Documente Academic
Documente Profesional
Documente Cultură
Moving to Office 365, Google Apps, Salesforce or any SaaS? Heres what it means for your WAN
Avoid application performance issues by upgrading your VPN to a CRN (Cloud-Ready Network)
www.ipanematech.com
EXECUTIVE OVERVIEW
IT infrastructure directors today find themselves in one of two situations: the business side of their organization is planning for SaaS applications that the VPN will need to support, or existing SaaS applications are underperforming or impacting the performance of other business applications. Gartner believes that through 2013, at least 60% of enterprises will experience slow or inconsistent application performance issues from externally placed applications, due to improper network design1. This is because VPNs and the tools used to manage them are optimized for traditional private applications residing in data centers, not those stored in the cloud. For example, SaaS collaboration applications, such as Google Apps, Microsoft BPOS/Office 365 and IBM LotusLive, consume much more network bandwidth than many traditional applications. Moving from traditional on-premise collaboration to a SaaS counterpart dramatically changes the way traffic flows across the WAN. In order to avoid application performance issues and ensure optimal end-user experience, infrastructure directors need to make their VPN cloud ready. A cloud-ready network (CRN) is a network that provides full application performance visibility and total control of both SaaS and on-premise applications. Ideally, the best time to prepare is prior to your first SaaS implementation, so that the impact of SaaS on your VPN can be mastered from the pilot phase through full enterprise rollout. However, upgrading your VPN to a CRN can be done anytime and in stages, depending on your level of cloud adoption, and whether or not you choose to change your VPN architecture. This paper is for the infrastructure director whose company: Wants to migrate one or more applications to SaaS without application performance issues. Is already using SaaS, and has application performance issues to address. May or may not want to change VPN architecture to an MPLS + Internet hybrid network to better support cloud-based applications. May already be running applications on a hybrid network and wants to optimize architecture to take full advantage of both MPLS and Internet bandwidth. The paper explains: VPN impact from SaaS applications: How SaaS applications are not all created equal; why legacy WAN solutions do not work for SaaS; how to guarantee SaaS performance; and how to ensure SaaS does not impact the performance of other business-critical applications. Infrastructure options: How to upgrade your VPN to a CRN, depending on where you are with cloud adoption; and how Ipanemas Autonomic Network System (ANS) prepares your network for the cloud, so your organization can fully embrace SaaS applications and derive all performance, time-to-value and cost benefits. Performance management: How an Applications Performance Dashboard can prove that your SaaS and legacy applications are performing during and after SaaS implementation; and how a WAN Governance approach to network management helps guarantee applications performance and ensure business continuity as SaaS applications are adopted. By understanding the issues, tools and infrastructure options and by moving away from traditional network management to a WAN Governance approach, infrastructure directors are empowered to say: Yes, the network is an enabler of cloud adoption, not a brake. Yes, my private applications will still perform, and in fact, even better than before. Yes, transitioning to the cloud can be done without disrupting the existing architecture.
Bjarne Munch, Is Your Network Design the Weak Link in Cloud Computing? Gartner, 27 August 2010
TABLE OF CONTENTS
1. 2. 3. 4. 5. 6. 7. 8.
Adopting cloud-based collaboration: What does it really mean for the WAN? ....................................4 Why conventional WAN solutions do not work for SaaS? ..................................................................5 Stages of cloud adoption: Where are you? ........................................................................................6 CRN with central Internet gateways and advanced Application Visibility, QoS & Control ...................7 MPLS CRN with in-MPLS Internet and branch office WAN Optimization ...........................................9 CRN with unified hybrid MPLS + Internet ..........................................................................................9 The Management Issue: Cloud adoption creates a critical need for WAN Governance ................... 10 Your business is cloud-ready, but is your network? ......................................................................... 10
About This Publication Ipanema has created this publication as an educational resource for large enterprises adopting a new SaaS application or replacing on-premise software with a SaaS application. Contents of this publication are intended to inform and educate IT infrastructure directors about the impact of SaaS on the enterprise VPN and how to evolve their VPN to a cloud-ready network in order to avoid or solve application performance issues.
