The Key to Cost-Effective WAN Optimization - White Paper

(1)

(2)

The Challenges of WAN Link Management in the Datacenter

Over the past few years, businesses have come to rely significantly on information technology and networked applications for day-to-day operations as well as for creating competitive edges. This includes applications such as ERP, CRM, e-mail, employee portals and hosted Web sites; remote desktop applications; real-time communication applications such as voice and video over IP (VoIP); etc.

As a result, IT organizations are increasingly focused on the application business-continuity aspects of their responsibilities, which include application service level management, availability management, capacity management, etc.

One of the most important datacenter infrastructure components, which have a large impact on application business-continuity are the datacenter’s wide area network (WAN) links and their connectivity to the Internet/ Intranet.

Effectively managing the datacenter’s WAN connectivity poses a few challenges such as maintaining 24/7 uptime, guaranteeing acceptable application performance, etc.

In the following sections, we will outline and review these challenges.

Link Up-time and Business Continuity

One of the main challenges faced by datacenter managers today in regards to their WAN connectivity is

guaranteeing that the access to their datacenter is up 24/7. Meaning that datacenter managers must be able to detect failures far along the WAN path, and reduce as much as possible WAN connectivity downtime windows. A report by Infonetics1_{estimates that medium-sized businesses suffer around 28 hours of service-provider}

downtime and performance degradation every year, and that these outages cost, on average, almost $200,000 in lost revenue and productivity over the course of a year, representing the single largest source of downtime cost (about 22% of the total).

(4)

Figure 1 - Centralized application delivery increases the risks associated with WAN failure

The Active-backup Links Misconception

The simplest and most effective approach to dealing with WAN and Internet reliability issues is the concept of multi-homing, and many organizations today implement some form of multi-homing. However, many multi-homing implementations still leave organizations at risk of downtime; this is due to a basic premise that states that having a (usually cheaper) idle backup link is a good enough solution. This premise is a misconception since, in the case of downtime of the active link, the time it takes to switch to the back-up link may cause significant business and revenue losses. For example, in the case of BGP4 or manual link switching, it may take three minutes or more to switch traffic between links, during which time there might not be any access to hosted Web sites.

Link Quality and Performance Degradations

WAN link business continuity is not only about guaranteeing that the datacenter access links are up and running, but rather that the links are up and running with acceptable performance overcoming performance bottle necks which might occur randomly.

The main factor causing application performance degradation is the fact that in most datacenters the same WAN connectivity infrastructure is used for both business-critical applications (ERP, CRM, VoIP, etc) and non-business-critical applications (P2P, file downloads, etc). In such scenarios, the non-business-non-business-critical applications often utilize a large amount of bandwidth, causing starvation for the critical applications and degradation in their performance. The second factor effecting application performance, is the WAN it self, which may suffer from network congestions and performance bottle necks.

Datacenter Consolidation and Virtualization

In order to significantly reduce costs, enterprises are moving to deploy less data centers, each consisting of more services, by centralizing the business’s applications, servers, hosting, and management. In addition, data center consolidation also enables organizations to meet regulatory and compliance, to drive globalization and to enable business continuity.

(5)

branch office users, requiring 24/7 availability and good performance both in the branch offices and datacenter. In addition to the aforementioned challenges, the move to centralized applications within the datacenter may require companies to install expensive VPN lines between branch offices and the HQ.

The Lack of Business Oriented Link Management

As we saw above, homing is not a new concept, and many companies implement different types of multi-homing solutions One of the common solution configurations includes connecting the datacenter or branch offices using different types of links from different ISPs. For example a high SLA cable link in conjunction with a low SLA DSL link.

Whatever connectivity solution is implemented, a few questions relating to the flexibility and scalability of the solution may come up:

• How can I redirect similar types of traffic differently depending on the destination of the request? For example HTTP for download vs. HTTP for SAP.

• How can I assure business-critical traffic is routed over the high SLA links?

• How can I seamlessly upgrade my connections and add more links as I grow my business? • How can I redirect traffic between my links according to cost model of the link?

Disregarding the above questions will cause the connectivity solution to be network aware as opposed to

application aware. This means that traffic will be sent via the WAN links not according to its characteristics (type, source, destination, etc) but rather according to the network behavior.

