Remote working and the use of thin clients to connect to centrally stored servers brought with it the need to manage and secure these gateways to sensitive business data and important productivity suites. One solution was Propalms, using Microsofts Remote Desktop services as its connectivity foundation, which allows companies to manage their servers and applications while using SSL to secure user authentications and to provide access to only the applications a user needs. But, as with every solution, its performance is very sensitive to slow and congested WAN infrastructure, which is especially important because every time you save a bit of bandwidth means another user can be connected.
Our testing lab decided to mimic a business with a centrally stored Propalms server farm being connected to by a branch office client using a single port relay server to provide SSL security. This configuration would accurately reflect the standard installation found in most Propalms deployments.
For our tests, we set up a typical configuration of an application server acting as the back-end and a relay server running in single port relay mode so all connections are made across TCP port 443. We then attempted to connect a Windows 7 client on the other side of a WAN emulator configured with 2MB of bandwidth and 70ms of latency. This would allow us to guage the effectiveness of WAN optimisation on reducing the bandwidth consumption of Propalms and its underlying RDP traffic when under a low bandwidth, higher latency environment.
Since the key performance metrics for this test are centred around how long it takes for a user to connect, the lag between sending input (mouse movements, keyboard entry) and the data reduction achieved, we decided to test connecting before enabling the acceleration tunnel in order to find a baseline performance on our emulated connection.
Before acceleration, it would take 20 seconds from clicking on the Windows Desktop application to the RDP window first appearing. From there, typing into notepad on the remote server would involve a 2 second lag between the key press and the character appearing on the screen.
Once the acceleration tunnel was enabled, the same connection would take between 8 and 12 seconds from button click to RDP window opening and the delay between key presses and the characters appearing on the screen in notepad was reduced to a single second. So, immediately, we are seeing the wasted time reduced and the user experience improved leading to a boost in productivity.
The amount of bandwidth consumed by each connection is also greatly reduced, as you can see from the above screenshot. Before acceleration, the movement between different application windows and typing into notepad would have generated 2.1MB of data to be transferred across the WAN link. After acceleration, this was reduced by nearly 70%, to 664KB.
These bandwidth savings mean a greater number of users can be supported on this 2mb connection than before and, if the user was on a metered connection where every MB comes with a monetary cost such as mobile data connections, it directly reduces the costs of doing business on the go.
Propalms' use of the RDP protocol meant that before our WAN Optimisation units were installed, providing branch office and remote users access to shared resources and business applications was slow, dragging productivity down and costly in terms of bandwidth consumption and requirement per user due to the inefficiencies inherent in all remote access protocols. After acceleration there was a noticeable improvement in performance and the data reduction would also lead to an equally noticeable impact on your mobile communications, leaving you to work with the management and security facilities of the Propalms TSE suite.
Not only will Sangfor WAN Optimisation provide a boost in worker productivity, but it will increase the number of users your current WAN infrastructure can support without the prohibitively high line rental costs.
Keeping a network of Windows based computers up to date with the latest patches from Microsoft is an essential way to close security holes and fix OS instabilities; WSUS (Windows System Update Services) is Microsoft’s central patch management system designed to simplify this process. The regular stream of updates both downloaded directly from Microsoft’s servers and between the internal WSUS stores places a considerable strain on the WAN link between sites and creates regular “update storms” once new patches are authorised for installation on the famous "Patch Tuesdays".
Even with the best configuration involving local office stores and strict group policies, each of those stores need updating, will report back to their primary server and the occasional client contacting Windows Update directly or will download from a remote repository adds up to a still significan overhead on your WAN infrastructure.
For our scenario we tested a WSUS deployment downloading updates from Microsoft’s servers and pushing these out to a client machine located on the other side of a WAN emulator running at 2MB with 30ms of latency and with a Sangfor S5000 on either side, as shown in the network diagram below.
To simulate a WSUS deployment, on one side of the emulated WAN we created an Active Directory domain controller, installed WSUS onto the DC and configured the required group policy settings. On the other side we set up two Windows 7 client computers and joined them to the domain. After ensuring each of the clients had successfully applied the group policy settings, we began the Windows Update procedure on the first client and observed first pass data reduction rates of 23%, as shown in the screenshot below.
Updates by the second client PC saw benefits from the content caching, reducing the amount of data by up to 99% and dramatically speeding up the time it took to update the machine, since the limit was no longer how long it takes to download the updates but how quickly it could install them. Scale this up to tens and hundreds of PC's and the reduction in bandwidth consumption becomes quite noticable.
The amount of bandwidth lost to windows updates and the nature of the release patterns lead to so called "Update Storms" as machines attempt to download the - often sizable - patches within the same timeframe, which often impacts on latency and bandwidth sensitive services such as VOIP, Citrix and Remote Desktop connections.
By introducing WAN optimisation technologies, this flood of bandwidth demand can be substantially reduced through compression and block-level caching, leaving a minimal amount of traffic between each client and server and the inevitable few clients who still try to connect directly to Microsoft's update servers. This remaining traffic can be further controlled by using the built-in Bandwidth Management capabilities to set minimum and maximum bandwidth values for the various services using the link. That means you can guarantee the amount of bandwidth available for your Remote Desktop/Citrix connections and VOIP communications to run without degrading performance or sacrificing important OS updates.