1. Adopting cloud-based collaboration: What does it really mean for the WAN?
Infrastructure directors are under tremendous pressure from business stakeholders to adopt cloud-based SaaS applications with the promise of lower IT costs and a better user experience. Some who have already migrated their first applications to SaaS are surprised by additional costs, extended project cycles and/or lower than expected application performance. Cloud computing brings the promise of simplified application delivery, but often at the expense of additional network complexity that is often greatly underestimated. As cloud computing, virtualization, mobility, unified communications and video drive more application traffic to the network, traditional network design practices will become increasingly significant constraints on the functioning of the business, says Gartner analyst Bjarne Munch.2 Bandwidth requirements vary greatly for SaaS applications. Collaboration applications such as Google Apps, Microsoft BPOS/Office 365, and IBM LotusLive have much more impact on network traffic than other SaaS applications. (see Impact of SaaS Collaboration on Your WAN). Collaboration consumes more bandwidth per user, typically involves more users and is more likely to be extended to more workers. The bandwidth involved with SaaS is not the only network issue. The way traffic flows across the WAN can also change dramatically when SaaS applications are used. Collaboration traffic no longer flows between a data center and branches but between one, a few or many Internet gateways to the branches. While this paper focuses on preparing your network for SaaS collaboration, the discussion applies to any cloud-based applications with substantial WAN impact, including SaaS, IaaS or PaaS.
Anticipating accurately.
the
impact on
the
network
Optimizing the network to ensure an excellent end-user experience, not only for SaaS but all applications.
Impact of SaaS Collaboration on Your WAN Consider that standard email traffic from a data center to branch locations typically accounts for 30% of WAN traffic. For purpose of comparison, assume this requires a bandwidth sizing of 2.96 Kbits/sec/user with Outlook and Microsoft Exchange 2010. In contrast, browser-based email traffic from Internet gateways to branches using the web access of Exchange 2010 would require 6.79 Kbits/sec/user, substantially increasing competition among WAN applications. As the SaaS collaboration is used beyond simple email with features such as document collaboration and document libraries including video, bandwidth requirements further increase by as much as a factor of three, requiring a network upgrade.
Bjarne Munch, David A. Willis, The Enterprise Network of the Future Will Be Hyperconverged, Gartner, 18 November 2010
ments of application flows for MPLS network resources and are more difficult to apply to SaaS performance, for several reasons: Based on invalid assumptions using IP addresses and port numbers: Many applications can use HTTP port 80, including SAP, SharePoint, Facebook, Skype, etc. Some can be business-critical, most are not. With standard MPLS implementations all are assigned the same priority level. Unable to account for the any-to-any nature of traffic: Todays WANs must support multiple data centers, multiple Internet gateways, branch-to-branch networking, etc. CoS deal with managing competition between flows on a local basis, but have no way of managing competition at end points where multiple sources of traffic can compete for the destination network resources. Cannot match real-time network demands: CoS require per-application bandwidth assessments at each site. Not only is this difficult to achieve for any one point in time, but this process must be repeated each time an application is updated, a new application or site is deployed, and whenever there is an increase or decrease in users at a site. CoS are static when demands on network resources are dynamic. CoS parameters can never be updated to match the current situation, which makes application performance guarantees impossible.
MPLS Classes of Service (CoS): Insufficient control for todays dynamic network environments.
MPLS Classes of Service (CoS) a static, laborintensive, and insufficient approach to QoS & Control do not precisely address the require-
How an Applications Performance Dashboard Mitigates Deployment Risks Like on-premise software, SaaS collaboration is deployed in phases with a pilot implementation and phased enterprise rollout. At each step of deployment, risks rise from the increasing competition for network resources. Having an Applications Performance Dashboard to monitor network and end-user impact during each step of the project helps to ensure acceptable performance of all applications or pinpoints where bandwidth sizing needs to be updated.
All-in-One Solution for Guaranteeing Application Performance Ipanemas Autonomic Networking System (ANS) tightly couples QoS & Control, Application Visibility, WAN Optimization and Dynamic WAN Selection (hybrid network unification) into a single, all-in-one solution. With ANS, all application performance challenges can be managed with a holistic approach over the global network. The autonomic networking solution automates tasks that IT organizations cannot perform with traditional approaches. Orchestrating network traffic in real-time, ANS manages the complexity of the hybrid cloud and guarantees application performance for public and private applications. ANS not only helps to guarantee the performance of SaaS during and after implementation, but the end-user experience for all applications over your WAN, and much more cost-effectively.
Policy-Based Routing (PBR): Complex, outdated approach limits hybrid network benefits.
