key tools for maximizing your hybrid cloud investments
TRANSCRIPT
Key Tools for Maximizing your Hybrid Cloud Investments Sponsored by
Key Tools for Maximizing your Hybrid Cloud Investments 2
Key Tools for Maximizing your Hybrid Cloud Investments
There are good reasons to use resources from a mix of private and
public cloud services. Perhaps most important, this “hybrid cloud”
approach frees your organization to use data, application, storage,
compute, and development resources from many different sources.
Be aware, though, that success with your hybrid cloud
deployments hinges on your ability to effectively manage your
WAN’s behavior. That’s because the WAN is the network highway
supporting the back-and-forth communications between your
users and the various cloud services. So it needs to perform with
the response times and reliability that users have grown to expect
from high-speed LANs.
Making sure that happens requires sophisticated performance and
WAN optimization tools. Among other things, these tools help you
counteract the effects of latency introduced by geographical WAN
distances. They also allow you to alleviate network congestion
that might result from sending lots of large files and retransmitting
dropped packets.
Having the ability to see and control the performance and security of your WAN traffic is vital to your cloud success.
Key Tools for Maximizing your Hybrid Cloud Investments 3
Investing in business-grade WAN services, such as Multiprotocol
Label Switching (MPLS) IP-VPNs, is one way to boost
performance. MPLS IP-VPNs usually carry 99.999% (“five nines”)
service-level agreements (SLAs) for network availability. That takes
care of uptime. Keeping traffic flows moving at the speed you
need to make the hybrid cloud a success, however, requires extra
control measures, observed respondents to a 2014 IDG Research
Services poll of IT decision makers.
For example, 61% cited network performance management tools
as their favored method for optimizing WAN performance for their
cloud deployments. More than half (52%) said that they see their
corporate networks as a barrier to achieving cloud benefits, given
that its availability and performance levels can fluctuate.1
So where do you begin in breaking through WAN performance
barriers and deploying the right tools?
1 http://resources.idgenterprise.com/original/AST-0127180_XO_Quick_Poll_714.pdf
Controlling Network Performance
“ “More than half (52%) said that they see their
corporate networks as a barrier to achieving
cloud benefits, given that its availability and
performance levels can fluctuate.
Key Tools for Maximizing your Hybrid Cloud Investments 4
There are five well-understood types of network management that
help you keep your network humming smoothly and securely.
• Performance management: Measuring the network performance
metrics so you can maintain network operations at acceptable
levels. The most common metrics measured are network
availability, throughput, bandwidth utilization, and latency (or
delay). Some tools also measure packet loss and jitter.
• Configuration management: Monitoring network and system
configuration information so you can track and manage the
effects of various versions of hardware and software elements.
• Accounting management: Measuring network utilization
parameters so that individual or group users on the network can
be regulated appropriately.
• Fault management: Detecting, logging, and fixing network problems.
• Security management: Controlling who can access your network
resources according to business policy to avoid network
breaches and confidential data leakage.
First, it helps to know about the many types of tools available. There
are five basic types of tools for monitoring, measuring, controlling,
and troubleshooting various aspects of your network (see box) that
have been around for quite some time. They can be purchased for
deployment at your various sites or as a network-based service
from a cloud or other network service provider. Basic tools help you
maintain visibility into what’s happening on your WAN links. Some
generate alerts and alarms to indicate you should take real-time
action on a situation or network condition. Others generate historical
reports so you can see trends, such as generally when your peak
traffic times are, and size your network accordingly.
Newer types of tools have been developed to give you very tight
control over your WAN’s behavior and traffic patterns, a must as
you come to rely on the WAN for mission-critical capabilities and
cloud access. Among these tools are application performance
management and WAN optimization capabilities. Security
management tools are also maturing. These are also critical, given
that even the best-performing networked applications will be
deemed a failure if they are compromised.
Together, all these tools help ensure optimum yet secure
application experiences across WANs, where distance-induced
latency can otherwise degrade response times and application
usability. Having centralized access to these tools and the
information they contain – say, from a Web portal – is often
important to organizations that are trying to ensure performance
and security across a number of distributed sites.
Let’s take a look at each of the tool types.
Five Basic Types of Network Management
Key Tools for Maximizing your Hybrid Cloud Investments 5
Packet prioritization. Application
performance management can
be thought of as traffic shaping or
traffic management. Quality-of-
service (QoS) and class-of-service
(CoS) capabilities are subsets of
traffic management that allow
you to prioritize and control the
resources each application packet
gets as it traverses the WAN
according to your own business
policies. For example, you’ll likely
use QoS/CoS settings to ensure
that real-time voice-over-IP (VoIP)
traffic always goes to the head of
the packet queue. VoIP usually
gets top priority to ensure minimal
packet loss and delay, which can
impede the quality of a phone call.
Traffic classification and deep
packet inspection. Application
performance management
requires that you are able to
discern which application each
packet belongs to, so you can
classify each app and give
it the appropriate policy for
prioritization and resources.
Tools with deep packet
inspection (DPI) capabilities allow
you to see into the IP packet
header to identify the packet
type, then classify it for the
appropriate priority treatment
according to your policies.
Application Performance Management
Rate limiting. Another traffic
management tool, called rate
limiting, allows you to apportion
maximum amounts of bandwidth
for specific types of traffic. You
can do this either by percentage
of total bandwidth on the link or by
actual bandwidth (bits per second).
