Remote working and the use of thin clients to connect to centrally stored servers brought with it the need to manage and secure these gateways to sensitive business data and important productivity suites. One solution was Propalms, using Microsofts Remote Desktop services as its connectivity foundation, which allows companies to manage their servers and applications while using SSL to secure user authentications and to provide access to only the applications a user needs. But, as with every solution, its performance is very sensitive to slow and congested WAN infrastructure, which is especially important because every time you save a bit of bandwidth means another user can be connected.
Our testing lab decided to mimic a business with a centrally stored Propalms server farm being connected to by a branch office client using a single port relay server to provide SSL security. This configuration would accurately reflect the standard installation found in most Propalms deployments.
For our tests, we set up a typical configuration of an application server acting as the back-end and a relay server running in single port relay mode so all connections are made across TCP port 443. We then attempted to connect a Windows 7 client on the other side of a WAN emulator configured with 2MB of bandwidth and 70ms of latency. This would allow us to guage the effectiveness of WAN optimisation on reducing the bandwidth consumption of Propalms and its underlying RDP traffic when under a low bandwidth, higher latency environment.
Since the key performance metrics for this test are centred around how long it takes for a user to connect, the lag between sending input (mouse movements, keyboard entry) and the data reduction achieved, we decided to test connecting before enabling the acceleration tunnel in order to find a baseline performance on our emulated connection.
Before acceleration, it would take 20 seconds from clicking on the Windows Desktop application to the RDP window first appearing. From there, typing into notepad on the remote server would involve a 2 second lag between the key press and the character appearing on the screen.
Once the acceleration tunnel was enabled, the same connection would take between 8 and 12 seconds from button click to RDP window opening and the delay between key presses and the characters appearing on the screen in notepad was reduced to a single second. So, immediately, we are seeing the wasted time reduced and the user experience improved leading to a boost in productivity.
The amount of bandwidth consumed by each connection is also greatly reduced, as you can see from the above screenshot. Before acceleration, the movement between different application windows and typing into notepad would have generated 2.1MB of data to be transferred across the WAN link. After acceleration, this was reduced by nearly 70%, to 664KB.
These bandwidth savings mean a greater number of users can be supported on this 2mb connection than before and, if the user was on a metered connection where every MB comes with a monetary cost such as mobile data connections, it directly reduces the costs of doing business on the go.
Propalms' use of the RDP protocol meant that before our WAN Optimisation units were installed, providing branch office and remote users access to shared resources and business applications was slow, dragging productivity down and costly in terms of bandwidth consumption and requirement per user due to the inefficiencies inherent in all remote access protocols. After acceleration there was a noticeable improvement in performance and the data reduction would also lead to an equally noticeable impact on your mobile communications, leaving you to work with the management and security facilities of the Propalms TSE suite.
Not only will Sangfor WAN Optimisation provide a boost in worker productivity, but it will increase the number of users your current WAN infrastructure can support without the prohibitively high line rental costs.
Virtualisation is transforming the IT landscape by consolidating servers, increasing service flexibility and extending their reach to places that were, until now, unsuitable for traditional server room hardware. To keep up with this challenge, Sangfor is proud to unveil its virtual WAN Optimisation product – vWANO.
With the release of vWANO (initially only available for VMWare based environments), we are building on our success in the WAN Optimisation (WANO) market and bringing our philosophy of enterprise products at SME prices to the virtualised world, allowing our customers to truly unlock the potential of virtualised environments in ways that won’t break already squeezed IT spending budgets.
From replicating backups of virtualised servers in remote offices, deploying new and even mobile or temporary offices to reducing cab-to-cab traffic within a server room or data centre to ease pressure on internal backbones, our virtual WANO will become an indispensible tool for providing traffic optimisation, acceleration and management.
By virtualising our product range, we are giving our customers the freedom to choose between the traditional physical and a virtual unit, ensuring they can decide on the right solution for the right situation.
Keeping a network of Windows based computers up to date with the latest patches from Microsoft is an essential way to close security holes and fix OS instabilities; WSUS (Windows System Update Services) is Microsoft’s central patch management system designed to simplify this process. The regular stream of updates both downloaded directly from Microsoft’s servers and between the internal WSUS stores places a considerable strain on the WAN link between sites and creates regular “update storms” once new patches are authorised for installation on the famous "Patch Tuesdays".
Even with the best configuration involving local office stores and strict group policies, each of those stores need updating, will report back to their primary server and the occasional client contacting Windows Update directly or will download from a remote repository adds up to a still significan overhead on your WAN infrastructure.
For our scenario we tested a WSUS deployment downloading updates from Microsoft’s servers and pushing these out to a client machine located on the other side of a WAN emulator running at 2MB with 30ms of latency and with a Sangfor S5000 on either side, as shown in the network diagram below.
