Branch Office Infrastructure

Download Report

Transcript Branch Office Infrastructure

Branch Office Infrastructure
Simon Pamplin
Brocade Communications
Growth of Branch office over the years
 Branch offices have provided basic desktop services of file, print &
email over the years
– More than 90% of employees work away from their headquarters facilities.
– ~4 million remote offices worldwide
– On average, expected to grow by 6.5% this year
 Deploying newer business processes does not scale with a distributed
environment
 Over 75% of the corporation’s data lives outside of the datacentre
– No single instance of data for control / management
 Ineffective remote branch office backup means corporate data is at
risk, does not aid compliance such a Sarbannes-Oxley or Basel II
Source: Nemertes survey,ESG,Yankee Group
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
2
As a result this is what branch offices look like today ?
Backup?
Data
Centre
LAN
Less reliable, at-risk
storage and data in the
remotes
File Server
Exchange server
DHCP/DNS Server
SMS Server
Print Server
SAN
‘Part-time’ IT?
Wide Area
Network
Firewall
Business Result:
Management challenge with part time IT staff”
Painfully slow or no access to data centre files
Data protection is expensive & unreliable
Inability to have “single instance of data”
Wasted, duplicate $ for storage, servers, software
Multiple servers for branch office services
Data at risk!!
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
3
WAN
Backup?
File Server
DHCP /DNS Server
Exchange server
SMS Server
Print Server
‘Part-time’ IT?
Desire to centralise
Over 75% of Fortune 500 CIOs surveyed listed consolidation as a top
project (Forrester Research)
 Why ?
– To remove IT from branch offices where there is now little or no skilled
IT staff
– Reduce Capex & Opex costs associated with distributed IT
– Reduce risk to corporate data sitting at the remote locations
 Results
– no servers, apps licences at branch office - Lower Capex –
– less IT admin staff, no remote backups - Lower Opex –
– Improved data control – single instance of data to backup & permit real
time collaboration of information
– Best practices
– More applications moved to a web browser front end (CRM / ERP)
Seems too good to be true !
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
4
Problems with centralising Branch IT
Performance
 Centralsing servers means that access to these branch services is
now via the WAN
 LAN protocols were not designed to be extended over the WAN &
together with inherent WAN latencies make many applications
unusable
Distance
– Additional bandwidth does not address theProblem
problem as it is the
• Solutions
tochatty
these protocols
issues
latency &
•Application accelerators – improves interactive traffic response time
 End user experience is significantly affected & productivity
•WAN optimisers – optimises bandwidth & reduces some “chattiness”
decreases
of the LAN protocols
• However there are “hidden” critical services that must still be run on
local servers to ensure branch remains operational
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
5
So can Branch Office be serverless ?
 What “services” do you have at a Branch Office ?
– Name resolution
Authenication
Application
E-mail
Print
File
DHCP
Backup
DNS
– Authentication , logon
– IP addresses allocation
 Consolidating all servers mean these “hidden” critical services such
as DNS/DHCP are centralised
 What happens if the WAN has an outage ?
– Users unable to authenicate, access outside services such as credit card
authorisation
 Do you still want to manage these critical services servers & another
device at the branch office to access the centralised data ?
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
6
Branch Office Appliance
Tapestry WAFS
 Single appliance that provides file, print &
email services with
– Unmatched local user performance
– Data integrity even in event of WAN
disruption / outage
– Enterprise scalability
– Native integration into Microsoft environment
& security schemes
 Consolidation of “hidden” critical services
– Networking services for local authentication
– Allows office to continue to operate if WAN
disrupted
 Allows consolidation of storage & servers
whilst still maintaining local user
experience
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
7
E-mail Services
Management Services
Web Caching Services
DC/DNS/DHCP Services
Print Services
Wide Area File Services
Windows Storage Server 2003
How does Tapestry WAFs solve the
remote branch office problems ?
Think About It
Deploying File Servers Logically
If you had 400 employees in a 10story building, would you put a
file server on EACH FLOOR?
• 10 things to manage…
• 10 things to back up…
• 10 things to maintain…
…OR, would you put an
enterprise-class file server in a
single location for ALL users?
• Single point of management,
backup, and maintenance
• Higher utilisation
• Better compliance
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
9
Why Don’t Users Extend that Logic?
Backup?
Data
Centre
LAN
Less reliable, at-risk
storage and data in the
remotes
File Server
Exchange server
DHCP Server
DC Server
Print Server
SAN
‘Part-time’ IT?
Wide Area
Network
Firewall
Business Result:
Management challenge with part time IT staff”
Painfully slow or no access to data centre files
Data protection is expensive & unreliable
Inability to have “single instance of data”
Wasted, duplicate $ for storage, servers, software
Data at risk!!