If you use or plan to use a hybrid MPLS + Internet VPN, you need advanced path selection for application flows created for hybrid networks, not PBR. Too often, the operational complexity and poor performance of PBR is such a burden that the benefits of a hybrid network are nullified. While PBR is designed to balance packets across multiple networks, it introduces a number of major drawbacks when used in modern environments: Operational complexity: PBR requires perrouter configuration and specific engineering skills, which are cumbersome and error-prone. As bandwidth costs decrease (from greater utilization of less-expensive Internet bandwidth), management costs increase (from greater network complexity and workload). Static nature: Routing applications based on their port number on one or another network doesnt take into account loads on links or routing based on link quality. Inability to base decisions on Layer 7 application visibility: All applications through Port 80 must use either MPLS or Internet, not both, which means routing business-critical and less important applications at the same priority level. Local decisions based on local information: As VPN traffic becomes meshed, resource allocation based on global network decisions is required. Otherwise, unwanted and uncontrolled congestion occurs. Fundamentally, PBR is a legacy technology that does not integrate with other important management tools for a modern WAN, including Applications Visibility, QoS & Control, and WAN optimization. (See pg.5 All-in-One Solution for Guaranteeing Application Performance).
This move will create a de facto hybrid network with a mix of public and private applications, increasing the competition for network resources dramatically. More cloud applications will eventually follow, which further drives the need to evolve your VPN to a CRN with the necessary management capabilities. In the two years after our migration from Lotus Notes to Google Apps, we have seen tremendous collaboration bandwidth growth as users embraced new tools in the Google Enterprise portfolio, says Alain Meuro, IT Infrastructure Director at Valeo, one of the worlds largest automotive suppliers with approximately 52,000 network users.
GoogleApps Office 365 LotusLive After More usage Collaboration sites Usage of video Later
Migration study
MPLS CRN: Making your network cloudready by leveraging an existing MPLS architecture.
An MPLS CRN applies to any company with a traditional MPLS VPN and is considering or already using a SaaS application. Objectives: Improve Applications Visibility, QoS & Control Guarantee performance of SaaS collaboration across your WAN Ensure that SaaS collaboration does not impact the performance of other businesscritical applications already delivered across your WAN Prove SaaS collaboration is performing as expected during the various phases of implementation and enterprise rollout, and does not impact other business-critical applications by using an Application Performance Dashboard Shift from network management to WAN Governance to plan and grow your network according to business needs
and existing applications over your networkduring and after SaaS implementation. RETURN ON INVESTMENT: With ANS, the full capacity of the network can be put to use. A network exhibiting 70% available bandwidth peaks with on-premise solutions requires upgrading in order to prevent any risks to business-critical application performance. On the other hand, a network fitted with ANS can be fully utilized without any risk for business application performance. In many cases, ANS pays for itself as it removes the need to upgrade network links to cope with the traffic increase resulting from the SaaS migration. The typical cost for ANS with appliances only in key locations, at 0.5 per user per month (amortized over three years), is marginal compared to the cost of SaaS collaboration (from 4 to 25 per user per month) and is quickly recovered by fewer if any requirements for network upgrades over the three-year period.
Hybrid CRN: Optimizing your network for the cloud and fully exploiting an Internet + MPLS architecture.
The following applies only to companies considering or already using MPLS + Internet hybrid architecture. It enables using MPLS and Internet resources in an optimal fashion, eventually leveraging local internet breakouts for SaaS applications. Objectives: Maximize MPLS + Internet efficiency Take full advantage of the Internet as a business network Multiply available bandwidth (on average, by a factor of 3) Minimize overall network costs
Datacenter #1 SAP Datacenter #2 Sharepoint Internet Gateway XaaS
MPLS
Internet
4. CRN with central Internet gateways and advanced Application Visibility, QoS & Control
Ipanemas ANS brings full Application Visibility and coordinated, dynamic, QoS & Control without having to change your network architecture. Making your network cloud-ready can be as simple as deploying a few ANS devices in key locations, such as your private datacenters and Internet gateway locations. ANS overcomes the limitations of MPLS CoS (described earlier in Section 2) to guarantee the performance of SaaS collaboration
Branch Office
An MPLS Cloud Ready Network with central Internet gateways and appliances only in key locations
project you are able to monitor the performance of all business critical applications
After
Later
You can upgrade your WAN based on performance facts Bandwidth upgrade following Rightsizing recommendations OR Move to unified hybrid MPLS + Internet network
This per-user control is important, because you subscribe to SaaS collaboration based on a number of users and what is required for each user. ANS adjusts network resources automatically rather than having to manually partition your network. You never need to go back and manually adjust network parameters for changes in users or applications usage.
5. MPLS CRN with in-MPLS Internet and branch office WAN Optimization
In some cases, enterprises have decided to outsource the management of Internet gateways to their MPLS providers. The Internet traffic directly enters the branch without any appliance able to control the flows at the gateways. This situation requires the Internet traffic to be controlled through an appliance deployed within each branch office. The presence of the appliance will allow additional ANS features such as WAN Optimization. In addition to the benefits described in the previous paragraph, enterprises will receive among other benefits expanded WAN capabilities through redundancy elimination and reduced response time for legacy, bandwidth- hungry and delaysensitive applications.
