetNews.com. Another key reason why managed services are per- Filling a Global Need Service providers like NTT, Verizon, AT&T, BT, Telestra, and Telus are now offering Managed WAN optimization services that include hardware from network equipment vendors. In the case of NTT America they As enterprises continue to seek out ways to do more with less, WAN optimization is a market that is projected to reach $1.2 billion in revenues by 2010. “ ” 6 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] use equipment from both Riverbed and Cisco to offer to customers. The reason why carriers like NTT offer managed services is simple, it's something else that global enterprises need and will pay for. "Compared to an in-country network, in global applications longer latency affects application performance and throughput issues are sometimes attributable to latency, not the bandwidth," Stephen Bloom VP for business development at NTT America's Arcstar Business Unit told InternetNews.com. "It is always important to design network and bandwidth to fit customers' business requirements. Having the Managed WPA (WAN Performance Accelerator) enables us as a global network provider to offer enterprise customers an optimization of the global network." Bloom argued that by going the managed service route for WAN optimization, enterprises get one stop Global WAN operation including acceleration devices. At the core though, it is continuing demand for more bandwidth and greater operational efficiency that is driving the need for WAN optimization technologies, managed or not. "First of all, the size of data or file exchange in business has continuously grown in the past few years," said Bloom. "The most significant change is that as a result of consolidation and centralization of services worldwide, the traffic that goes through customers' global WAN dramatically increased. The overall increase in communication traffic that goes through global WAN expands the market." Barriers There are, however, a few potential barriers to adoption for Managed WAN optimization. "In any emerging, new technology or service area there are always barriers to adoption - with most of these naturally overcome as the market grows and matures," Cisco's Scott said. "Our enterprise marketing programs and teams look to educate enterprises on the benefits of managed services and to articulate the benefit of working with a service provider who offers these services." Lack of awareness of the impact WAN acceleration is another issue. It is, however, an issue that can often be dependent on individual circumstances and specific application environment tuning. "Customers can only see the effect of WAN acceleration after they deploy it in a real customer environment," NTT America's Bloom said. "This is one of the factors that makes the customer hesitant to go with the solution." Bloom added that try before you buy as well as consulting and performance tuning can be offered to help overcome that issue. Yet at an even deeper level, the same economic factors that might be driving enterprises toward managed WAN optimization solutions might well also be keeping them away. "A lot of folks are taking a cautious view right now as they look at the world markets, " Schirman said. "We've seen numbers of companies reporting that they show concern and caution about the customer's ability to spend. Probably more than anything right now that's probably the biggest concern. The economy and its impact on the customer mindset could cause people to defer or delay decisions for the time being." I Add Web 2.0 and SaaS to the Mix For Juniper Networks, there is another driving factor that is pushing enterprises toward WAN optimization technology and it has to do with the types of applications that enterprises are now using. "As Web 2.0 and SaaS usage proliferates, the requirement of optimizing SaaS traffic using WebAcceleration becomes critical to enable an enhanced end-user experience," Ravi Medikonda, director of marketing for Juniper's service provider business, told InternetNews.com. "We see a great market potential for web-acceleration, growing in conjunction with the SaaS market." 7 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] WAN Optimization 101: Know Your Options By Charlie Schluting AN, or Wide Area Network, is a term used to describe most external network connectivity to a business. WAN optimization is a hot topic, and there are many vendors who'd like you to realize this. In lieu of getting a faster connection, there are many different approaches to optimizing your WAN connectivity. The standard mention of "WAN" implies a high cost, low bandwidth (relative to your local network), and high latency connection to an ISP. These take the form of T1 or T3 circuits, or SONET-based connections such as OC-3 or OC-48's. "WAN" is almost as vague a term as "network." It doesn't really mean any one thing, but is commonly used to discuss nonlocal network connections. The real problem with WAN connectivity is that business-critical applications are generally in direct competition with all other Internet traffic on your link. Often business applications are delayed because of unwanted traffic to a site. Spam, viruses, and even worker-driven Web traffic can tremendously hinder a business's ability to complete its mission. W The real culprit is TCP, because it really doesn't care about much aside from getting things through reliably. All applications are treated equally, unless some sort of engineering has been done to prevent this. Furthermore, TCP will happily use all available bandwidth, in a very bursty, inconsistent manner. TCP's congestion control mechanism is to simply start sending traffic slowly, and then increases until loss occurs. When loss happens, the lost data must be retransmitted, creating even more congestion. If only there was a way to send all high-bandwidth traffic to known endpoints intelligently, without