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
10
WAN
Backup?
File Server
DHCP Server
Exchange server
SMS Server
Print Server
‘Part-time’ IT?
Because the WAN is a Barrier
WANs Aren’t Made for File Serving…
WAN:
LAN
1 to 2 ms, stable
60 to 1,000 ms, unstable
…and existing workarounds treat the symptoms, not the cause…
Performance
Bandwidth
Storage
Replication
Distance
Root Cause
Current
Treatment
• Rising TCO
• Increased maintenance/
central IT support
• Storage/server
proliferation
• Edge data risk
• Inhibited collaboration
More Pain!!!
…so what could you do with your business if the WAN weren’t a factor?
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
11
Creating an Ideal Extended Enterprise
Backup?
Data
Centre
LAN
SAN
‘Part-time’ IT?
Wide Area
Network
Firewall
Firewall
WAN
Enterprise-class, well
managed storage in
the data center
Backup?
Results
A streamlined, consolidated branch office IT
environment…without sacrificing
performance, access, or security
Fast, global file sharing|
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
12
‘Part-time’ IT?
The Breakthrough Solution
Brocade Tapestry WAFS Systems Architecture
Branch Office
1. Drop in appliance
3. Results
• Real-time global collaboration
• Lower costs…higher productivity
• Total edge data protection and
100 percent coherency/consistency
• End-to-end security
• Remote IT peace of mind
• “Edge” appliances at branches
• “Core” system at headquarters
• Innovative “write-back” caching to
ensure “local-like” performance to
remote users
IP
Remote
Office
IT
IP
Wide Area
Network
IP
2. WAN-optimised IP + Distributed Filesystem
Backup
Optimizes data movement over the WAN between appliances:
• Extends applications to remote offices
• Slashes latency by removing the “chattiness” of file and application protocols
• Optimizes bandwidth via dictionary compression & differencing
• Minimizes WAN traffic on updates/saves
• Ensures secure, reliable transmission across WANs
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
13
Brocade Tapestry WAFS Solution
 Core Technologies:
 Asynchronous write-back file caching
 Distributed locking
 Persistent logging
 File-aware differencing
 Streaming with nonlinear I/O support
 Centralised management
 Seamless network integration
 Enterprise-class reliability
Robust Appliance Design
Broadest Deployment Options
 Simplified appliance deployment
 CIFS, NFS, or mixed file support
 Persistent RAID-backed cache
 Windows- or Linux-based
 100 GB to 300 GB cache to hold
the working set (most frequently
used)
 Scales to 100+ remote offices,
500 users per remote appliance
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
14
Value Proposition/ROI
Based on REAL numbers with a Swiss customer
Time to open a 5 MB Word file
Standard Network
76 seconds
WAFS appliane
Cold Cache
9 seconds
WAFS appliance
Warm Cache
3 seconds
WAN-Link:
Lausanne – Bern
Latency RTT 40 – 60 ms
Time to write a 5 MB Word file
180 seconds
Standard Network
WAFS appliance
10 seconds
Time to open a 7 MB Powerpoint file
210 seconds
Standard Network
WAFS appliance
Cold Cache
67 seconds
WAFS appliance
Warm Cache
2 seconds
Time to write a 7 MB Powerpoint file
170 seconds
Standard Network
WAFS appliance
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
7 seconds
Note: The performance results noted above were achieved under specific circumstances.
15cannot be certain that other customers will achieve the same level of performance.
Brocade
WAFS Deployment Topology
Hub and Spoke Configuration
Brocade WAFS Core and Edge Appliance
NAS Frame
File Server
WAFS
WAFS
Core Appliance
Edge Appliance
WAN
WAN
Datacenter
Firewall
Firewall
 NAS storage centralized in one
or more “Core” sites, with no
clients
 Clients distributed across several
remote “Edge” sites, with no NAS
storage
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
16
Remote Office
WAFS
Edge Appliance
Firewall
Remote Office
WAFS Deployment Topology
“Symmetric” configuration
“Core”
“Core”
NAS Frame
File Server
CIFS/
NFS
Core
SC/IP
SC/IP
Appliance
Peer Site
CIFS/
NFS
Appliance
WAN
WAN
Firewall
Core
Firewall
Peer Site
 Two or more sites that are “peers”
 Each site has combination of local storage and local
clients
 All sites can access all storage in all sites
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
17
Customer Testimonials
“As a result of centralizing file serving and storage
resources,during the first few months alone we estimate a savings
in maintenance and administrative overhead as well as a cost
benefit from increased productivity of our remote staff,”
Karin Borchert, Chief Operations Officer,Factiva
“I can safely say that with the huge productivity benefits we’ve
gained from the technology, we’ve easily realized a return on our
investment in just over three months. We’re saving potentially
thousands of dollars per day in increased user productivity.”