For example, you might dedicate
a significant portion of bandwidth
to serve your most mission-critical
apps. And you might set a fairly low
cap on the capacity you ever make
available to your lowest-priority
traffic, such as that generated by
consumer applications like Yahoo!
or Facebook. You can change the
policies based on time of day, too,
to ensure that lower-priority apps
don’t edge out more important ones
during the busiest times of the day.
HTTP apps. However,
it’s important to note that,
increasingly, more and more
applications have been developed
for the Web. As such, are viewed
by traditional DPI systems as
simply “HTTP” apps, because
they have HTTP port 80
associated with them. So port-
based application classification
alone is no longer sufficient; there
could be any number of sub-
application types within the HTTP
header. So your app performance
management tool needs to be
able to recognize and classify
each app based on its known
characteristics within HTTP.
Key Tools for Maximizing your Hybrid Cloud Investments 6
The goal is two-fold:
1. to keep congestion off your WAN to boost throughput for great
user app experiences, and
2. to allow you to defer investments in additional bandwidth by
optimizing the use of the bandwidth you already have.
WAN optimization tools can be purchased in a variety of form
factors, including managed network services, special network
appliances, and integrated directly into WAN routers.
The technologies used with WAN optimization tools to reduce
WAN traffic loads include the following:
• Data compression to shrink the footprint of the data set being
transmitted
• Elimination of redundant data that’s transmitted repeatedly to
compress the transmission footprint further
• Acceleration of the Transmission Control Protocol (TCP) –
the transport-layer protocol used in Internet transmissions –
without you having to modify your applications
• Caching of repeatedly accessed data in a place nearer to users
so that app requests don’t have continually have to make
round trips across the WAN
• Bandwidth on demand, a capability usually sold as a network
service or feature of a network service. It allows you to “burst” your
network throughput to higher speeds during peak traffic periods to
avoid congestion and also to avoid having to spend extra money
each month for capacity that sits idle much of the time.
WAN OptimizationThese tools streamline the traffic you send across the WAN.
Key Tools for Maximizing your Hybrid Cloud Investments 7
There are security measures incumbent on your cloud provider,
your WAN provider, and your own organization to protect against
data breaches and malware. As you are setting up your hybrid
cloud, investigate whether your intended cloud provider(s) has
taken the proper security measures to protect information. If your
service is an MPLS IP-VPN, you have certain security measures
built in, such as partitioning from other traffic.
Encryption. If you are using an Internet connection all the way to
the cloud, you’ll likely want to encrypt your traffic using IP Security
(IPsec), an industry standard. Encryption does increase network
your overhead. If you are using an MPLS IP-VPN service, think
twice about encrypting; if you decide to do so, check with your
network service provider about its impact on your performance
SLAs. If using the Internet, consider WAN routers with hardware-
based encryption acceleration to speed things up.
Authentication and access control. MPLS IP-VPN services will
have authentication capabilities built in to control who has access
to your resources. When building a network on top of the Internet,
though, anyone could pretend to be part of the network. You can
use the Internet Key Exchange (IKE or IKEv2) protocol within IPsec
to counteract this. Your WAN router authenticates itself to your
headend network (in your data center or cloud service) in one of two
ways: using a preshared key (PSK), such as a password, or a public
key infrastructure (PKI), which makes use of digital certificates.
Firewalling and intrusion detection/prevention. Another best
practice is to use a firewall, configured with your rules and policies
as to what traffic will be allowed on your WAN. Firewall products
and services usually integrate unified threat management (UTM)
services, which scan for known malware. They filter or quarantine any
suspicious packets from your production network to ensure that your
organization is protected from denial-of-service (DoS) attacks.
Security Management
Key Tools for Maximizing your Hybrid Cloud Investments 8
You’ll likely use a hybrid of private and public cloud services at
some point for the agility and breadth of resources they offer your
organization. In addition to investigating any cloud availability and
performance guarantees your provider might offer, be sure to
consider how your WAN will perform. You’ll come to rely heavily on
WAN links for supporting your access to and from the cloud, so it
needs to be available and congestion-free.
Part of the equation in getting user application experiences to
excel when using the WAN to access cloud resources is the speed
and caliber of the WAN services you purchase. You can also do
a strong job of controlling your WAN traffic yourself by deploying
tools – either on your premises or in the network as a hosted
service – that shape and reduce traffic loads. Monitoring, alerts,
and alarms will keep you in the know about what’s happening on
the network and whether your immediate attention is required. The
measure of automation that newer performance management and
WAN optimization tools offer is particularly valuable for scaling
your network management capabilities as your WAN extends
beyond your corporate sites into any number of cloud services.
We also recommend that you visit XO’s Network Enabled Cloud
page to learn about the elements that comprise an intelligent
network.
Summary
This ebook is sponsored by XO Communications.
About XO Communications:
XO Communications is a leading nationwide provider of
advanced IP communications, intelligent networking, and cloud
computing services for business, large enterprise and wholesale
customers. These customers include more than half of the
Fortune 500, in addition to leading cable, mobile wireless and
domestic and international telecommunications companies.
XO offers a superior customer experience through its innovative
solutions, its employees’ focus on customers and the proven
performance of its advanced network. To learn more about
XO Communications, visit www.xo.com or blog.xo.com.
For XO updates, follow us on:
Twitter | Facebook | Linkedin | SlideShare | YouTube