SECURITY

DISASTER RECOVERY/COMPLIANCE

BI/APPLICATIONS

DATA CENTER MANAGEMENT

STORAGE ARCHITECTURE

NETWORKING

HEALTH IT

APPLICATION DEVELOPMENT

CLOUD

VIRTUALIZATION

TechGuide

Control Networks
Without Borders
Traditional WAN design and management is a thing of the past.
This TechGuide looks at how to design and manage the new
endpoint-driven network and extend secure access to private
and public cloud services and virtual applications.

1
2
3
4

EDITORS NOTE

WAN MANAGEMENT

WAN AND MOBILITY

SAAS SERVICES

EDITORS NOTE

Home
Editors Note
WAN
Management
WAN and
Mobility
SaaS
Services

Getting a Grip on the New Network Without Borders

The onslaught of mobile devices and an
increase in teleworkers are forcing a shift in
the way network engineers design and manage the WAN. Now, enterprise IT departments
must discover a way to manage and secure how
users access corporate resources from various
wired and wireless endpoints. With this new
WAN comes new challenges including the need
to provide virtual data center applications and
cloud services to end users.
This TechGuide covers the design and management of the new network without borders.
First, Henry Svendblad explains the importance
of developing a security strategy while selecting WAN optimization technology that can
compress, prioritize and accelerate traffic.
Next, Philip Clarke explains the effects that
mobile devices have on the WAN. The desire
to make corporate data mobile has no signs of
slowing down. The only slow down we may
see is in WAN performance due to increased

2 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

mobile traffic. Clarke describes how IT must

be ready to meet the demands of app-centric
mobile devices with WAN optimization and
network visibility.
Finally, John Burke discusses the increase of
Software as a Service (SaaS) use in the enterprise. The increase of SaaS means more dependence on the Internet for access to enterprise
applications. This also means a heavier reliance
on the enterprise WAN because three-fourths
of organizations backhaul some or all Internet
traffic across the WAN. Burke explains how to
make the SaaS experience better for end users
by enhancing performance across the Internet
and the WAN by using application delivery optimization, application performance management and Quality of Service tagging. n
RACHEL SHUSTER
Associate Managing Editor,
Networking Media Group

WAN
MANAGEMENT

Home
Editors Note
WAN
Management
WAN and
Mobility
SaaS
Services

WAN Management: Putting the Pieces Together

The enterprise swims in a sea of constantly evolving predators and parasites. There
are criminals looking to break in and steal,
blackmail or otherwise extract money from
you; and pests looking to slip in unsolicited
ads, malware, scareware and spyware. The nature of the compromises have also evolved: The
biggest cyberattacks right now are adaptive and
persistent; low and slow; and multimode and
targeted.
At the same time, company environments of
all sizes continue to evolve to support a growing mobile population and a new network of
suppliers, partners and customers. Staff and
contractors bring computers, smartphones
and tablets into and out of company LANs,
and reach in to work from anywhere. Partners
and suppliers develop webs of interoperating
systems requiring deeper reach into the data
center to support an evolving collaborative and
just-in-time ecosystem.

3 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

Faced with all these challenges, traditional

address-port-protocol firewalls are overmatched. They are certainly still necessary, but
they cannot be flexible, subtle or agile enough
to sufficiently protect enterprise data. IT staff
needs to figure out how to secure the increasingly porous and negotiable boundary between
whats inside and outside the network.
Meanwhile, companies are changing whats
going on inside the corporate LAN and WAN
by eliciting one or all of the following:
Spreading

their operations to more locations, but continuing to keep internal applications centralized in data centers;

Deploying

more applications that are latency-sensitive (such as VDI sessions, which

52% of companies now use, and Voice over IP,
which 95% of companies now use for at least
some sites and staff); and

WAN
MANAGEMENT

Home
Editors Note
WAN
Management

Adopting

more Software as a Service products (more than 70% of companies use at

least one).

In the branchwhich nowadays is likely

smaller than it would have been a few years ago
and devoid of on-site tech supportusers are
completely reliant on remotely provided solutions and remote support. Less than one-third
of companies are increasing IT staff in 2013
and only 7% are increasing IT staff in remote
locations.

WAN and
Mobility

Full

WAN OPTIMIZATION MANAGEMENT

SaaS
Services

cannot see and understand. They need tools

that can help manage the network itself to
provide an accurate, detailed and real-time
picture of what is happening on the network.
They need technology that can show network
use and performance (including loss, latency
and jitter); track traffic flows and applications
in use; and show which users and devices are
present and active.
The ideal product, then, would combine the
following optimization, management and security functions:

Consequently, in addition to needing a new security strategy, many find themselves in need
of WAN optimization technology that can
compress, prioritize and accelerate network
traffic. And whatever options IT finds to mitigate latency, it needs them to have low capital
cost (to optimize every branch office) and be
manageable from the network operations center (NOC) (because IT staffs continue to be in
short supply).
IT cant properly optimize or secure what it

4 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

visibility of packets, flows and entities

on the network;

Next-generation

firewall capabilities, data

loss prevention, and intrusion detection and
prevention; and

Compression,

acceleration, traffic shaping

and latency mitigation.

