Effective WAN Clustering Relies on High Quality VPNs

Effective WAN Clustering Relies on High-Quality VPNs

Remote Access

Secure Business Connectivity

2

Why WAN Clustering ? 04

More about WAN Clustering 07

Role of WAN Clustering in Disaster Recovery/Business Continuity 10

Role in Load Balancing 13

Maximizing WAN Clustering Potential through Well-Managed VPNs 15

Creating the Optimal WAN Clustering for Your Needs 18

Selecting the Best VPN Technology for Your Network 22

Conclusion 27

Interested? 28

Picture Sources 29


3

WAN clustering, also called geoclustering

or remote clustering, is a network

architecture through which multiple

servers and other computing resources

housed in different geographical locations

form what appears to the user to be a

single, highly-available network.

WAN clustering has become a business-

critical capability for many businesses

as these businesses have become more

“distributed.” For example, an organiza-

tion might have its product design and

development teams in the U.S., enginee-

ring and manufacturing in Taiwan, custo-

mer service in India, and sales offices in

several continents.


4

Why WAN Clustering ?


5

It is essential in today’s business

environment for an organization to run

its operations uninterrupted. Customers,

partners, vendors, shareholders and

others demand this. In some industries,

the ability to operate uninterrupted can be

a competitive advantage.

If the mail server fails to deliver critical

emails, if order management software

fails to inform vendors of needed

materials, if customers fail to receive

high-quality customer service, the results

can be catastrophic for the organization.

Indeed, these failures can have regulatory

implications. In the financial services

industry, for example, if a bank fails to

provide specific documentation to

customers within certain deadlines, they

can earn stiff penalties from an alphabet

soup of regulatory bodies. This is

especially true since the recent recession

and increased oversight of banks.


6Figure: VPN technology is a critical component of an organization’s WAN clustering strategy.

The goal of WAN clustering includes maxi-

mizing employee productivity by ensuring

information assets are available anytime,

anywhere. It is a principal architecture IT

teams employ as part of disaster recove-

ry/business continuity programs and load

balancing. WAN clustering can be used

for just about any computing resource,

including mainframes, file servers, PCs,

and software application stacks.

Two core technologies that have enabled

the rapid growth of WAN clustering are

very rapid wide area network connectivity,

and the ability to create and manage

a clustered network through a single,

virtualized master identity.

Another core capability that is critical to

the rapid and secure operation of a WAN-

clustered network architecture is VPN

technology. VPNs ensure information is

secure traveling between servers as well

as to and from servers and end users’

devices, be they PCs, laptops, tablets or

smart devices.


7

More about WAN Clustering


8

Advocates of clustering suggest that the

approach can help an enterprise achieve

99.999 percent (so called 5 9’s) availa-

bility in some cases. A common use of

WAN clustering is to load balance traffic

on high-traffic networks, especially net-

works where users upload and download

large files, such as complex drawings and

video. Formerly, “cold-standby“ solutions

had been the rule: a replacement server

was only used if the running system failed.

This is less efficient and unnecessarily ties

up resources. Today, it is common that

several, connected servers are operated

in parallel – the load is equally distribut-

ed amongst the servers with the help of

load balancing. One distinguishes here

between active/active and active/passi-

ve concepts depending on the task- and

role allocation within the server cluster.


9

When using a modern active/active

clustering concept any number of servers

is merged to a “cluster.” The servers

are syndetic and every active session is

known by every server. This is why the

session can be overtaken by any other

server in case of an interruption. Some

solutions even allow for an equal authority

of all cluster nodes instead of applying

the standard master-slave concept with

one server having the command of all

other servers.

WAN clustering can also provide a

relatively low-cost form of parallel

processing (rapid processing of program

instructions by dividing them among

multiple processors) for scientific and

other applications.

With load balancing, all sessions can

be optimally distributed amongst all

servers, too – for a perfect performance

and an efficient use of resources. This is

particularly interesting since – in times of

tablets, smart devices and BYOD – the

number of server requests is expected to

increase rapidly.


10

Role of WAN Clustering in Disaster Recovery/ Business Continuity


11

In a disaster recovery/business continuity

situation, the functions of a particular ser-

ver or entire network location are taken

over by any server(s) at a different location

when one server or network location be-

comes unavailable for any reason, such

as scheduled down time, hardware or

software failure, or a cyber attack. The

process involves automatically offloading

tasks to another server location so that

the procedure is as seamless as possib-

le to the end user. The recovery process

can apply to any aspect of a system; it

might protect against a failed processor,

network connection, storage device, or

Web server. It might protect against lo-

cally bordered natural disaster effects like

flooding or blackouts, too.


12

Originally, stored data was connected

to servers in very basic configurations:

either point-to-point or cross-coupled.

In such an environment, the failure (or

even maintenance) of a single server

frequently made data access impossible

for a large number of users until the

server was back online. More recent

developments, such as the storage area

networks and cloud computing, make

any-to-any connectivity possible among

servers, data storage and other systems.