using TCP's fickle congestion control methods. Products do exist that will allow site-to-site optimization by placing optimizers at Jupiterimages the entrance to each network. Specified TCP connections can be terminated locally, and then the WAN-facing link gets to use a proprietary protocol, optimized for the WAN link it's using. Just taking TCP out of the picture in this situation can tremendously improve throughput. Some marketing material even says 5000 percent throughput, for what that's worth. The real problem with WAN connectivity is that business-critical applications are generally in direct competition with all other Internet traffic on your link. “ ” 8 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN Of course, that's just for site-to-site business applications, with two configured endpoints. What about all other traffic? If the WAN link is completely saturated, the special traffic above still won't improve that much. Some proposed solutions involve QoS (quality of service) to identify which traffic is important, and which isn't. Coloring packets normally accomplish this. Classifying which traffic gets priority can then be used to, give priority to such traffic. Again, we're in a situation where we have prioritized important traffic, but we still have a congested link. The slightly effective workaround is to implement some type of queuing, or traffic shaping mechanism. Now things start to get ugly. The queuing idea, simply put, classifies all traffic into queues. The most important data gets processed first, and the rest later. When congestion already exists on a link, all queuing accomplishes is to slow everything down, except the high-priority traffic. Branch Office Routers: Build or Buy? By Charlie Schluting How many times has your friendly Linux administrator said "I can do that in Linux for only $1,000 in hardware!" Many discussions have taken place in various forums both for and against building your own router. We'll try to combine some of the important considerations into one place. First, one point of confusion needs to be taken care of. You simply cannot push line-rate gigabit through PC hardware. Sorry, most low-end Cisco routers can't even do that. When we're talking about access-lists and possibly stateful filtering, and the added processing involved in that, PC hardware can't come close. You're never going to replace important Internet routers with software. What we are talking about is the possibility of running a branch office router on a BSD machine. Most network engineers prefer some flavor of BSD to Linux, so we'll assume BSD in this discussion. The likely cause for this widespread disdain is because Linux kernel 2.4 had a tendency to deadlock when fed more than 100K routes. There are two software routing packages available: quagga and gated. Gated is non-free, but copes better with a full Internet routing table. Quagga is the successor to zebra, and is free. Both applications can speak OSPFv3, BGP4, and RIPv2 for both IPv4 and IPv6. The considerations, from a technical standpoint, are twofold: memory and Packets Per Second, or PPS. PPS is a measure of how fast packets can be forwarded. The network card and its driver make all the difference here. A good Intel NIC should be high on the shopping list. Memory is important because of the memory requirements inherent in BGP routing. For example, 256MB is barely enough for a full Internet routing table at its current size. Latency will increase, since nothing is going to be forwarded in hardware with a home-built solution, but it's normally tolerable. continued ] An ideal solution will allow you to prioritize traffic, and guarantee a certain amount of available bandwidth for mission critical applications. “ ” The level of optimization required highly depends on the specific application. An ideal solution will allow you to prioritize traffic, and guarantee a certain amount of available bandwidth for mission critical applications. Sorting out highly critical traffic such as ERP and CRM applications, and placing a higher priority on that traffic as opposed to Web browsing or video can go a long way toward ensuring efficiency. In the WAN optimization arena, there exist two types: B-DRO and D-DRO. DRO stands for Data Replication Optimization. B-DRO is for branch office to data center traffic—generally a low speed link. D-DRO is for data center to data center connections. 9 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] Complete WAN optimization solutions allow a business to do much more than simply queue the bad traffic. They can block unwanted (in and outbound) traffic, allow it at certain time during the day, give priority to certain hosts, and enforce many other related policies. They will optimize the actual traffic as well, providing lower latency and higher throughput for the most critical applications. Compression is a very powerful tool. Broadly speaking, all WAN optimization solutions boil down to is a laundry list of a few available tricks: • Traffic prioritization • End-to-end tunnels, employing better protocols than TCP, or TCP tricks • TCP tricks: selective ACKs, limiting retransmissions, reordering packets, and compression Branch Office Routers: Build or Buy? T1 and T3 cards can be obtained for both PCI slots and Soekris boards (MiniPCI). A modest FreeBSD machine can certainly handle T1 traffic, including routing daemons and filtering, without too much trouble. There have even been reports of Soekris boards running FreeBSD and pushing a DS3 at linerate while handling 80,000 BGP routes. There are many fine points to argue about using PC hardware for routers. Perhaps Linux 2.6 has fixed everything and it is just as stable as BSD, perhaps you can push 45Mb/s on a 550 MHz PIII machine with full stateful filtering. Lots of things are possible, but let's talk about whether or not you should. Like most things IT, great care needs to be taken