Under policy-driven central management

through the NOC or a cloud serviceand from
a single appliance in each location, the ideal

WAN
MANAGEMENT

Home
Editors Note
WAN
Management
WAN and
Mobility

option would provide essential operational

visibility, protect the branch from threats
crossing WAN or Internet links and make sanc-

Such technology could even be

provided as a service by a WAN/
ISP, in-line, and thus require no
premises equipment at all, providing
the ultimate in footprint reduction.
tioned applications perform more LAN-like.
Where performance allows, such technology

SaaS
Services

5 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

should be available as a virtual appliance that

can be run on existing in-branch hardware
(such as a router with a hosting card or a print
server with little to do) to further reduce the
capital cost and deployment time to a new
branch. Such technology could even be provided as a service by a WAN/ISP, in-line, and
thus require no premises equipment at all, providing the ultimate in footprint reduction.
However delivered, providing WAN optimization, management and security with a single
product offers a chance of minimizing cost,
complexity and risk while maximizing performance and understanding. Henry Svendblad

3
WAN AND
MOBILITY

Home
Editors Note
WAN
Management
WAN and
Mobility
SaaS
Services

Mobile Optimization: What to Do About A Slow WAN

The rapid growth of mobility within the
enterprise continues to change everything from
how workers approach their tasks to how organizations are provisioning and implementing
network components. Mobile devices within
organizations are not only growing in terms
of population and capability, but have also become primarily consumer-oriented rather than
enterprise-oriented today. According to recent
research conducted by Nemertes Research, this
consumerization of mobility is being driven
largely by the bring your own device (BYOD)
corporate culture, which 30% of organizations
now use as their primary purchasing model.
The result is that 29% of companies have already retired their BlackBerry support, and
iOS along with Android devices are now the
most widely used devices in (and outside) the
enterprise.
To both leverage and secure a growing population of highly capable, albeit

6 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

non-enterprise-focused devices, companies

are deploying a variety of tools. In addition to
bolstering their WLANs, 48% and 44% of enterprises are using mobile device management
(MDM) and mobile application management,
respectively. Moreover, 37% of organizations
have deployed technology that integrates their
WLANs network access controls with MDM.
Companies are adopting these technologies
to not only control devices and company data,
but also to manage and optimize mobile traffic through their networks. Optimization in
particular is a pressing concern in many IT
departments; companies expect to add 81% of
capacity to their WLANs and provision 74%
of this growth specifically for mobile devices.
Though not yet widely deployed, 802.11ac WiFi access points (APs) are able to provide approximately 1 GB in network speeds using one
antenna, or up to 6.7 GB using eight antennas
APs with multi-user multiple-in, multiple-out

3
WAN AND
MOBILITY

Home
Editors Note
WAN
Management
WAN and
Mobility
SaaS
Services

capability. With nearly ubiquitous 802.11n

adoption and vendor offerings already running
at a speedy half-Gigabit, the stage is set for
the all-wireless enterprise. As Wi-Fi standards
such as 802.11ac continue to squeeze greater
capacity from network bandwidth, more companies are questioning why they would wire a
building when Wi-Fi can provide near-wired
speeds. Accordingly, 47% of companies now
use WLAN as their primary access technology,
with another 18% assessing or planning to do
the same by the end of 2014.
Modern mobile devices are highly appcentric, meaning that their user interface is
dominated by apps. In addition to off-theshelf enterprise and personal apps, 62% of
companies are now developing their own apps.
Additionally, 42% are developing native and
HTML5 or Web-based apps, with another 33%
using remote access or virtual desktop infrastructure (VDI) to deliver PC apps to mobile
devices. Companies that are actively engaged

in optimizing their networks for apps across

all endpoints report better overall IT success
in addition to 76% higher revenue per IT employeeboth of which are measures of how
well and efficiently an IT department is performing. With employees apps often coming
from a combination of public and enterprise
app stores, a browser or a VDI client, determining the quality of service and capacity requirements required by each can be a daunting
challenge for IT professionals without the right
network tools.
The amount of traffic that is generated at the
WLAN by mobile devices and apps are growing at an exceptional rate within the enterprise, requiring that IT professionals optimize
throughput. The universal bottleneck in networks, regardless of medium, is transmission
control protocol (TCP). Designed to ensure
that traffic reaches its destination in pristine
form, TCP uses a comprehensive (read: slow)
set of procedures, none of which is suited to

