From: http://www.insecureaboutsecurity.com/2010/05/13/the-branch-office-network-form-factor-debate/
There is an interesting debate happening in the networking industry that centers around branch office equipment. ESG Research points out that branch office servers and applications are moving to the data center and this move is driving more investment in WAN optimization technologies from Blue Coat, Cisco, Citrix, and Riverbed. At the same time, cheap bandwidth and cloud services are changing the network infrastructure. Large organizations are moving away from back-hauling all traffic through the data center and setting up a real network perimeter at the branches themselves.
While networking changes continue, there is also another trend happening. Lots of legacy networking and IT functionality (WAN optimization, firewall, IDS/IPS, file servers, print servers, domain controllers, etc.) is now available as a virtual machine. A single device can now take on multiple functions.
The debate centers on the “hybridization” of networking and server functionality at the branch office. Should branches deploy edge networking devices packaged with Intel processors for running VMs, or should they simply implement Intel blade servers from Dell, HP, and IBM at the network perimeter and then use VMs for all networking and server needs?
The answer to this question could really impact the industry. For example, Fortinet is the king of UTM devices for branch offices but what if these appliances are suddenly replaced with standard Intel servers and virtual appliance software? Obviously this wouldn’t be good news for Fortinet.
For the most part, leading vendors are not pushing one model or another. Cisco WAAS equipment comes packaged with a Windows server while the Riverbed Service Platform (RSP) can run a Check Point firewall, a Websense gateway, an Infoblox DNS/DHCP server, or basic Windows services.
So which model wins? Both (Yeah, I know it is a cop out, but I truly believe this). It’s likely that smaller branches go with Intel servers and VMs while larger remote offices stick with networking gear. Large organizations will also lean toward their favorite vendors. Cisco’s networking dominance means it wins either way while Riverbed will likely do well in its extensive installed base and succeed at the expense of second-tier WAN optimization guys like Silver Peak.
In truth, there is no right or wrong way at the branch office network, but the vendor debate ought to be very entertaining.
[Ed. Note: For completeness, it should be noted that Blue Coat has gone the Intel server and VM route, with a virtual appliance available]
Showing posts with label wan optimization. Show all posts
Showing posts with label wan optimization. Show all posts
Monday, May 24, 2010
Friday, January 15, 2010
Another Cross-over Point from WAN Optimization into the Proxy Space
From Network World:
Exinda Networks’ latest software upgrade tackles some of the WAN optimization implications of a thorny IT management issue: the use of third-party anonymous browsing services that route DNS queries through a proxy server.
Anonymous proxies allow end users to bypass Web sites blocked by their companies, surf the Web anonymously, or hide their tracks while Web browsing. The new version of Exinda’s WAN optimization software, EXOS 5.3, can detect the use of anonymous proxies and subject Web traffic to the rules and restrictions organizations have set up.
With the new software, Exinda can expose, report and apply QoS policies to traffic using anonymous proxies. Its application classification engine categorizes network traffic and responds based on a company’s predetermined policies – by blocking the traffic or limiting its bandwidth usage, for instance. It can also identify end users who are not conforming to network usage policies.
If someone were to try to access an Internet radio site during business hours, for instance, Exinda would properly classify the traffic and apply the predetermined rules and policies, says Ed Ryan, vice president of products at Exinda.
“If you’re using anonymous proxies to generate traffic that’s normally shaped, we’ll still know what it is and properly classify it. All the normal policies and rules that would have applied to that traffic if you’d accessed it directly still apply.”
To stay on top of new anonymous proxy sites, the software maintains a list of URLs and sites to limit or block access to. “Version 5.3 allows you to see the real, true traffic. We provide continuous detection of anonymous proxy sites through daily updates. New ones are coming on everyday,” Ryan says.
It’s all about visibility, he says. “Visibility comes first. You can’t make intelligent decisions about how shape and prioritize and monitor the traffic unless you know what the traffic is. You can’t make good decisions to accelerate and optimize traffic unless you know what it is.”
Also new in the version 5.3 software upgrade are a number of user interface and configuration tweaks designed to make life easier for administrators. Exinda redesigned its help screens, for instance, simplified its logon pages and redesigned some of its wizards.
In addition, Exinda extended scalability features -- including multithreading and multi-queuing enhancements -- it developed late last year for its high-end 8760 product to the rest of its appliances that use multicore processors.
EXOS 5.3 works on all existing Exinda appliances and is free to Exinda customers with maintenance subscriptions.
Exinda Networks’ latest software upgrade tackles some of the WAN optimization implications of a thorny IT management issue: the use of third-party anonymous browsing services that route DNS queries through a proxy server.