when deciding whether or not to deploy a home-built router. The financial aspects go far beyond the initial hardware purchases. If a solution can be built for less than $1,000, and the alternative router from Cisco costs $5,000, this doesn't necessarily mean the $1,000 options is the cheapest. A funny thing about PC hardware is that there are moving parts, and sporadically inferior components. Hard drives die all the time, and CPU and memory frequently need to be replaced as well. The really great thing about buying a Cisco 2600-class router is that there are no untested components, and there are no moving parts. If something does go wrong for some reason, a replacement is just a quick phone call away. The saved configuration file is loaded into the replacement, and you're back in operation almost immediately. If the custom-built computer fails, it's normally necessary to rebuild from scratch. That means installing the OS, restoring configurations from backup (hopefully) and basically reconfiguring everything. Yes, it's possible to take a hard-drive image of each router, and use that to restore the computer in the event of catastrophic failure. That method doesn't quite scale, though. Even if you have similar hardware on many routers so that it's possible to use the same image all the time, you're still backup up more than one simple Cisco config file. You have to save password files, firewall configurations, hostnamespecific configurations, and the list goes on. continued When saturation begins to take hold, the first application to become usable is VoIP, and it isn't hard to prioritize. “ ” We didn't mention VoIP prioritization or MPLS providers. Frequently, MPLS providers cannot help the real source of congestion: your last mile. If that's not the bottleneck, then MPLS services are useful, and the hype is well deserved. Just realize that an understanding of your traffic and the network bottlenecks is required, before a decision can be made. VoIP was left out because if you're using VoIP, you probably have a WAN optimization solution in place already— VoIP requires bandwidth availability. When saturation begins to take hold, the first application to become usable is VoIP, and it isn't hard to prioritize. Disaster recovery solutions often involve replicating data over D-DRO WAN links. The sharing of files, or actually hosting files over a WAN link is also very tempting. Everyone who has attempted CIFS or NFS over WAN links knows that this is a road fraught with 10 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] perils. Wide Area File Systems, or WAFS, is designed to allow remote offices to remain serverless. The WAFS technology deploys many tricks to make this possible, but it is something completely different than general WAN acceleration technologies discussed here. Many WAN optimizers now support WAFS. So even though there is a clear distinction in functionalities, these products are merging, like switches and routers. I Branch Office Routers: Build or Buy? Complete and total failure isn't the only concern. What will you do when your OS starts locking up for no apparent reason? You will definitely see some bugs, especially if you're handing the router a full Internet routing table. Home-built routers require on-staff expertise far beyond the ability to read a howto document to "just get it working." Sometimes it's even necessary to hack some code. The most important consideration, aside from PC hardware quality, is that of time and skill. When you apply kernel updates on the BSD machine, will something else break? It's hard to say. The great part about spending the money on a Cisco router is that it only has one purpose. It is your router. Updates to unrelated components (there are none in a Cisco) couldn't break your existing router. Cisco service plans include security updates and bug fixes in the form of a single easy-to-update software image. If building a software router is your business's core focus, then by all means you'll want to roll your own. If you're planning on dedicating an employee to maintaining these hand-rolled router boxes, then you've thought well about this problem. If not, then you need to sit down and carefully weigh the (dis)advantages of doing so. Routers that you purchase from a company have been carefully configured to do just that: route. You'll save money in the long run, both in terms of hardware and man-hours spent working on it. I 11 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] WAFS: Building a Better Pipe for Remote Locations By Charlie Schluting T he concept of "WAN optimization," which we discussed earlier, doesn't cover everything you need to know about connectivity outside your own network. Most notably, Wide Area File System, or WAFS, is a specific technology designed to optimize WAN-based file system performance. This article will explain how WAFS can minimize costs in branch offices. WAFS is intended to facilitate implementations of the desirable "serverless remote office," which doesn't require skilled admins onsite. Even fairly large sites can get by with low-skill and low-cost PC support personnel, instead of keeping IT staff on-site. Centralized IT services also imply that remote sites don't require backups, data protection, or anything else. The idea is to configure remote systems for server-based operation. This can mean many different things, so we'll keep the terminology vague. Local PCs connected through Windows Active Directory will work, if users are trained to store files on remote shares. Other configurations are possi- ble, and varying levels of centralization are suitable for a variety of situations. Simply placing applications on fewer servers can save on software licenses, in some cases a significant amount of the remote office's budget. In the ideal case, where file services can be centralized, cost savings are extreme. A central office can likely absorb storage