Remote working and the use of thin clients to connect to centrally stored servers brought with it the need to manage and secure these gateways to sensitive business data and important productivity suites. One solution was Propalms, using Microsofts Remote Desktop services as its connectivity foundation, which allows companies to manage their servers and applications while using SSL to secure user authentications and to provide access to only the applications a user needs. But, as with every solution, its performance is very sensitive to slow and congested WAN infrastructure, which is especially important because every time you save a bit of bandwidth means another user can be connected.
Our testing lab decided to mimic a business with a centrally stored Propalms server farm being connected to by a branch office client using a single port relay server to provide SSL security. This configuration would accurately reflect the standard installation found in most Propalms deployments.
For our tests, we set up a typical configuration of an application server acting as the back-end and a relay server running in single port relay mode so all connections are made across TCP port 443. We then attempted to connect a Windows 7 client on the other side of a WAN emulator configured with 2MB of bandwidth and 70ms of latency. This would allow us to guage the effectiveness of WAN optimisation on reducing the bandwidth consumption of Propalms and its underlying RDP traffic when under a low bandwidth, higher latency environment.
Since the key performance metrics for this test are centred around how long it takes for a user to connect, the lag between sending input (mouse movements, keyboard entry) and the data reduction achieved, we decided to test connecting before enabling the acceleration tunnel in order to find a baseline performance on our emulated connection.
Before acceleration, it would take 20 seconds from clicking on the Windows Desktop application to the RDP window first appearing. From there, typing into notepad on the remote server would involve a 2 second lag between the key press and the character appearing on the screen.
Once the acceleration tunnel was enabled, the same connection would take between 8 and 12 seconds from button click to RDP window opening and the delay between key presses and the characters appearing on the screen in notepad was reduced to a single second. So, immediately, we are seeing the wasted time reduced and the user experience improved leading to a boost in productivity.
The amount of bandwidth consumed by each connection is also greatly reduced, as you can see from the above screenshot. Before acceleration, the movement between different application windows and typing into notepad would have generated 2.1MB of data to be transferred across the WAN link. After acceleration, this was reduced by nearly 70%, to 664KB.
These bandwidth savings mean a greater number of users can be supported on this 2mb connection than before and, if the user was on a metered connection where every MB comes with a monetary cost such as mobile data connections, it directly reduces the costs of doing business on the go.
Propalms' use of the RDP protocol meant that before our WAN Optimisation units were installed, providing branch office and remote users access to shared resources and business applications was slow, dragging productivity down and costly in terms of bandwidth consumption and requirement per user due to the inefficiencies inherent in all remote access protocols. After acceleration there was a noticeable improvement in performance and the data reduction would also lead to an equally noticeable impact on your mobile communications, leaving you to work with the management and security facilities of the Propalms TSE suite.
Not only will Sangfor WAN Optimisation provide a boost in worker productivity, but it will increase the number of users your current WAN infrastructure can support without the prohibitively high line rental costs.
Keeping a network of Windows based computers up to date with the latest patches from Microsoft is an essential way to close security holes and fix OS instabilities; WSUS (Windows System Update Services) is Microsoft’s central patch management system designed to simplify this process. The regular stream of updates both downloaded directly from Microsoft’s servers and between the internal WSUS stores places a considerable strain on the WAN link between sites and creates regular “update storms” once new patches are authorised for installation on the famous "Patch Tuesdays".
Even with the best configuration involving local office stores and strict group policies, each of those stores need updating, will report back to their primary server and the occasional client contacting Windows Update directly or will download from a remote repository adds up to a still significan overhead on your WAN infrastructure.
For our scenario we tested a WSUS deployment downloading updates from Microsoft’s servers and pushing these out to a client machine located on the other side of a WAN emulator running at 2MB with 30ms of latency and with a Sangfor S5000 on either side, as shown in the network diagram below.