Anonymous proxies allow end users to bypass Web sites blocked by their companies, surf the Web anonymously, or hide their tracks while Web browsing. The new version of Exinda’s WAN optimization software, EXOS 5.3, can detect the use of anonymous proxies and subject Web traffic to the rules and restrictions organizations have set up.
With the new software, Exinda can expose, report and apply QoS policies to traffic using anonymous proxies. Its application classification engine categorizes network traffic and responds based on a company’s predetermined policies – by blocking the traffic or limiting its bandwidth usage, for instance. It can also identify end users who are not conforming to network usage policies.
If someone were to try to access an Internet radio site during business hours, for instance, Exinda would properly classify the traffic and apply the predetermined rules and policies, says Ed Ryan, vice president of products at Exinda.
“If you’re using anonymous proxies to generate traffic that’s normally shaped, we’ll still know what it is and properly classify it. All the normal policies and rules that would have applied to that traffic if you’d accessed it directly still apply.”
To stay on top of new anonymous proxy sites, the software maintains a list of URLs and sites to limit or block access to. “Version 5.3 allows you to see the real, true traffic. We provide continuous detection of anonymous proxy sites through daily updates. New ones are coming on everyday,” Ryan says.
It’s all about visibility, he says. “Visibility comes first. You can’t make intelligent decisions about how shape and prioritize and monitor the traffic unless you know what the traffic is. You can’t make good decisions to accelerate and optimize traffic unless you know what it is.”
Also new in the version 5.3 software upgrade are a number of user interface and configuration tweaks designed to make life easier for administrators. Exinda redesigned its help screens, for instance, simplified its logon pages and redesigned some of its wizards.
In addition, Exinda extended scalability features -- including multithreading and multi-queuing enhancements -- it developed late last year for its high-end 8760 product to the rest of its appliances that use multicore processors.
EXOS 5.3 works on all existing Exinda appliances and is free to Exinda customers with maintenance subscriptions.
Monday, June 29, 2009
WAN Optimization Grows Up
We've talked in the past on this blog about WAN Optimization, and recently Enterprise Storage Forum ran article called "WAN Optimization Grows Up", so I thought it'd be interesting to cover the article and see how it's changed and what's new about WAN Optimization.
Paul Rubens, the author starts the article by talking about how the market for WAN Optimization has evolved and is now mature, with most vendors offering about equal acceleration capabilities, so the need to differentiate products with something other than acceleration capabilities is becoming important.
Rubens describes some of the evolution of WAN Optimization Controllers (WOCs) below:
In addition in the remote office Rubens talks about the trend towards running software based WOCs directly on the end-user's workstation or laptop.
Rubens talks about what customers are looking for in the WOCs as well:
Finally Rubens looks at the trends in the WOC players themselves:
It's obvious WAN Optimization is evolving. Features and functionality will continue to increase, and it's more than just a proxy with some WAN acceleration built in that we talked about in our first articles on WAN Optimization.
Paul Rubens, the author starts the article by talking about how the market for WAN Optimization has evolved and is now mature, with most vendors offering about equal acceleration capabilities, so the need to differentiate products with something other than acceleration capabilities is becoming important.
Rubens describes some of the evolution of WAN Optimization Controllers (WOCs) below:
Two areas where WOCs are becoming increasingly common are at the very high end, connecting multiple data centers together for backup and redundancy purposes, and at the very low end, connecting mobile users and teleworkers to corporate servers to improve the performance of the applications they run.
As a result, the form that WOCS are taking is beginning to change. Data center to data center WOCs responsible for high-bandwidth links are increasingly powerful hardware appliances, while branch office WOCs may be hardware appliances, or virtual appliances running on general purpose computers. Eventually it's possible that WOC functionality will be moved to the branch office router.
In addition in the remote office Rubens talks about the trend towards running software based WOCs directly on the end-user's workstation or laptop.
At the bottom end there is a trend toward software WOCs running on end-user machines, often with a more limited functionality than dedicated hardware WOCS. "There is definitely a need for soft WOCs," said Rolfe. "If an organization has centralized its file servers, then even an 8-meg DSL line will be slow at bringing data across, and a high bandwidth line doesn't really help reduce latency in protocols like CIFS anyway. The availability of soft WOCs is becoming an increasingly important part of the selection process for many companies looking to implement a system."
Rubens talks about what customers are looking for in the WOCs as well:
Another important selection criterion is the specific accelerations that are available for particular applications. Most WOCs provide CIFS and HTTP acceleration, and acceleration for applications such as SQL and Oracle, and to a lesser extent SSL encryption is also commonplace. "Vendors are moving up the stack," said Rolfe. "People are interested in VDI, and we often get inquiries about a particular app like AutoCAD."