Backups are notorious for taking considerable amounts of time to complete and are often scheduled overnight, a window of opportunity that is constantly shrinking as business increasingly runs 24/7 and with ever growing stores of data to protect. Providing backup for remote sites adds time zones and another limited resource to the equation – WAN bandwidth.
Resolving the issue often means spending time and money upgrading the connections, backup infrastructure and finding the right time in order to limit the effect on other network services. This is where WAN Optimisation can provide a cost-effective solution.
Remote company data is to be backed up across a WAN link by a server running Acronis Backup & Recovery 10, simulating a remote office configuration as shown in the network diagram below.
We resticted the available WAN bandwidth to 20mb/s with a latency of 30ms. The data to be backed up comprises 500MB of various zip files, executables and Office documents shared via Windows file sharing (CIFS), typical of many small office server deployments.
A simple job was created to backup files stored in the various shared folders on the test server. To access this data, Acronis Backup & Recovery 10 relies upon the inefficient CIFS protocol (TCP 445) to do much of its data transfer, resulting in poor job rates and a susceptibility to high latencies. When performing the same job with WAN Optimisation from Sangfor, the transfer of data was speeded up by optimising the underlaying protocol (CIFS) which cuts down on unnecessary communication between devices (so called “chatter”), helping it to overcome the high latency, low bandwidth environment of WAN infrastructure.
Because the "first pass" of any backup job will only grant the benefit of protocol optimisation and data compression, we only saw a 20 to 30% data reduction rate.
As this first job processes through the data, it will also be logged on a block-by-block basis into the cache of the units. This means subsequent jobs benefit from the cached data, which allows the unit to build the files locally rather than transmitting the full file across the WAN; pushing the orange mountain range in the above image down further, dramatically lowering backup times and WAN traffic.
For less than the yearly cost of an upgraded WAN link, the addition of a pair of WAN Optimisation units to your infrastructure substantially decreases the time it takes for your backup jobs to complete, with data reduction rates of up to 90%.
Where you may have been pushing the limits of a 6 hour backup window, now you will be completing jobs with time to spare. The difference could mean being able to fit in a mid-day backup without compromising the performance of your critical business productivity applications.
In the end, this opens up your disaster recovery and business continuity plans to the sort of flexibility you once thought out of reach for all but the very largest enterprises.
Virtualisation is changing the face of IT services and with it the very way a company needs to address its disaster recovery plans. Due to how virtualised resources can be moved about and quickly created from scratch to meet demand, a traditional “end of day” backup procedure simply cannot protect your servers as it once could.
To meet these changing DR needs, Veeam developed their Backup & Replication suite with image based replication of virtualised applications and machines to provide near-Continuous Data Protection (near-CDP) for VMWare based infrastructure, and soon to cover Hyper-V too. However, adding backup and replication services to a distributed network and their DR sites will place a substantial burden onto WAN infrastructure, restricting your replication windows and opens up further problems that often prove to be very costly to resolve and will only get worse the more services you run across your network. This is where WAN Optimisation from Sangfor can really deliver.
Rather than throwing expensive bandwidth at the problem and upgrading connections, our units can be installed into a business’s existing infrastructure at a fraction of the line cost and will employ compression and block level caching technologies to dramatically reduce the data transferred across a WAN link. This will greatly decrease transfer times, improve job rates and grants IT departments a greater degree of flexibility when it comes to their backup windows.
Don’t just take our word for it, we have customers who observed a 10 times reduction in their data transfer after installing our WAN optimisation units. In another case, a 20 fold reduction was achieved causing 86.04GB of data to be reduced to a mere 4.14GB even with the highest level of native compression, converting a replication job struggling to complete across their 10MB links with ~70ms latency into one that finished with time to spare.
By effectively trivialising the amount of data being exchanged and the time spent waiting for the transfer to complete, you can finally take advantage of the on-demand promises of virtualisation to create your own private cloud; quickly moving resources from one location to another and react to current levels of demand or even to get ahead of the curve and be ready for trending changes before they happen.
Choosing WAN optimisation from Sangfor will extend its benefits beyond your Veeam deployment too, since our units can accelerate all the other services and applications present on your network rather than tying your money up in licensing and equipment designed around improving only your Veeam traffic. Not only will you solve your backup problems but you can improve staff productivity across all departments and offices in your company.
Returning to disaster recovery, reducing the impact on your WAN has the potential to transform your once a day backups - often at the end of a working day – into tailored solutions to fit the service, be it multiple times per day/week/month or a continuous stream, finally allowing you to break through the old limitations on backup windows and reduce the mean time between jobs.
FalconStor Network Storage Server Virtual Appliance (NSS VA) provides enterprise level virtualised storage, mirroring and replication to VMWare ESX based environments across corporate networks using the iSCSI protocol. The huge volumes of traffic generated by this process often requires capabilities to be scaled back to reduce the pressure on a companies' WAN infrastructure or expensive upgrades and dedicated communications hardware to realise its full benefit.