To simulate a WSUS deployment, on one side of the emulated WAN we created an Active Directory domain controller, installed WSUS onto the DC and configured the required group policy settings. On the other side we set up two Windows 7 client computers and joined them to the domain. After ensuring each of the clients had successfully applied the group policy settings, we began the Windows Update procedure on the first client and observed first pass data reduction rates of 23%, as shown in the screenshot below.
Updates by the second client PC saw benefits from the content caching, reducing the amount of data by up to 99% and dramatically speeding up the time it took to update the machine, since the limit was no longer how long it takes to download the updates but how quickly it could install them. Scale this up to tens and hundreds of PC's and the reduction in bandwidth consumption becomes quite noticable.
The amount of bandwidth lost to windows updates and the nature of the release patterns lead to so called "Update Storms" as machines attempt to download the - often sizable - patches within the same timeframe, which often impacts on latency and bandwidth sensitive services such as VOIP, Citrix and Remote Desktop connections.
By introducing WAN optimisation technologies, this flood of bandwidth demand can be substantially reduced through compression and block-level caching, leaving a minimal amount of traffic between each client and server and the inevitable few clients who still try to connect directly to Microsoft's update servers. This remaining traffic can be further controlled by using the built-in Bandwidth Management capabilities to set minimum and maximum bandwidth values for the various services using the link. That means you can guarantee the amount of bandwidth available for your Remote Desktop/Citrix connections and VOIP communications to run without degrading performance or sacrificing important OS updates.
The rise of workplace collaboration services such as Microsoft’s SharePoint Server leads to increased demand on a company’s WAN infrastructure. Slow file downloads and uploads, waiting on pages to load and the resulting decrease in available bandwidth for other network services can increase pressure on IT departments to find a cost effective solution.
For this scenario we tested Microsoft’s SharePoint server product, which is commonly used as a team working and corporate intranet solution across a WAN link.
As part of our simulation we built a simple test network comprising of a client PC, a SharePoint server, WAN emulator and two Sangfor S5000's, detailed in the diagram below.
To simulate standard SharePoint activity, we accessed dummy Word and Excel documents which had been uploaded to the server and would make changes to the contents before saving them back. As we exchanged data between the client and the server, the WAN Optimisation units would compress data on its first pass while building up a block-by-block cache of the web pages and documents. This cache was responsible for reducing WAN traffic by up to 99%, as viewable from the screen capture below.
In conjunction with the data reduction, our HTTP proxy will optimise the communications on a protocol level to reduce needless round trips and to streamline the requests to the server, reducing the time it takes between clicking on a link and the page rendering in your browser of choice. The dramatic effect this has on file opening times and on wasted productivity waiting for pages to open can be achieved without replacing your current WAN infrastructure, allowing you to increase its throughput and improve ROI.
The performance improvement for your remote SharePoint users will be noticeable from the moment you install our optimisers, boosting staff productivity and reducing service complaints. This improvement is not limited to office based staff either, using our PACC client you will be able to improve remote worker staff and raise productivity levels to match their office based contemporaries.
Backups are notorious for taking considerable amounts of time to complete and are often scheduled overnight, a window of opportunity that is constantly shrinking as business increasingly runs 24/7 and with ever growing stores of data to protect. Providing backup for remote sites adds time zones and another limited resource to the equation – WAN bandwidth.
Resolving the issue often means spending time and money upgrading the connections, backup infrastructure and finding the right time in order to limit the effect on other network services. This is where WAN Optimisation can provide a cost-effective solution.
Remote company data is to be backed up across a WAN link by a server running Acronis Backup & Recovery 10, simulating a remote office configuration as shown in the network diagram below.
We resticted the available WAN bandwidth to 20mb/s with a latency of 30ms. The data to be backed up comprises 500MB of various zip files, executables and Office documents shared via Windows file sharing (CIFS), typical of many small office server deployments.
A simple job was created to backup files stored in the various shared folders on the test server. To access this data, Acronis Backup & Recovery 10 relies upon the inefficient CIFS protocol (TCP 445) to do much of its data transfer, resulting in poor job rates and a susceptibility to high latencies. When performing the same job with WAN Optimisation from Sangfor, the transfer of data was speeded up by optimising the underlaying protocol (CIFS) which cuts down on unnecessary communication between devices (so called “chatter”), helping it to overcome the high latency, low bandwidth environment of WAN infrastructure.