costs, including backup and disaster recovery. Regardless of what specific design is required, the real news here is that WAN file access can be implemented without purchasing a faster Internet pipe. These new technologies enable the remote office to send and receive data over much slower links than ever before. In the case of office workers, the Microsoft Office example is still a great one. Opening any recent Word or Excel docuJupiterimages ment can take literally 10 to 100 (or more) file system reads, even for the most trivial of document types. The CIFS protocol itself is quite inefficient. Coupled with a slow WAN link, opening an office WAFS is intended to facilitate implementations of the desirable "serverless remote office," which doesn't require skilled admins on-site. “ ” 12 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] document can be an exercise in patience. Multiple tricks, services, features, or however they are marketed, allow WAFS to make remote sites feel like they're in the same building as their servers. One function of WAFS optimizations is to cache files. A corollary to this is that WAFS can also optimize certain protocols, by terminating connections locally and acting as a broker between local systems and a central server. WAN optimization, the general term we discussed last week, operates at layer 4. Since WAFS devices understand the underlying protocol, greater speed improvements can be realized over generic TCP/IP optimizations. As with any attempt to monitor, optimize, analyze, or aggregate, knowledge of the actual protocol being used on top is required to operate effectively. WAFS can yield such improvements in speed that users may not even realize their applications are being served over a WAN, but the question remains, "should you do it?" File caching, arguably the primary function of WAFS, provides tremendous benefit. Say everyone in the office is going to open the same Yes and no. The obvious drawback 100MB file a few times per day, is that if your central application or and maybe only one person is writSince WAFS file servers go down, then every ing to it. The WAFS device will remote site feels the outage at the store the file locally after the first devices understand the same time. If these services are time it has been transferred to the underlying protocol, redundant and resilient, "single remote site. In the case of large greater speed improvepoint of failure" isn't a very strong files like this, the WAFS box will ments can be realized argument either for or against likely have disk cache, but even WAFS. There is another point of memory-based caching configuraover generic TCP/IP failure, though: the remote office's tions can provide significant optimizations. WAN link. improvements for a diverse set of applications. When the person or If remote office uptime is mandatopersons who need to change this ry, the WAN link cannot be a single point of failure. If 100MB file save the data, only the changed parts of short outages are acceptable, then the benefits far outthe file really need to be transferred back to the central weigh the risks. For remote offices that require access server. to these file services in order to operate, WAN redundancy is a must. Generally these sites will already have Caching blocks of data is fairly straightforward, but synreliable and redundant WAN access anyway, because chronizing them cannot be done with most network file chances are they need some services from the central systems. Most WAFS implementations, most notably office already. the Cisco one, actually do optimize the CIFS protocol. To optimize something, you generally need to use it In short, the decision to make serverless remote offices differently than its intended case. This is an example of should be carefully weighed against the service level the second part of WAFS: spoofing the protocol at the requirements for the remote office. network borders, and doing something smarter in between. WAN Optimization and WAFS technologies are still growing, and the rate of adoption is beginning to grow Terminating protocols locally and using smarter protoas well. Remote offices can certainly benefit from these cols instead is essentially the same way generic WAN optimization works too. Only, this is at layer 7, and services, if carefully deployed. I “ ” 13 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] Getting Branch Office VoIP Deployments Right By Sandra Gittlen s voice over IP (VoIP) catches on in large enterprises, companies are pushing the technology out to their smaller offices to reap the rewards of four-digit dialing, site-to-site calling, and other cost-saving and collaborative features. But experts warn preparation in five key areas is critical for success. "Managing technology at branch offices and remote offices consumes a huge amount of IT budgets. If conceived, deployed and managed correctly, voice over IP alleviates this financial burden," says Johna Till Johnson, founder of Nemertes Research in New York City. The conundrum for IT lies in the fact that 90 percent of employees work away from headquarters, yet IT is becoming increasingly more centralized, she says. In fact, in a study of 80 companies, Nemertes found that 34 percent of IT's time is spent dealing with branch office problems. The firm estimates that between $9,600 and $48,000 is spent per IT person per year to troubleshoot branch office issues. A "What it takes to make voice over IP work is often underestimated and can lead to problems, so IT managers need to plan ahead," Johnson says. Here are some tips from Johnson and other voice over IP experts for guaranteeing a successful extension of your VoIP network. Keep It Simple "The days when companies could have IT staff at each branch-office location are long gone," Johnson says. "If IT designs a system where a user would have to run down the hall and grab a tech, that's not going to