Typically, these networks utilize many

paths between the server and the

system. Each consists of complete sets

of all the components involved. A failed

path can result from the failure of any

individual component of a path. IT teams

employ multiple connection paths, each

with redundant components to avoid

single points of failure, to help ensure that

the connection is still viable even if one

(or more) paths fail.


13

Role in Load Balancing


14

Load balancing is the division of a

computer’s or server’s or network’s

workload between two or more

computers/servers so that more

work gets done in the same amount

of time and, in general, all users get

served faster. Load balancing can be

implemented with hardware, software, or

a combination of both. Load balancing is

often the main reason IT teams opt for a

clustering architecture.

Companies whose websites receive large

volumes of traffic also frequently select

clustering architecture. For load balancing

Web traffic, there are several approaches.

For Web serving, one approach is to

route each request to a different server

host address in a domain name system

(DNS) table, round-robin fashion. Usually,

if two servers are used to balance a

work load, a third server is needed to

determine which server to which to

assign the work. In some approaches,

the servers are distributed over different

geographic locations.

VPN technology is also critical to an

effective load balancing strategy. Rapid,

safe and secure transfer of critical

business data among servers to optimize

the user experience.


15

Maximizing WAN Clustering Potential through

Well-Managed VPNs


16

No matter the objective, a well-managed

VPN is essential to successful WAN clus-

tering. When designing VPNs into a clus-

tered architecture, IT teams must strike

a balance between accessibility, speed

and cost. There are several strategies IT

teams should employ to achieve the op-

timal performance from VPN technology.

While IT managers can typically estimate

how many users the VPN will handle on a

day-to-day basis, they often have troub-

le accounting for the rapid bursts of VPN

usage that occur for a variety of reasons.

IT teams must size VPN capacity to hand-

le worst-case scenarios, but this can be-

come very expensive, especially if most of

the time there is limited VPN usage. Prio-

ritizing the information needs of particular

key people or types or data is a proven

approach to achieving the balance bet-

ween cost-effective VPN infrastructures

and meeting the needs of peak periods.

IT teams should also watch VPN per-

formance continuously to gauge usa-

ge and to analyze for trends. If em-

ployees “discover” the benefits of a

well-managed VPN, they may begin to

use it more, resulting in additional data


17

flows that can impede performance.

Concurrently, if the company is growing

and expanding the number of employees

and servers, IT teams have to make sure

that existing hardware can cape with the

traffic and that there are enough VPN li-

censes for every user available.

Employees should also receive training

in the types of data best suited to travel

through VPNs. Uploading or downloading

rich media applications or streaming vi-

deo can tie up significant VPN resources.

Being even somewhat selective with what

data travels over the network can provide

important performance benefits. Some

IT teams divert non-sensitive data off the

VPN, ensuring sensitive data can reach

its destination, a process called split tun-

neling. However, due to security reasons

one should stick to anti-split tunneling be-

cause otherwise malware has a potential

way into the company´s network.


18

Creating the Optimal WAN Clustering for Your Needs


19

When creating a WAN clustering

architecture, it’s critical to consider the

organization’s short- and long-term

goals. IT teams must strike the right

balance between being cost effective and

ensuring the architecture remains optimal

as demands grow. Among the factors

they must consider include:

• What data types will travel over

the WAN – voice, video, synchro-

nous and asynchronous data, etc.

• Existing and planned applications

• Local and remote access

requirements

• Existing equipment, both

employee’s desktops, laptops

and personal devices, as well

as network equipment such as

routers and switches

• Required connectivity outside the

organization, such as to

key suppliers


20

• Understanding network activity,

meaning what activity it is me-

ant to support, such as email,

voice, video, remote access, etc.

• Consider company headcount

growth and accommodate for the

extra requirements of these

employees

• Similarly, determine the number

and type of devices the network

will support, both today and into

the future

Assuming the company already has a

WAN and the IT team is planning for its

upgrade and/or expansion, they should

begin by studying the current traffic bet-

ween servers as well as traffic between

servers and end users. This should also

include a discovery phase where the

team identifies all the components on

the network. IT teams should continue

by conducting a performance analysis to

better understand how well the network

functions in terms of throughput, band-

width, latency and related key factors.

As the IT team begins to add compo-

nents to the network, they should monitor

network capacity, including:

• Study bandwidth usage and

determine where any

bottlenecks occur

• Consider the need for

redundancy and how this will

impact capacity

• Test network capacity regularly

using traffic generators to identify

and address latency, packet loss

and any other issues


21

When selecting VPN technology as part of

a WAN clustering architecture, it is impor-

tant to know how end users will access

data. For example, if they will access in-

formation through a smartphone or other

mobile device, IT teams should select a

VPN solution that enables people to look

at content without downloading it to their

device. If employees work on PCs as well

as Macs, the VPN technology should be

able to work with both operating systems

as well.