Because the "first pass" of any backup job will only grant the benefit of protocol optimisation and data compression, we only saw a 20 to 30% data reduction rate.
As this first job processes through the data, it will also be logged on a block-by-block basis into the cache of the units. This means subsequent jobs benefit from the cached data, which allows the unit to build the files locally rather than transmitting the full file across the WAN; pushing the orange mountain range in the above image down further, dramatically lowering backup times and WAN traffic.
For less than the yearly cost of an upgraded WAN link, the addition of a pair of WAN Optimisation units to your infrastructure substantially decreases the time it takes for your backup jobs to complete, with data reduction rates of up to 90%.
Where you may have been pushing the limits of a 6 hour backup window, now you will be completing jobs with time to spare. The difference could mean being able to fit in a mid-day backup without compromising the performance of your critical business productivity applications.
In the end, this opens up your disaster recovery and business continuity plans to the sort of flexibility you once thought out of reach for all but the very largest enterprises.
Sometimes it helps to see a concept in action before we can understand it. So, to help with that, we have created the following Flash animation showing how WAN Optimisation reduces not only the total round trip time of communications (which helps to significantly increase throughput) but will reduce the data being exchanged by caching and compressing it.
Anti-virus protection, such as Kaspersky, on a corporate WAN has evolved from separate applications doing their own thing, acquiring their own updates from the internet and only alerting the user as to any threat discovered on their computer into being centrally managed by a server console from where they will collect their updates, receive configuration policies and send their status and alerts to.
As you can imagine, all this extra chatter between a network full of client applications and their controlling server will add to the background level of traffic flowing across the WAN infrastructure of a business, with bursts of data consumption whenever a policy is updated or a scheduled task completes and each client affected reports back. Due to the scaling nature of the traffic – which can reach to multiple GB’s per week - something needs to be done to bring it under control before it impacts on your other business applications and general productivity.
Using WAN Optimisation from Sangfor will dramatically reduce Kaspersky’s bandwidth utilisation as it will cache any update files and minimise the flood of traffic whenever clients update and compresses any management communications.
Taking one of our customers as an example, their Kaspersky solution covering 4 sites with a total of 100 users would see an average daily traffic of 1GB across their WAN to the central management server at their head office. After optimisation this traffic sees a reduction of 75 to 85%, bringing data consumption rates down to 250MB or lower.
However, to reach this level of optimisation you will need to disable the encryption settings via the Kaspersky management console policy settings, forcing the traffic onto TCP port 14000 rather than port 13000. With this change in place, the spikes of traffic generated between all or groups of computers and your management servers can be smoothed out and their impact on latency sensitive applications such as Citrix and Remote Desktop significantly reduced or eliminated entirely, allowing your users to get on with their work while keeping the network secure from threats.
Virtualisation is changing the face of IT services and with it the very way a company needs to address its disaster recovery plans. Due to how virtualised resources can be moved about and quickly created from scratch to meet demand, a traditional “end of day” backup procedure simply cannot protect your servers as it once could.
To meet these changing DR needs, Veeam developed their Backup & Replication suite with image based replication of virtualised applications and machines to provide near-Continuous Data Protection (near-CDP) for VMWare based infrastructure, and soon to cover Hyper-V too. However, adding backup and replication services to a distributed network and their DR sites will place a substantial burden onto WAN infrastructure, restricting your replication windows and opens up further problems that often prove to be very costly to resolve and will only get worse the more services you run across your network. This is where WAN Optimisation from Sangfor can really deliver.
Rather than throwing expensive bandwidth at the problem and upgrading connections, our units can be installed into a business’s existing infrastructure at a fraction of the line cost and will employ compression and block level caching technologies to dramatically reduce the data transferred across a WAN link. This will greatly decrease transfer times, improve job rates and grants IT departments a greater degree of flexibility when it comes to their backup windows.