Datacenter #1 SAP Datacenter #2 Sharepoint Internet Gateway
network provides, in many cases, the most favorable cost and performance. Managing a hybrid network for optimal performance, however, requires a different approach than conventional PBR, which is still the mostly widely used technology. As described earlier in Section 2, the operational complexity and poor performance of conventional PBR is such a burden to manage that the benefits of upgrading architecture to a hybrid MPLS + Internet network are quickly nullified. ANS instead deploys special devices in branches to implement Dynamic WAN Selection, which automates path selection for application flows so that your MPLS and Internet networks operate as one network. ANS Dynamic WAN Selection: Takes full advantage of the Internet as a business network Increases available bandwidth (on average, by a factor of 3)
XaaS
MPLS
Internet
RETURN ON INVESTMENT: Enterprises that have chosen to move to a unified hybrid network controlled by ANS typically chose not to upgrade their MPLS bandwidth in favor of the less-expensive Internet bandwidth. Including the price of the deployed ANS solution, typically 1 to 2 per user per month , most enterprises were able to obtain a 20% decrease in overall network costs, upgrade available bandwidth by a factor of three, and adequately prepare for traffic increases over the next three to five years.
Branch Office
An MPLS Cloud Ready Network with in-MPLS Internet gateways and WAN Optimization in branches
PBR bases application routing on port numbers without taking into account line loads or path performance. ANS Dynamic WAN Selection is able to use Internet bandwidth for business-critical traffic when permitted by Internet performance.
7. The Management Issue: Cloud adoption creates a critical need for WAN Governance
Cloud adoption adds complexity to network management. Cloud applications such as SaaS collaboration bring many of the same issues as licensed software, but each IT implementation project can have a larger impact because of its reliance on your WAN. By aligning your network with business and Application Performance Objectives, WAN Governance puts you in control of this complexity and network impact. WAN Governance improves the IT Governance you already have in place by providing: A holistic approach to global visibility, control and optimization of application performance, as opposed to conventional solutions operating as independent agents Business continuity and control as SaaS applications are adopted Guaranteed application performance for any network architecture Network capabilities to absorb enterprise requirements for agility, flexibility and growth
MPLS
Internet
Branch Office
Next-generation solutions for implementing and managing a cloud-ready network Using WAN Governance, your organization can: Understand the nature of application traffic
Control and optimize this traffic Guarantee application performance Improve users Quality of Experience
Valeo Embraces the Cloud and Maximizes Value Valeo, one of the worlds leading suppliers of components, integrated systems and mod-ules for automotive CO2 emissions reduction, rolled out a hybrid network with MPLS + Internet for its migration from conventional email and collaboration applications to Google Apps. Valeos network supports approximately 160 sites worldwide, 52,000 users, and the delivery of applications such as ERP and CATIA. Using Ipanemas ANS to dynamically manage application performance over their hybrid network, Valeo successfully deployed Google Apps with full Applications Visibility, QoS & Control, and Dynamic WAN Selection. With Ipanema, we divided by three the transfer cost of each Gbyte of band-width over our global network, says Alain Meurou, Infrastructure and Network Manager at Valeo.
10
applications performance and superior end-user experience. ANS reduces the complexity of cloud applications and hybrid networks, enabling infrastructure directors to say: Yes, the network can support this new cloud application Yes, legacy applications will still perform, in fact, better than before Yes, we can smoothly transition applications to the cloud
Related reading
Ipanema, Farewell VPN: The rise of cloudready networks, May 2011 Ipanema, Cloud-ready networks - WAN Governance for cloud computing, November 2010 Gartner, Magic Quadrant for WAN Optimization Controllers, December 2010 Dr. Jim Metzler, The 2010 Cloud Networking Report, November 2010 WAN Governance Blog, http://www.wangovernance.com Gartner, Is Your Network Design the Weak Link in Cloud Computing? August 2010
11
ABOUT IPANEMA TECHNOLOGIES The Ipanema System enables any large enterprise to have full control and optimization of their global networks; private cloud, public cloud or both. It unifies performance across disparate networks. It dynamically adapts to whatever is happening in these networks and guarantees constant control of critical applications. It is the only system with a central management and reporting platform that scales to the levels required by Telcos and large enterprises. For more information www.ipanematech.com
Copyright 2011, Ipanema Technologies - All rights reserved. Ipanema and the Ipanema logo are registered trademarks of Ipanema Technologies. The other registered trademarks and product names mentioned in this document are the property of their respective owners.
www.ipanematech.com