Radware LinkProof Solution - Creating Highly Available, Flexible, and Cost-effective

Multi-WAN Load-balancing Solutions for the Datacenter

LinkProof, Radware’s multi-WAN load balancer provides the necessary functionality to address WAN link load balancing for inbound and outbound traffic, application down-time, latency, and bandwidth constraints, and contribute to a complete, cost-effective, and scalable multi-WAN load balancing solution for application delivery. By routing traffic over multiple ISP links (multi-homing), LinkProof not only enables the creation of a redundant WAN architecture that addresses application up-time concerns, it also directly impacts the performance of applications and improves the speed at which they respond. This improvement is greatly enhanced by techniques such as LinkProof’s Proximity (US patented2_{) detection and advanced health monitoring capabilities.}

WAN scalability and cost-reductions are realized through complete freedom of link choices that

LinkProof allows architects to consider (including broadband), the ease in which pipes and service providers are introduced or removed, and the more effective utilization of existing connectivity resources through load-balancing and bandwidth management techniques.

LinkProof has a broad WAN link load balancing offering which caters to all connectivity solution sizes, from the small wireless hotspot in an airport through the branch or remote office all the way to the large enterprise or hosting web sites provider.

(6)

Figure 2 - High availability through a redundant WAN architecture Business Continuity and Service Availability

By integrating LinkProof, Radware multi-WAN link load balancer, companies can guarantee 24/7 business continuity and service availability even during WAN link failure. This is realized through the following LinkProof capabilities:

1. Active-Active multi-WAN link load balancing - LinkProof provides the capability to simultaneously load

balance multiple active WAN links. By utilizing all links simultaneously, IT managers guarantee on-going service and the utilization of all installed connectivity infrastructures.

2. 24/7 real time availability monitoring of complete WAN paths - using LinkProof’s full-path application-health

monitoring it is possible to monitor the health of not only the datacenter’s access router but also additional networking nodes along the WAN path. Thus guaranteeing that if a problem occurs within the ISP cloud which prevents traffic from reaching the access router, that problem is monitored and the access router connected to that ISP is regarded as down. LinkProof supports a large number of network level and application level checks, such as Ping, HTTP/S, DNS, etc.

3. Zero downtime when switching between failed and active links - Using LinkProof’s fast and transparent

switching between failed and active links which has been validated by Miercom Lab, IT managers can ensure that in case of a link failure, there will not be any downtime periods during link switching.

4. Dynamic WAN link selection based on link performance - Using LinkProof’s proximity-based routing, IT

managers can ensure both incoming and outgoing traffic is always served via the best performing WAN link, thus ensuring that guaranteed SLAs are met for both internal and external users and if a performance bottle neck occurs, users are automatically diverted to the better performing link.

5. Gaining control with bandwidth management - LinkProof’s integrated bandwidth-management (BWM),

Quality of Service (QoS) and traffic-shaping capabilities can even further increase the cost-effectiveness and performance of the WAN by ensuring that resources are allocated in sufficient amounts to critical

(7)

As previously discussed companies today run different types of applications over their WAN links, some are

business critical applications for example CRM, ERP, VOIP, etc, and some are less critical such as Web browsing or file downloads. Traditional multi-WAN link load balancers do not provide the flexibility to differentiate between the different types of applications; this means that the use of WAN bandwidth is not managed and may result in non-critical applications taking up all the bandwidth of a high SLA line while business non-critical applications are left to be served over a low SLA line.

LinkProof provides a comprehensive set of user-defined application-aware redirection policies which allow the IT manager to define over which WAN link each application, type of traffic or even user is served depending on the scenario. For example:

• If a VOIP connection is accessing the WAN, pass it over the high SLA line. While if a web browsing session is accessing the WAN pass, it over the low SLA line.

• If a remote employee is accessing the corporate CRM web portal, serve the employee over the higher bandwidth link. While if a remote employee is accessing the corporate web site, serve the employee over the lower bandwidth link.

Once a decision is made as to which link should be used to serve the user, LinkProof can perform a variety of smart Network Address Translation (SmartNATTM) techniques depending on the network configuration in which LinkProof is installed. These techniques include static NAT, dynamic (hide) NAT, port NAT, etc.

In order to prevent over spending and reduce the Operational Expenses (OPEX) of the WAN connectivity solution, LinkProof provides the capability to redirect traffic between WAN links according to cost model of each link. This capability guarantees that traffic is always passed over the least expensive link at any given moment.