Modern mobile devices are highly app-centric, meaning

that their user interface is dominated by apps.
7 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

3
WAN AND
MOBILITY

Home
Editors Note
WAN
Management
WAN and
Mobility
SaaS
Services

increasingly popular voice and video mobile

use cases. In a nutshell, WAN optimizers allow traffic to be re-encoded into a proprietary
format, removing TCPs overhead and the slow
transmission between them.
However, WAN optimization cant speed up
WLAN traffic until it gets to the WLAN. To
create an end-to-end option, IT professionals should review WLAN optimization, particularly given the average companys growing
wireless needs. WLAN optimizers are either
built into the logic of the APs and controllers
by a vendor or are available as a third-party,
software-based, manufacturer-agnostic product. Todays APs are capable of Quality of
Service (QoS), deep packet inspection (DPI),
airtime sharing for older and newer devices,
and even technologies based on radio frequency
(RF), such as beamforming. These functions
make modern APs ideal for multi-standard
wireless offices. As apps and app-centric devices continue to be brought into the enterprise, either via BYOD or simply as an overall
trend, successful IT departments will need to
have their enterprise WLANs ready to meet the
demand.

8 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

MOBILE OPTIMIZATION
RECOMMENDATIONS FOR YOUR WAN

A large part of WAN and WLAN optimization

is IT knowing what devices and apps employees are using on the network, particularly if the
organization has a varied, BYOD population.
Using NACs and DPI provide you this visibility
and allow you to offload or lower the prioritization of non-enterprise or noncritical traffic.
Determine

which of your apps and devices

require which level of QoS and place that info
into your network management software.

Vendors

have been including some level of

optimization functionality in their wireless
APs or controllers for years. For instance,
QoS or traffic prioritization has allowed IT
professionals to segment traffic through virtual local area networks. Existing settings
such as QoS can provide actionable insight
into what sort of policies can be improved
upon or ported over should you purchase new
WLAN technology.

Evaluate

multiple software-based products,

3
WAN AND
MOBILITY

Home
Editors Note
WAN
Management

especially if your network is heterogeneous.

While most software-based products dont
necessarily scale as well as hardware appliances, software should work on any WLAN,
current and future. The compute power
available to most software-based options
is more than sufficient to provide the average enterprise with its network monitoring,
management and routing needs. However,
certain compute-intensive functionality at
scalesuch as DPIstill requires hardware,

WAN and
Mobility
SaaS
Services

9 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

particularly if the traffic is heavy, encrypted

or latency-sensitive.
If you have a homogenous network (single
vendor), or at least a single-vendor WLAN,
evaluate the proprietary capabilities at your
disposal, such as RF or physical-level prioritization. Voice over IP, for example, uses every
bit of help to ensure that application performance doesnt come at the cost of other traffic.
Philip Clarke

SAAS SERVICES

Home
Editors Note
WAN
Management
WAN and
Mobility
SaaS
Services

Public Cloud Computing Over Your WAN

The age of cloud is now: According to recent research conducted by Nemertes Research,
97% of companies already use at least one
cloud service in the form of Software as a Service (SaaS). The ubiquity of SaaS brings with
it a correspondingly increased dependence on
the Internet for access to (often) critical enterprise applications. As with the centralization
of applications into data centers, shifting to
SaaS likewise increases reliance on the enterprise WAN because half of all companies
backhaul all Internet traffic across the WAN,
and 31% backhaul at least some of it. That
means, for many or all branches, Internet
traffic reaches the branch via the WAN rather
than directly. The perceived performance of
SaaS applications is ultimately a composite
of the apps performance, plus the Internets,
plus the WANs.
To make the SaaS experience better for end
users, network managers and engineers can

1 0 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

enhance the performance across the Internet

and the WAN.
On the Internet connection, one-armed (or
asymmetrical) acceleration technology, such
as application delivery optimization (ADO)
appliances and packet shapers, can improve
performance. ADO devices can prioritize conversations between desktops inside the company network and known or sanctioned SaaS
providerspossibly guaranteeing them a minimum amount of bandwidthand can limit the
speeds or rates of competing network resources
to make sure there is room for SaaS services.
Some ADO devices can even prioritize specific
streams within the conversations (e.g., financial
system transactions over accounting queries or
queries over report printing). Caching of commonly used Web pages and other content can
also improve performance.
Looking to the WAN, ADO appliances can
not only prioritize but actively optimize and

SAAS SERVICES

Home
Editors Note
WAN
Management
WAN and
Mobility
SaaS
Services

accelerate the traffic. They can compress content to reduce transmission latencies, for
example, and spoof protocols to make applications appear more responsive to end users. They can also massage traffic at both the
HTTP (because its mostly Web traffic) and
TCP level to improve performance by multiplexing requests or connections to turn a
myriad of round trips into one. For example,