Don’t just take our word for it, we have customers who observed a 10 times reduction in their data transfer after installing our WAN optimisation units. In another case, a 20 fold reduction was achieved causing 86.04GB of data to be reduced to a mere 4.14GB even with the highest level of native compression, converting a replication job struggling to complete across their 10MB links with ~70ms latency into one that finished with time to spare.
By effectively trivialising the amount of data being exchanged and the time spent waiting for the transfer to complete, you can finally take advantage of the on-demand promises of virtualisation to create your own private cloud; quickly moving resources from one location to another and react to current levels of demand or even to get ahead of the curve and be ready for trending changes before they happen.
Choosing WAN optimisation from Sangfor will extend its benefits beyond your Veeam deployment too, since our units can accelerate all the other services and applications present on your network rather than tying your money up in licensing and equipment designed around improving only your Veeam traffic. Not only will you solve your backup problems but you can improve staff productivity across all departments and offices in your company.
Returning to disaster recovery, reducing the impact on your WAN has the potential to transform your once a day backups - often at the end of a working day – into tailored solutions to fit the service, be it multiple times per day/week/month or a continuous stream, finally allowing you to break through the old limitations on backup windows and reduce the mean time between jobs.
FalconStor Network Storage Server Virtual Appliance (NSS VA) provides enterprise level virtualised storage, mirroring and replication to VMWare ESX based environments across corporate networks using the iSCSI protocol. The huge volumes of traffic generated by this process often requires capabilities to be scaled back to reduce the pressure on a companies' WAN infrastructure or expensive upgrades and dedicated communications hardware to realise its full benefit.
To see if WAN Optimisation from Sangfor could provide a low cost alternative solution, we decided to put our units to the test by pushing FalconStor NSS VA traffic as low as we could.
We created the scenario of a head office replicating two Windows 7 VMDK files from their main VMWare ESX server (10.10.1.194) to a backup server (10.10.34.10) across a 7Mb/s low latency WAN connection.
To find out how effective Sangfor WAN Optimisation (WANO) is on the substantial volumes of traffic FalconStor NSS VA is capable of generating, we configured a test environment shown in the diagram above.
Each NSS VA v6.15 was set up with a simple 50GB virtual LUN, a 50GB snapshot disk and a replication disk. Native compression and encryption on the replication session was turned off and “continuous replication” mode enabled between the NSS VA's, allowing our WANO units full access to the raw data stream.
Setting up and installing the first Windows 7 guest OS on the ESX server running on IP 10.10.33.194/24 allowed us to perform what is known as a “first pass”, where data is seen for the first time by our unit and cached for subsequent requests, which means the majority of the optimisation occurs as a result of our iSCSI filter and compression algorithms.
From this first pass we observed data reduction rates of 50 to 60%, subsequent passes using a second Windows 7 guest OS could then take advantage of the cached data to improve these figures to between 80 to 90% of its original traffic. Over the course of this test, the FalconStor NSS VA would have transferred over 15GB of data; our WANO units reduced this to only 3.3GB for a final reduction rate of 78%.
The following images are the reports generated by our reporting module, showcasing the dramatic impact of the Sangfor WAN Optimisation unit on this stream of data.
While the above chart shows just how effective our WANO unit was in reducing WAN traffic, the chart below really spells out the capability of the units caching abilities in driving down WAN utilisation over and above their protocol optimisation and packet compression abilities.
Whether you are using FalconStor NSS VA to replicate your data to a central store/backup solution or to a DR site for business continuity, using WAN Optimisation from Sangfor will dramatically reduce the burden placed on your WAN infrastructure. This allows you to change the way you approach disaster recovery and high availability for your company without costly line upgrades or over provisioning “just in case”.
These days a company WAN is no longer restricted to offices in the middle of towns and cities. With the rise of mobile data services such as 3G routers and - in particular – VSAT internet connections, WAN’s are extending their reach to include a variety of hard to connect locations such as construction sites, oil rigs and ad-hoc emergency response camps in the wake of natural disasters.