On Demand Throughput, Services, and Link Scalability

Using Radware’s “pay-as-you-grow” approach, It managers can now purchase the platform that meets both current and future WAN connectivity needs. So when bandwidth or throughput capacity needs increase, customers just turn on a software key to add capacity. No more guesswork, no more overspending “just in case”, no forklift upgrade, no reboot required!

In addition, using LinkProof’s “Add-link-as-you-grow” approach it is possible to easily add new Internet/Intranet links of different types (Cable, DSL, frame-relay, VPN, etc) to the existing connectivity solution as the company grows its business and bandwidth needs, with no downtime, ISP involvement or platform replacement. This unique approach means you do not need to replace your existing WAN links, but rather add additional low cost links as you need more bandwidth, thus allowing reducing the Total Cost of Ownership (TCO) of the WAN connectivity solution.

In addition, the ability to seamlessly add new links on demand from any available ISP, facilitates ISP independence and a stronger negotiation position when negotiating link prices.

Integrated VPN termination

(8)

Case Study

Regency Hospital

Based in Alpharetta, Georgia, Regency Hospital provides intensive care to medically complex patients using aggressive clinical therapies, advanced equipment, and an interdisciplinary team approach centered on individual patient needs. The typical patient is critically ill and requires a longer length of stay in an intensive care

environment than traditional short-term hospitals are designed to provide. To properly administer care, Regency’s staff requires an immediate, uninterrupted, and secure VPN.

“By the time Regency opened its tenth hospital, it was clear they needed more bandwidth and redundancy at the corporate data center to ensure uptime for the hospitals – especially with the new online clinical systems that were being planned for deployment. The dual LinkProof solution was the perfect match for these requirements, allowing Regency to utilize two multi-T1 pipes from independent carriers (AT&T and Sprint).”

David Hampson, president of Enroute Networks.

ROI and Cost Savings

General ROI figures

Radware LinkProof provides customers with significant cost savings and the best ROI as follows: 1. Reduce potential cost of WAN-connectivity related business downtime (0.35-1.25% of revenues 3).

2. Save up to 90% on project connectivity costs, by migrating to cheaper WAN links, removing the need to add capacity, and reducing the potential cost of business downtime.

3. Reduce potential cost of productivity losses due to slow response time (0.3-1% of revenues 3).

4. Utilization of all available Internet links guaranteeing no idle lines provides improved performance and QOE. 5. Less ongoing operational OPEX of managing the WAN connectivity solution.

For more information, please refer to the LinkProof ROI paper at

http://www.radware.com/content/document.asp?_v=about&document=8647.

Enterprise Datacenter

The following example discusses a mid-sized enterprise with 500 employees; the company has a single datacenter in their HQ.

The datacenter hosts all of the company’s applications including its customer facing Web portal in which customer can purchase the company’s products and services.

In order to provider Internet link redundancy in case of link failure, the company has purchased two internet lines from two different ISPs:

• A high SLA T3 which operates as the active line – flat rate of $3K per month for 45Mbps4.

• A low SLA DSL which operates as the backup line – flat rate of $500 per month for 6Mbps4.

The total required BW per month for the company’s datacenter is 5Mbps.

When ever a failure or network problem (congestions, flapping, etc) occurs in one of the ISPs, the IT administrator manually switches between the Internet links, an action which causes a prolonged window of downtime until the backup line is operational.

3_{Infonetics research 2006}

(9)

and that is looses an average of $50K each hour due to loss of connectivity to their Web portals.

In order to reduce the company’s downtime to zero and utilize all available bandwidth, the company decided to invest in a pair of LinkProof devices which will perform intelligent traffic redirection of both inbound and outbound traffic, guarantee continues up time of both links and the use of both links simultaneously.

Customer Profile

Project life cycle (years) 3

Downtime & Connectivity Cost/Year $492,000

Cost of down time in HQ / Hour 5 $50,000

Yearly downtime in hours 6 9

Connectivity cost/month $3,500

T3 $3,000

DSL (6MB) $500

Total cost with LinkProof/Year $79,748

Cost of down time in HQ/hour $50,000

Yearly downtime in hours 0

Connectivity cost/month $3,500

T3 $3,000

DSL (6MB) $500

Two (2) LinkProof 208 devices with Certainty Support Level 3 $37,748

Project costs saving/month ($) $35,243 Costs saving for total project (%) 86%

LinkProof ROI/months 2

5_{The price for downtime is an example only and may vary between industries.} 6_{The number of downtime hours is based on 99.9% availability.}

© 2012 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners. Printed in the U.S.A