ADO appliances can compress

content to reduce transmission
latencies, for example, and spoof
protocols to make applications appear more responsive to end users.
if the elements used to draw the homepage of
a SaaS application normally require 10 HTTP
GET requests to retrieve, the page cant be
drawn completely until all 10 have finished
their round trips of request and response. By
multiplexing the requests, the ADO device can,
on behalf of the client device, send a single request, get a single response from the server and

1 1 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

feed the 10 separate responses back to the client at LAN rather than WAN speeds.
Because the WAN level works below the
TCP level, QoS tagging can be used to prioritize SaaS application packet delivery across the
WAN; it can also be used to prioritize lossless
delivery which is perhaps better than prioritization because the delays caused by retransmission can be very damaging to perceived
performance.
Another option for improving SaaS performance is to take some of the Internet out of
the loop by establishing a private line connection to a providers point of presence on the
Internet, removing some uncontrolled and
uncontrollable hops from the equation. Enterprise IT can do this with or without a service
providers approval, for example, if they use
AT&Ts big Massachusetts point of presence,
they can get AT&T to connect into the same
facility to that enterprise traffic goes only over
the network inside of that building. Likewise,
one can remove the WAN from the equation
by introducing Internet connectivity directly
to the branch and restrict traffic to and from
sanctioned providers to improve security and

SAAS SERVICES

Home
Editors Note
WAN
Management

protect performance.
Of course, with SaaS performance mostly out
of the hands of IT, its hard to be able to speak
sensibly about it without some specialized
application performance management (APM)
tools to provide insight into real behaviors

The bottom line is, even in the

age of SasS, IT has ways to
help cement good application
performance for critical tools.

WAN and
Mobility
SaaS
Services

inside the corporate WAN or LAN network.

Even so, without a chance to see inside the
provider infrastructure and up to its Internet
links, APM tools are at a distinct disadvantage
in trying to provide performance data. Some

1 2 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

SaaS providers are trying to fill the gap themselves because it is in their best interests to
be able to say definitively when a performance
problem is not in their infrastructure. They are
deploying client-based tools that users download as a browser extension and use
to map performance across all the hops
between themselves and the providers
infrastructure.
The bottom line is, even in the age of SasS,
IT has ways to help cement good application
performance for critical tools. However IT decides to approach the problem, whether down
low with QoS tagging or up high with protocol
optimization, or from the side by changing the
way clients get to SaaS services, it can take an
active role in ensuring a smooth shift to this
new enterprise technology paradigm.
John Burke

ABOUT
THE
AUTHORS

Home
Editors Note
WAN
Management
WAN and
Mobility
SaaS
Services

HENRY SVENDBLAD draws upon 20 years of experience

leading technology teams, having held positions as a

CTO, VP of Technology and Group Director of Infrastructure Services, among others. Through these positions, he has run successful technology implementations,
been responsible for key strategic and technology decisions and controlled large IT budgets. Svendblad holds
a Bachelor of Science degree in business administration
from Boston University and has held positions with Safeway, Millennium Partners, McKesson and others.

Control Networks Without Borders is a

SearchNetworking.com e-publication.
Kate Gerwig | Editorial Director
Kara Gattine | Senior Managing Editor
Rivka Gewirtz Little | Executive Editor
Shamus McGillicuddy | News Director

PHILIP CLARKE is

a widely regarded expert on mobility

and a senior research analyst with Nemertes Research,
where he researches wireless and mobility trends that affect the enterprise. He focuses on emerging trends, including the consumerization of IT, device usage, the rise
of the new mobile workforce and the technologies that
enable these shifts in work patterns.
JOHN BURKE is

principal research analyst with Nemertes

Research. With nearly two decades of technology experience, he has worked at all levels of IT, including
end-user support specialist, programmer, system administrator, database specialist, network administrator, network architect and systems architect. He has worked at
The Johns Hopkins University, The College of St. Catherine and the University of St. Thomas.

1 3 CO NT RO L N ET WO R KS W I T H OUT BO R D E RS

Tessa Parmenter | Site Editor

Chuck Moozakis | Site Editor
Rachel Shuster | Associate Managing Editor
Linda Koury | Director of Online Design
Neva Maniscalco | Graphic Designer
Doug Olender | Vice President/Group Publisher
dolender@techtarget.com
TechTarget
275 Grove Street, Newton, MA 02466
www.techtarget.com
2013 TechTarget Inc. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the
publisher. TechTarget reprints are available through The YGS Group.
About TechTarget: TechTarget publishes media for information technology
professionals. More than 100 focused websites enable quick access to a deep
store of news, advice and analysis about the technologies, products and processes crucial to your job. Our live and virtual events give you direct access to
independent expert commentary and advice. At IT Knowledge Exchange, our
social community, you can get advice and share solutions with peers and experts.