To simulate a WSUS deployment, on one side of the emulated WAN we created an Active Directory domain controller, installed WSUS onto the DC and configured the required group policy settings. On the other side we set up two Windows 7 client computers and joined them to the domain. After ensuring each of the clients had successfully applied the group policy settings, we began the Windows Update procedure on the first client and observed first pass data reduction rates of 23%, as shown in the screenshot below.
Updates by the second client PC saw benefits from the content caching, reducing the amount of data by up to 99% and dramatically speeding up the time it took to update the machine, since the limit was no longer how long it takes to download the updates but how quickly it could install them. Scale this up to tens and hundreds of PC's and the reduction in bandwidth consumption becomes quite noticable.
The amount of bandwidth lost to windows updates and the nature of the release patterns lead to so called "Update Storms" as machines attempt to download the - often sizable - patches within the same timeframe, which often impacts on latency and bandwidth sensitive services such as VOIP, Citrix and Remote Desktop connections.
By introducing WAN optimisation technologies, this flood of bandwidth demand can be substantially reduced through compression and block-level caching, leaving a minimal amount of traffic between each client and server and the inevitable few clients who still try to connect directly to Microsoft's update servers. This remaining traffic can be further controlled by using the built-in Bandwidth Management capabilities to set minimum and maximum bandwidth values for the various services using the link. That means you can guarantee the amount of bandwidth available for your Remote Desktop/Citrix connections and VOIP communications to run without degrading performance or sacrificing important OS updates.
The rise of workplace collaboration services such as Microsoft’s SharePoint Server leads to increased demand on a company’s WAN infrastructure. Slow file downloads and uploads, waiting on pages to load and the resulting decrease in available bandwidth for other network services can increase pressure on IT departments to find a cost effective solution.
For this scenario we tested Microsoft’s SharePoint server product, which is commonly used as a team working and corporate intranet solution across a WAN link.
As part of our simulation we built a simple test network comprising of a client PC, a SharePoint server, WAN emulator and two Sangfor S5000's, detailed in the diagram below.
To simulate standard SharePoint activity, we accessed dummy Word and Excel documents which had been uploaded to the server and would make changes to the contents before saving them back. As we exchanged data between the client and the server, the WAN Optimisation units would compress data on its first pass while building up a block-by-block cache of the web pages and documents. This cache was responsible for reducing WAN traffic by up to 99%, as viewable from the screen capture below.
In conjunction with the data reduction, our HTTP proxy will optimise the communications on a protocol level to reduce needless round trips and to streamline the requests to the server, reducing the time it takes between clicking on a link and the page rendering in your browser of choice. The dramatic effect this has on file opening times and on wasted productivity waiting for pages to open can be achieved without replacing your current WAN infrastructure, allowing you to increase its throughput and improve ROI.
The performance improvement for your remote SharePoint users will be noticeable from the moment you install our optimisers, boosting staff productivity and reducing service complaints. This improvement is not limited to office based staff either, using our PACC client you will be able to improve remote worker staff and raise productivity levels to match their office based contemporaries.
We are pleased to announce our support for and attendance of this years Yorkshire Mafia event, to be held at the Royal Armouries on the 21st and 22nd of March.
The Yorkshire Mafia brings together executives and stakeholders from the Yorkshire Business Community to meet, network, share experience, learn, build relationships and ultimately trade (where appropriate). This is all done in a relaxed and sales-free environment.
The Yorkshire Mafia is a broad cross-section of our region’s business community Our members reflect Yorkshire’s pride, its energy, drive and refusal to be beaten by adversity. Most members are born and bred in Yorkshire, but some have moved to the county to find their fortune.
Members includes people from all walks of business life – they are owner managers of local businesses, middle-managers who are on the way up and leading lights at large FTSE organisations.
It’s a community where you will rub shoulders with serial entrepreneurs, executives and academics who have strong ties with the business world.
Egos are “parked” at the door before any of the group’s events begins. This absence of posturing means that members can relax and be themselves.
If you wish to drop by for a chat, you can find us at stand 130.
Show date: 21st and 22nd of March 2012
Show location: Royal Armouries, Leeds
Backups are notorious for taking considerable amounts of time to complete and are often scheduled overnight, a window of opportunity that is constantly shrinking as business increasingly runs 24/7 and with ever growing stores of data to protect. Providing backup for remote sites adds time zones and another limited resource to the equation – WAN bandwidth.
Resolving the issue often means spending time and money upgrading the connections, backup infrastructure and finding the right time in order to limit the effect on other network services. This is where WAN Optimisation can provide a cost-effective solution.