Jupiterimages work. Voice over IP use in those locations should be no more difficult than plugging in a toaster," she says. "The beauty of voice over IP is that it allows you to be more nimble, more agile. You can easily scale up or down," says William Stofega, research manager for voice over IP services at IDC Corp. in Framingham, Mass. The conundrum for IT lies in the fact that 90 percent of employees work away from headquarters, yet IT is becoming increasingly more centralized “ ” 14 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] However, to gain this benefit, he says companies need visibility into their networks from a central location. Whether you're using a CPE solution or a hosted solution from a service provider, he says you should ensure that you have a console that allows you to troubleshoot from afar. "You don't want to have to hire someone to come out and service your gear or fix other problems," he says. You should be able to push out operating system upgrades, security patches, and other important updates without leaving headquarters. Johnson recommends rolling out tools that give you instant and constant visibility into how the VoIP network is performing. You should be able to tell whether the phones are up and running, where call quality stands, and if call cues are clear or congested. This will avoid user frustration and an overload of calls to the help desk. "If you make it too complex, the project will get choked up, stall and you'll lose all support and excitement," says Lou Nardo, director of product management at IP telephony monitoring and management software maker Qovia, Inc. in Frederick, Md. "Voice over IP requires different troubleshooting techniques that allow you to easily fix problems and move on." Once these blueprints are established, IT will be able to easily increase or decrease deployments depending on changes at each site. Johnson adds: "You need to keep tabs on what's going on within your organization so if it grows, you know what to change out." Consolidate Your Telecom and Networking Teams "A big advantage of moving to an all-IP network is that you can collapse down from having separate telecom and network functions to just network functions," says Rod Hodgman, vice president of marketing at Covergence, Inc., a developer of tools that secure and manage real-time services in Maynard, Mass. "When you do this, you can narrow down your team." He warns companies not to completely get rid of either brain trust. "Make sure you keep some people who have knowledge of telecom quality of service and other important information as well as those who can tie telecom functions into network management tools. You need both to look out for security, reliability and quality," he says. Nardo agrees that companies should consolidate their telecom and networking, or data, teams and cross-train them. "We see a number of companies that struggle bringing the two teams together over new technologies. The successful ones are where the data team has clear ownership," he says. Create a Template for Rollouts "Each voice over IP implementation should have a unified look and feel," says Eric Paulak, managing vice president of network services and infrastructure at Gartner. He says companies should create a template for branch office rollouts that would make the process easier. Johnson agrees that templating your VoIP deployments is mission-critical. "Create several templates that match the various sizes of your branch offices -– for instance, small, medium and large," she says. Within those cookie cutters, IT groups should blueprint the necessary facilities, networking, and equipment requirements. Back Up and Cool Down "When you put voice over IP out to branch offices, you need to have emergency services," Johnson says. "The biggest issues are power and 911." IT teams must look carefully at wiring in branch offices because most don't feature the heating and cooling architectures necessary for VoIP networks, she says. Because VoIP draws power over Ethernet from switches, you have to vastly increase the power capacity of your switches in wiring closets as well as your HVAC requirements such as ventilation and cooling. While Paulak believes that the technology is mature enough for companies to go all voice over IP, they 15 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp. [ Getting the Most from Your WAN ] should carefully consider that decision. "You can limit your use of traditional phone lines, but you don't want to eliminate them," he says. Because service is so inexpensive -– around $20 per month for basic lines -– he says you should maintain a few lines for disaster recovery and emergency services. For instance, he recommends tweaking the network for quality of service and performance levels associated with real-time video. Stofega says that branch offices are a great next move for IT organizations looking to capitalize on their voice over IP investment. "I think voice over IP to the branch office is absolutely a good thing. It allows you to give everyone within an organization the same tools to conduct business. But the technology is still evolving, so you have to be smart about your deployments," he says. I This content was adapted from Internet.com's Enterprise IT Planet and Enterprise Networking Planet Web sites. Contributors: Mark Weiner, Sean Michael Kerner Charlie Schluting, and Sandra Gittlen. Consider Future Uses for Your Network Now Nardo says that as you deploy voice over IP, you should prepare for other applications that could take advantage of that infrastructure, such as videoconferencing. "While voice is the first widespread real-time application that we're seeing at the branch office, the next near-term one is video. IT groups are saying let's expand what we can do with IP and enable other programs," he says. 16 Getting the Most from Your WAN, An Internet.com Networking eBook. © 2009, Jupitermedia Corp.