-Josh
Lamont, IT Director ,Novum Pharmaceutical Research Services
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
18
A Clear Return on Investment
Hard Cost Savings:
Best Practices:
 Storage, Server Consolidation
 Lower WAN Costs
 No Backup Software Licenses


Protected/compliant Data
Centralized IT control of data
“We bought WAFS appliances for 11 regional
offices plus two for our data centre at a total cost
of about €150,000, and we are saving about
€300,000 per year in storage, systems admin
and staff costs. Has it paid for itself in the first
year? Absolutely.”
-Michael Langborg,
-CFO, Brenntag Nordic
Lower TCO:
Improved Productivity:






Centrally Managed Solution
Instant Enterprise Backup
 Massively Scaleable


Greatly reduced downtime
Eliminate redundant IT processes
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
19
Enterprise-wide file sharing
Complete Tasks Faster
No Backup Windows
Leverages existing infrastructure
What are the customer pain points that Tapestry addresses?
Storage consolidation:
• Centralize file storage to data center
• Increase utilization
• Optimize management
 Server consolidation:
• Stackable Services for
branch offices
• File and e-mail services
• Print, DC/DNS/DHCP,
Web caching
Backup Consolidation:
WAFS
• Eliminate remote office backup
• Simplify regulatory compliance
Real-time user collaboration:
• 100% guaranteed coherency and consistency
• Access storage in real time
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
20
The workaround problem
 Somehow, without the benefits of Brocade market-leading Wide Area File
Services technologies, the other 95% of the Fortune 500 manage to run
their businesses all around the world.
 Quite often, we are competing with “the way business is done today” -perhaps also against a WAFS or WAN Optimisation competitor, perhaps
not.
 The challenge in these situations is to raise the urgency level associated
with the problems in an existing environment, and make people aware
that a better solution has arrived.
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
21
WAFS Workaround: Thin Client
Thin client solutions (Citrix, Wyse) represent a very different way to
architect remote IT: centralize everything, applications, processing,
and storage while accessing the UI over the WAN
Key Problems
 Overly centralized design impacts
scalability
 Does not leverage massive amounts of
processing power on remote office
desktops – you have to buy CPUs twice
 Ideally suited for “dumb terminal” apps less useful for graphics, CAD, engineering
applications
 Can be very SLOW on high-latency links
 The richer the user interface of the
application, the worse the performance
 Solution can be expensive – can be more
expensive than Tacit for larger offices –
Citrix is priced per concurrent user
 Customer Questions:
–
What happens to your business if the WAN is unreliable or high latency – can Citrix handle packet loss or WAN
disruptions?
–
Do you have knowledge workers in remote offices? Do they run any GUI-rich applications like MS Office, CAD, Adobe
Photoshop, etc?
–
How well does your current solution scale? Can you see why Brocade’s distributed solution will scale better than Citrix’s
centralized one?
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
22
Competitive Update
Approaches to WAFS
 Protocol Snooping
 Proxy-enabled Edge Caching
– Proxy devices that extend NAS
semantics
• “Termination Architecture”
• LAN-resident at each side
• WAN-optimised protocols between
– Compression appliances that
attempt to squeeze bandwidth
• Looks into packets to apply
optimisations to certain protocols
Deals at the bit/segment level
•
– All traffic must go through
appliance
– Riverbed, Juniper, Expand
devices
– File caching at remote end
– Only file traffic goes through
appliance
– Tapestry WAFS, CISCO
LAN
Central Location
WAN
LAN
LAN
Remote Location
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
24
Central Location
WAN
LAN
Remote Location
Key Areas of Differentiation
Complexity – Compliance – Cost
Performance
Data Integrity
Scalability
 Architecture
provides
unmatched
performance
versus all
competition on
both reads and
writes
 From 40% to
four times
faster
• Unique “fileaware” design
ensures integrity
and consistency,
even in the face
of WAN
disruption
 Distributed lock
mechanism
 Asynchronous
write-back,
synchronous
logging
• Field-proven,
third-party
certified
scalability to
hundreds of
remotes, and
>500 users per
remote appliance
 More users per
site (500+ vs.
150), more sites
(100+ vs. 40)
 User
experience
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
25
Enterprise
Integration
• Complete
Microsoft
compatibility
and integration
with client and
server
environments
 Native
integration with
Microsoft DFS,
ADS, Security
 Future-proofed
Why Are We Faster?
It’s all about the cache!
Brocade
Logged and safe!
Data Write
ACK – Done!