Remote company data is to be backed up across a WAN link by a server running Acronis Backup & Recovery 10, simulating a remote office configuration as shown in the network diagram below.
We resticted the available WAN bandwidth to 20mb/s with a latency of 30ms. The data to be backed up comprises 500MB of various zip files, executables and Office documents shared via Windows file sharing (CIFS), typical of many small office server deployments.
A simple job was created to backup files stored in the various shared folders on the test server. To access this data, Acronis Backup & Recovery 10 relies upon the inefficient CIFS protocol (TCP 445) to do much of its data transfer, resulting in poor job rates and a susceptibility to high latencies. When performing the same job with WAN Optimisation from Sangfor, the transfer of data was speeded up by optimising the underlaying protocol (CIFS) which cuts down on unnecessary communication between devices (so called “chatter”), helping it to overcome the high latency, low bandwidth environment of WAN infrastructure.
Because the "first pass" of any backup job will only grant the benefit of protocol optimisation and data compression, we only saw a 20 to 30% data reduction rate.
As this first job processes through the data, it will also be logged on a block-by-block basis into the cache of the units. This means subsequent jobs benefit from the cached data, which allows the unit to build the files locally rather than transmitting the full file across the WAN; pushing the orange mountain range in the above image down further, dramatically lowering backup times and WAN traffic.
For less than the yearly cost of an upgraded WAN link, the addition of a pair of WAN Optimisation units to your infrastructure substantially decreases the time it takes for your backup jobs to complete, with data reduction rates of up to 90%.
Where you may have been pushing the limits of a 6 hour backup window, now you will be completing jobs with time to spare. The difference could mean being able to fit in a mid-day backup without compromising the performance of your critical business productivity applications.
In the end, this opens up your disaster recovery and business continuity plans to the sort of flexibility you once thought out of reach for all but the very largest enterprises.
Sangfor is proud to announce our attendance at this years InfoSec expo.
Infosecurity Europe is the only European event that enables industry professionals to gather vital information about the latest trends and developments in IT security, exchange ideas and shop for products and services to create security solutions.
We will be exhibiting on stand C51 so feel free to pay us a visit!
Show Date: 24th to 26th of April, 2012
Location: Earls Court, London
Sangfor is proud to announce its attendance at this years CeBIT in Hannover, Germany.
CeBIT is the digital industry's biggest, most international event. Thanks to its unique combination of exhibition, conferences, keynotes, corporate events and lounges, CeBIT represents an unrivaled tool for doing business and sealing deals.
More than 4,200 companies from over 70 countries participated at CeBIT 2011, including many firms which returned after a break of several years, such as Xerox, Canon, Epson, Siemens Enterprise Communications, HP and Motorola.
You will be able to find us in Hall 12 at Stand A06, feel free to drop by and have a chat!
Show Date: 06 - 10 March 2012
Show Venue: Exhibition Grounds, 30521 Hannover, Germany
Opening Hours: daily, 9 a.m. to 6 p.m.
Sometimes it helps to see a concept in action before we can understand it. So, to help with that, we have created the following Flash animation showing how WAN Optimisation reduces not only the total round trip time of communications (which helps to significantly increase throughput) but will reduce the data being exchanged by caching and compressing it.
Anti-virus protection, such as Kaspersky, on a corporate WAN has evolved from separate applications doing their own thing, acquiring their own updates from the internet and only alerting the user as to any threat discovered on their computer into being centrally managed by a server console from where they will collect their updates, receive configuration policies and send their status and alerts to.
As you can imagine, all this extra chatter between a network full of client applications and their controlling server will add to the background level of traffic flowing across the WAN infrastructure of a business, with bursts of data consumption whenever a policy is updated or a scheduled task completes and each client affected reports back. Due to the scaling nature of the traffic – which can reach to multiple GB’s per week - something needs to be done to bring it under control before it impacts on your other business applications and general productivity.
Using WAN Optimisation from Sangfor will dramatically reduce Kaspersky’s bandwidth utilisation as it will cache any update files and minimise the flood of traffic whenever clients update and compresses any management communications.
Taking one of our customers as an example, their Kaspersky solution covering 4 sites with a total of 100 users would see an average daily traffic of 1GB across their WAN to the central management server at their head office. After optimisation this traffic sees a reduction of 75 to 85%, bringing data consumption rates down to 250MB or lower.
However, to reach this level of optimisation you will need to disable the encryption settings via the Kaspersky management console policy settings, forcing the traffic onto TCP port 14000 rather than port 13000. With this change in place, the spikes of traffic generated between all or groups of computers and your management servers can be smoothed out and their impact on latency sensitive applications such as Citrix and Remote Desktop significantly reduced or eliminated entirely, allowing your users to get on with their work while keeping the network secure from threats.