However, with this mobility comes a heavy price in very high latencies (1000ms and above), slow line speeds and even per MB usage charges. In such constrained network environments it can be next to impossible to access company services and applications, especially with the more “chatty” protocols such as CIFS/SMB where a high latency connection will increase the time it takes to browse shares and transfer files by orders of magnitude compared to LAN performance.
Making satellite lines workable for your employees is about more than just ramping up the bandwidth, it’s about improving communications on the application and transport layers themselves. This can be achieved by placing our WAN optimisation (WANO) units at each end of the connection; these will then intercept packets and process them through our multi-layered application proxies to accelerate and optimise the traffic.
For example, when accessing a Windows shared folder across a VSAT link with 1000ms latency, the captured packets will be sent to our CIFS proxy - which understands how the protocol functions and behaves - and sends an acknowledgement packet (ACK) back to your machine to enable the next packet to be sent straight away. Normally your machine would be left waiting for the packet to travel across the link (1000ms there), arrive at the server and have its ACK packet sent back to your machine (crossing that 1000ms line again for a round trip total of at least 2000ms). Multiply this across the thousands of packets sent by both sides during file transfers and the wasted time waiting for each one soon adds up.
In addition to optimising the protocol flow by making the ACK portion of the trip local, the WANO performs block-level caching which reduces the raw data transferred across the link by only sending the changed parts of files and rebuilding them on the other side, providing a reduction of data transmission of up to 90% - which can make a real difference to your communications costs if you are paying for the data on top of line rental fees.
The end result is an almost LAN like experience from high latency/low bandwidth connections and improving the performance of business applications by a factor of 5 to 60 times across satellite connections.
Our testing labs put Symantec's Backup Exec to the test to show, in real terms, the improvement you can expect from Sangfor WAN Optimisation.
For this scenario we backed up 500Mb of common file types - including those with various degrees of inherent compression (jpeg, zip etc) - across a WAN link using Symantec’s Backup Exec, which is used to provide comprehensive disaster recovery and backup services to many businesses across the world.
To simulate this scenario we built a simple testing network, detailed in the diagram below.
Back up and disaster recovery are possibly the most important IT services within a business yet their delivery and provision can be fraught with problems. Rising volumes of data and ever decreasing windows of opportunity to successfully back that data up, especially across bottlenecks such as a WAN link, often require heavy expenditure to reach a solution.
Many companies will deploy additional backup devices to remove the WAN link from the equation entirely or will opt for faster and/or more connections. Both solutions involve heavy one off costs and continued payments in line rental costs, tape supplies and staffing to look after the increased tape libraries.
The impact of Sangfor WAN Optimisation on Backup Exec
However, there is an affordable and elegant solution utilising WAN Optimisation from Sangfor to dramatically reduce the backup times for remote sites. By taking advantage of our traffic compression technologies, you will see an instant improvement in backup times on your first run.
On subsequent passes our acceleration features will learn from the files being exchanged and ensure that any redundant data is not transferred, making bandwidth available for new and changed files leading to even greater backup time reductions on top of those gained from compression.
As you can see from figures 1 and 2, the first pass saw a data flow reduction of almost 40%; subsequent backups increased this optimisation to 85% and can manage higher as the WAN Optimiser learns over time.
In a perfect world, backups would have the whole connection to work with; however, as public and private cloud adoption increases new services are being introduced which compete with each other for valuable bandwidth impacting on efficiency and reliability of the services sharing the connection. To ensure the capacity needs of high priority jobs such as backups are met, there is a configurable Bandwidth Management interface allowing you to specify a minimum amount of bandwidth on a service by service basis. This allows you to calculate a baseline time for your backup windows without worrying about being muscled off the WAN.
Delivering on our promise
The end result is clearly visible and speaks for itself in the Job Rate column - a minimisation of the bottleneck effect from the WAN link to produce a quicker backup in a simple and cost effective solution.