22

Selecting the Best VPN Technology for

Your Network


23

As with any technology, IT teams must

determine what objectives they are trying

to reach before selecting which VPN

technology to implement. One ongoing

area of discussion is on the merits of SSL

VPNs or IPsec VPNs.

There are reams of articles on the benefits

and weaknesses of each protocol.

Briefly, an IPSec VPN creates a secure

connection through a client application on

the remote device and a VPN terminator

on the company’s network. IPsec VPN

solutions are very widely used and for

many years were the standard remote

access solution. They are especially well-

suited for fixed connections, for example,

from the enterprise network to branch

offices or suppliers. They allow complete

network access and are considered to be

secure and reliable.

When using IPsec VPN technology in a

large scale environment, this technology

exhibits a major drawback: an IPsec

VPN client has to be installed on every

end device. To do this, installation and

administrator rights are needed.


24

An SSL VPN allows full network

connectivity, as does an IPsec VPN,

but can be deployed more easily to

remote users since neither installation

nor administrator rights on the client are

needed. This makes SSL-VPN solutions

attractive for enterprises.

Secure Socket Layer (SSL) VPNs have

gained in popularity because they are

“clientless,” meaning the remote device

doesn’t need to have a client pre-installed

to connect to the corporate network. In

many situations, an SSL VPN tunnel is

created when a remote user opens a Web

browser and connects to a pre-defined

URL. The VPN then prompts the user

for a user name and password. Once

authenticated, the user is often taken to

a company individual Web page including

several options for network access or

company applications.


25

IT teams can partly address this issue by

researching the quality of bandwidth at

corporate offices and demanding SLAs

with minimum throughput guarantees

within an acceptable range.

Another variable in VPN performance

is completely out of the hands of IT

teams – quality of the local Internet

connection. If an employee is working at

home, at an Internet café or some other

remote location and teens nearby are

downloading the latest movie or playing

interactive video games, performance

may suffer. This is often true in hotels as

well, even expensive ones where guests

pay for broadband. And, it can be true

in corporate offices where carriers have

failed to upgrade pipes adequately.


26

Teams should also study the types of

traffic that will travel over the VPN when

selecting the best technology for their

organization. If the VPN will carry voice

traffic, teams must be aware that voice is

highly sensitive to any latency, while video

downloads are less latency sensitive

but typically require more bandwidth.

A well-conceived VPN strategy can help

IT teams address these issues. Some

organizations prioritize traffic based on

port. Voice and business critical traffic

might be prioritized over routine file

transfers, for example.


27

ConclusionCalculating the ROI of an effective VPN

deployment is extremely difficult because

the benefits are numerous. Employees

gain anytime, anywhere access to critical

information. With an included option for

geographic clustering, IT teams attain

an effective approach to maximize the

performance of the organization’s

network, while concurrently protecting

critical assets from all forms of threats

– weather, earthquakes, cyber attacks,

et al. It is safe to say that as the credit

card ad goes, a well-managed VPN is –

priceless.


28

Interested?

Would you like to check out the numerous

benefits of HOB Software?

Just call us or send us a quick mail!

You are welcome to contact us:

HOB GmbH & Co. KG

Schwadermühlstraße 3

90556 Cadolzburg

Tel: +49 9103 715 0

E-Mail: [email protected]

Webseite: www.hobsoft.com

Information in this document is subject to change without notice

HOB is not liable for any omissions or errors which may be contained in this document.

Product information contained herein is from April 2013.

Any trademarks in this document are the property of their owners.

Layout: Maximilian Göppner


29

Picture Sources

• Page 3 - Alexandr Mitiuc

(Thinkstock)

• Page 4 - Oleksiy Mark/Thinkstock

(Thinkstock)

• Page 5 - Chromatika Multimedia

(Thinkstock)

• Page 7 - OneO2/Thinkstock

(Thinkstock)

• Page 8 - Oleksiy Mark

(Thinkstock)

• Page 9 - Spectral-Design

(Thinkstock)

• Page 10 - Thinkstock

• Page 11 - heizfrosch (Thinkstock)

• Page 12 - AKodisinghe

(Thinkstock)

• Page 13 - UmbertoPantalone/

texelart (Thinkstock)

• Page 14 - loops7 (Thinkstock)

• Page 15 - Thinkstock/Luca

Francesco Giovanni Bertolli

(Thinkstock)


• Page 17 - Maksim Pasko

(Thinkstock)

• Page 18 - Viktors Ignatenko/

Galina Peshkova (Thinkstock)

• Page 19 - 3Dmask (Thinkstock)

• Page 21 - Laurent davoust

(Thinkstock)

• Page 22 - Thinkstock/

pressureUA (Thinkstock)


• Page 24 - ronstik (Thinkstock)

• Page 25 - R. Michael Stuckey

(Thinkstock)

• Page 26 - Federico Caputo

(Thinkstock)


Effective WAN Clustering Relies on High Quality VPNs

Technology

Transcript of Effective WAN Clustering Relies on High Quality VPNs