User Productive
Again Immediately!
Data Write
Data Write
ACK – Done!
ACK – Done!
WAN
Competition
Data Write
ACK – Done!
User Finally
Productive
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
Data Write
Data Write
ACK – Done!
ACK – Done!
26
Why Are We Faster?
It’s all about the cache AND Persistent Logging!
Brocade
Logged and safe!
Data Write
ACK – Done!
User Productive
Again Immediately!
Data Write
Data Write
ACK – Done!
ACK – Done!
WAN
Competition
Data Write
Process must restart from beginning!
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
Data Write
Link
Breaks!
27
Data Write
ACK – Done!
Cisco
 Performance -Customer tests vs. Cisco prove the Tapestry WAFS
Advantage
– “…you’re 30% - 40% faster on reads, and exponentially faster on
writes…” – Fortune 500 company,
– End user experience
• Data Integrity
– Cisco architecture vulnerable to common WAN disruptions
– Data at risk
 Scalability is a liability
– Tapestry WAFS Core supports 150 remotes vs. 50 remotes
– Tapestry WAFS Edge supports 500 users vs. 100 users
– Seamless growth for customer with Tapestry WAFS
 Enterprise Integration
– Does not support critical branch office services – still need servers in
branch
– Does support key Microsoft architectures such as HiSec security
– Offers 3 different products to try to address shortfalls
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
28
Riverbed
 Performance
– faster on reads, writes, metadata access
– End user experience
 Data Integrity
– Data is at risk due to WAN outages
– Data Integrity and File Coherency / Consistency
– Only aware of data bits not file aware
 Scalability
– Brocade handles more remotes than RB with a comparable datacenter appliance
– Data Capacity at Riverbed Core MUST be equal to total storage at the remotes
– Upto an additional 1.5TB of storage at datacentre – is this consolidation
• Enterprise Integration
– Again does not provide critical branch office services
– No support of MS architecture or their Security feature
– Microsoft is already pushing SMB2 (proprietary CIFS) in Vista/Longhorn
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
29
Competition needs MS Security Disabled
Windows File Sharing Performance and SMB Signing
The Common Internet File System (CIFS) protocol, used by Windows
operating systems for file and print sharing, is based on the Server Message
Block (SMB) protocol. To prevent man-in-the-middle assaults that might modify
transmissions, the SMB protocol supports signing all transmitted SMB
packets. By default, Domain Controllers that also have signing enabled.
Signing prevents the Steelhead appliance from applying full optimization on
CIFS connections and significantly reduces the performance gain of a
Steelhead deployment. …SMB signing adds little additional security,
Disabling SMB Signing
To disable SMB signing you must revise the default SMB registry parameters
using regedit. SMB signing is controlled by the following registry parameters:
enablesecuritysignature (SSEn)
requiresecuritysignature (SSReq)
This also applies to CISCO
Source Riverbed Steelhead Installation Manual
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
30
Competition needs MS Security Disabled
So what ?
• Microsoft now turn on this HiSec security features by default as part of their
infrastructure to address the security hole that “hackers” are attacking
• These HiSec security features are being integrated more & more into Microsoft
products – Office 11 has this feature turned on as will other MS solutions
• Freeware utilities like Smbrelay collect password hashes and crack them
They say..“The only effective way to block SMB hijacking is to use SMB signing.”
• Would you want to be the person with his head on the block because a new
exploit was found that took advantage of unsigned SMB and you had taken the
decision to turn it off ?
• Competitors weakest link is it has no security support in the areas of SMB packet
signing, Kerberos authentication or any of the future MSFT security enhancements.
If there are any data corruptions or data losses MSFT will only give best effort
support and not take any ownership of the problem.
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
31
Sales engagement
Potential Professional Services
 Storage Assessment
– Enterprise assessment/recommendation - consolidation
– Security recommendation
– Network/bandwidth recommendation
 Architecture design
– Data File Migration Design and Mapping
 Deployment
– Appliance installation, configuration, user training
 Data Migration
– Movement of data from branch office to datacentre
 Storage Hosting Services
– File storage hosting
– Backup/recovery services
– Compliance administration/audit
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
33
Your
Expertise
Customer examples guidelines
 Customer has a single Core appliance and 3 Edge units each with
20 users with Exchange & Print Services
– MSRP ~ $ 58K, 3 years standard maint. $ 11K
 Customer has a single Core appliance and 6 Edge units each with
50 users with Exchange, Domain Controller & Print Service
– MSRP ~ $ 128K, 3 years High Availability maint. $ 26K
 In both cases your Professional Services & additional storage /
backup capabilities will be required by the customer
© 2005 Brocade Communications Systems, Inc. All Rights Reserved.
34
Thank You