To see if WAN Optimisation from Sangfor could provide a low cost alternative solution, we decided to put our units to the test by pushing FalconStor NSS VA traffic as low as we could.
We created the scenario of a head office replicating two Windows 7 VMDK files from their main VMWare ESX server (10.10.1.194) to a backup server (10.10.34.10) across a 7Mb/s low latency WAN connection.
To find out how effective Sangfor WAN Optimisation (WANO) is on the substantial volumes of traffic FalconStor NSS VA is capable of generating, we configured a test environment shown in the diagram above.
Each NSS VA v6.15 was set up with a simple 50GB virtual LUN, a 50GB snapshot disk and a replication disk. Native compression and encryption on the replication session was turned off and “continuous replication” mode enabled between the NSS VA's, allowing our WANO units full access to the raw data stream.
Setting up and installing the first Windows 7 guest OS on the ESX server running on IP 10.10.33.194/24 allowed us to perform what is known as a “first pass”, where data is seen for the first time by our unit and cached for subsequent requests, which means the majority of the optimisation occurs as a result of our iSCSI filter and compression algorithms.
From this first pass we observed data reduction rates of 50 to 60%, subsequent passes using a second Windows 7 guest OS could then take advantage of the cached data to improve these figures to between 80 to 90% of its original traffic. Over the course of this test, the FalconStor NSS VA would have transferred over 15GB of data; our WANO units reduced this to only 3.3GB for a final reduction rate of 78%.
The following images are the reports generated by our reporting module, showcasing the dramatic impact of the Sangfor WAN Optimisation unit on this stream of data.
While the above chart shows just how effective our WANO unit was in reducing WAN traffic, the chart below really spells out the capability of the units caching abilities in driving down WAN utilisation over and above their protocol optimisation and packet compression abilities.
Whether you are using FalconStor NSS VA to replicate your data to a central store/backup solution or to a DR site for business continuity, using WAN Optimisation from Sangfor will dramatically reduce the burden placed on your WAN infrastructure. This allows you to change the way you approach disaster recovery and high availability for your company without costly line upgrades or over provisioning “just in case”.
Our testing labs put Symantec's Backup Exec to the test to show, in real terms, the improvement you can expect from Sangfor WAN Optimisation.
For this scenario we backed up 500Mb of common file types - including those with various degrees of inherent compression (jpeg, zip etc) - across a WAN link using Symantec’s Backup Exec, which is used to provide comprehensive disaster recovery and backup services to many businesses across the world.
To simulate this scenario we built a simple testing network, detailed in the diagram below.
Back up and disaster recovery are possibly the most important IT services within a business yet their delivery and provision can be fraught with problems. Rising volumes of data and ever decreasing windows of opportunity to successfully back that data up, especially across bottlenecks such as a WAN link, often require heavy expenditure to reach a solution.
Many companies will deploy additional backup devices to remove the WAN link from the equation entirely or will opt for faster and/or more connections. Both solutions involve heavy one off costs and continued payments in line rental costs, tape supplies and staffing to look after the increased tape libraries.
The impact of Sangfor WAN Optimisation on Backup Exec
However, there is an affordable and elegant solution utilising WAN Optimisation from Sangfor to dramatically reduce the backup times for remote sites. By taking advantage of our traffic compression technologies, you will see an instant improvement in backup times on your first run.
On subsequent passes our acceleration features will learn from the files being exchanged and ensure that any redundant data is not transferred, making bandwidth available for new and changed files leading to even greater backup time reductions on top of those gained from compression.
As you can see from figures 1 and 2, the first pass saw a data flow reduction of almost 40%; subsequent backups increased this optimisation to 85% and can manage higher as the WAN Optimiser learns over time.
In a perfect world, backups would have the whole connection to work with; however, as public and private cloud adoption increases new services are being introduced which compete with each other for valuable bandwidth impacting on efficiency and reliability of the services sharing the connection. To ensure the capacity needs of high priority jobs such as backups are met, there is a configurable Bandwidth Management interface allowing you to specify a minimum amount of bandwidth on a service by service basis. This allows you to calculate a baseline time for your backup windows without worrying about being muscled off the WAN.
Delivering on our promise
The end result is clearly visible and speaks for itself in the Job Rate column - a minimisation of the bottleneck effect from the WAN link to produce a quicker backup in a simple and cost effective solution.
"The level of features provided is extensive and combining Sangfor's innovatve optimisation technologoes with its acceleration policies also makes the appliances highly versatile. There appears to be very little traffic it can't handle as Sangfor includes proxies for all popular applications and is also capable of accelerating site-to-site backups, IP SAN traffic and replication operations using products such as Double-Take."
We were especially pleased to hear this compliment:
"During testing we were impressed with the ease of installation and deployment of the M550 appliances. Sangfor's well designed management interface, wizard based assistance and comprehensive set of default parameters provided on the appliances allows WAN optimisation to begin almost immediately."
So don't just take our word for it, read the full review here.