Finally Rubens looks at the trends in the WOC players themselves:
One trend that is emerging is a resurgence of interest in QoS and traffic management, reporting and control. Interest in this was high a decade or more ago, but that subsided as many organizations became more interested in data compression and caching.
...
As part of this trend, Blue Coat Systems (NASDAQ: BCSI), a market-leading acceleration company, bought Packeteer, a leading traffic management vendor, in mid-2008, while Riverbed Technology (NASDAQ: RVBD), another market leader in the acceleration space, bought Mazu Networks, another leading name in the network and application monitoring and control market, in January of this year. Just about all the other major acceleration vendors now offer traffic management functionality of some sort too.
It's obvious WAN Optimization is evolving. Features and functionality will continue to increase, and it's more than just a proxy with some WAN acceleration built in that we talked about in our first articles on WAN Optimization.
Monday, January 12, 2009
Finding the Proxy in WAN Optimization
You may be wondering what WAN Optimization has to do with a proxy, but in fact if you look at the implementation of WAN Optimization you'll find that most if not all WAN Optimization solutions behave very similarly to a proxy in many of the protocols they intercept and optimize.
If you're not familiar with WAN Optimization (and there's good reason not to be, as a recent Network World article discovered around a one-third of IT workers are not familiar with WAN Optimization), then it's probably a good time to get acquainted. As the economy worsens, your IT organization is probably looking for ways to save money and WAN Optimization may be the solution if you have high bandwidth costs between remote offices.
WAN Optimization, like a proxy, intercepts various protocols. In a proxy this protocol is of course typically HTTP. In WAN Optimization we generally talk about CIFS (file sharing), e-mail, HTTP, and other well known protocols. For obscure and proprietary protocols most WAN Optimization devices allow you to bypass these protocols and allow them to pass through the device unchanged. In a proxy many of the HTTP objects are cached to reduce the bandwidth used and improve the performance of the web service. In a WAN Optimization device, caching as well as protocol optimization, compression and other techniques are used to reduce the bandwidth going across the WAN link. Because of the necessity to manipulate bytes, the WAN Optimization device acts like a proxy terminating the protocol at the device.
Where WAN Optimization differs from a proxy is that a WAN Optimization device typically sits at both ends of the WAN link, whereas a proxy is usually a single point device. But both devices share similar features and functionality and in fact can even be the same device, at least in the case of the Blue Coat Systems ProxySG which is both a proxy and a WAN Optimization device.
Perhaps the WAN Optimization (proxy) should be the next proxy in your network.
If you're not familiar with WAN Optimization (and there's good reason not to be, as a recent Network World article discovered around a one-third of IT workers are not familiar with WAN Optimization), then it's probably a good time to get acquainted. As the economy worsens, your IT organization is probably looking for ways to save money and WAN Optimization may be the solution if you have high bandwidth costs between remote offices.
WAN Optimization, like a proxy, intercepts various protocols. In a proxy this protocol is of course typically HTTP. In WAN Optimization we generally talk about CIFS (file sharing), e-mail, HTTP, and other well known protocols. For obscure and proprietary protocols most WAN Optimization devices allow you to bypass these protocols and allow them to pass through the device unchanged. In a proxy many of the HTTP objects are cached to reduce the bandwidth used and improve the performance of the web service. In a WAN Optimization device, caching as well as protocol optimization, compression and other techniques are used to reduce the bandwidth going across the WAN link. Because of the necessity to manipulate bytes, the WAN Optimization device acts like a proxy terminating the protocol at the device.
Where WAN Optimization differs from a proxy is that a WAN Optimization device typically sits at both ends of the WAN link, whereas a proxy is usually a single point device. But both devices share similar features and functionality and in fact can even be the same device, at least in the case of the Blue Coat Systems ProxySG which is both a proxy and a WAN Optimization device.
Perhaps the WAN Optimization (proxy) should be the next proxy in your network.
Monday, November 3, 2008
Network Latency
It's not uncommon to get complaints from your end-users about response times, and immediately blame network latency for the problems. Here's a good article that talks about the different sources of latency that an end-user may experience.
It's interesting to note the author lists proxy servers in its own category as one of the areas to check for latency.
As latency has become more of an issue, it's a topic that WAN Optimization vendors have spent a great deal of time explaining and targeting. Almost all the vendors have a good story about how they address latency in reducing the application wait times for end-users.
It's interesting to note the author lists proxy servers in its own category as one of the areas to check for latency.
As latency has become more of an issue, it's a topic that WAN Optimization vendors have spent a great deal of time explaining and targeting. Almost all the vendors have a good story about how they address latency in reducing the application wait times for end-users.
Subscribe to:
Posts (Atom)
Posts
