Effective WAN Clustering Relies on High Quality VPNs
-
Upload
hob -
Category
Technology
-
view
265 -
download
3
description
Transcript of Effective WAN Clustering Relies on High Quality VPNs
Effective WAN Clustering Relies on High-Quality VPNs
Remote Access
Secure Business Connectivity
2
Why WAN Clustering ? 04
More about WAN Clustering 07
Role of WAN Clustering in Disaster Recovery/Business Continuity 10
Role in Load Balancing 13
Maximizing WAN Clustering Potential through Well-Managed VPNs 15
Creating the Optimal WAN Clustering for Your Needs 18
Selecting the Best VPN Technology for Your Network 22
Conclusion 27
Interested? 28
Picture Sources 29
Secure Business Connectivity
3
WAN clustering, also called geoclustering
or remote clustering, is a network
architecture through which multiple
servers and other computing resources
housed in different geographical locations
form what appears to the user to be a
single, highly-available network.
WAN clustering has become a business-
critical capability for many businesses
as these businesses have become more
“distributed.” For example, an organiza-
tion might have its product design and
development teams in the U.S., enginee-
ring and manufacturing in Taiwan, custo-
mer service in India, and sales offices in
several continents.
Secure Business Connectivity
4
Why WAN Clustering ?
Secure Business Connectivity
5
It is essential in today’s business
environment for an organization to run
its operations uninterrupted. Customers,
partners, vendors, shareholders and
others demand this. In some industries,
the ability to operate uninterrupted can be
a competitive advantage.
If the mail server fails to deliver critical
emails, if order management software
fails to inform vendors of needed
materials, if customers fail to receive
high-quality customer service, the results
can be catastrophic for the organization.
Indeed, these failures can have regulatory
implications. In the financial services
industry, for example, if a bank fails to
provide specific documentation to
customers within certain deadlines, they
can earn stiff penalties from an alphabet
soup of regulatory bodies. This is
especially true since the recent recession
and increased oversight of banks.
Secure Business Connectivity
6Figure: VPN technology is a critical component of an organization’s WAN clustering strategy.
The goal of WAN clustering includes maxi-
mizing employee productivity by ensuring
information assets are available anytime,
anywhere. It is a principal architecture IT
teams employ as part of disaster recove-
ry/business continuity programs and load
balancing. WAN clustering can be used
for just about any computing resource,
including mainframes, file servers, PCs,
and software application stacks.
Two core technologies that have enabled
the rapid growth of WAN clustering are
very rapid wide area network connectivity,
and the ability to create and manage
a clustered network through a single,
virtualized master identity.
Another core capability that is critical to
the rapid and secure operation of a WAN-
clustered network architecture is VPN
technology. VPNs ensure information is
secure traveling between servers as well
as to and from servers and end users’
devices, be they PCs, laptops, tablets or
smart devices.
Secure Business Connectivity
7
More about WAN Clustering
Secure Business Connectivity
8
Advocates of clustering suggest that the
approach can help an enterprise achieve
99.999 percent (so called 5 9’s) availa-
bility in some cases. A common use of
WAN clustering is to load balance traffic
on high-traffic networks, especially net-
works where users upload and download
large files, such as complex drawings and
video. Formerly, “cold-standby“ solutions
had been the rule: a replacement server
was only used if the running system failed.
This is less efficient and unnecessarily ties
up resources. Today, it is common that
several, connected servers are operated
in parallel – the load is equally distribut-
ed amongst the servers with the help of
load balancing. One distinguishes here
between active/active and active/passi-
ve concepts depending on the task- and
role allocation within the server cluster.
Secure Business Connectivity
9
When using a modern active/active
clustering concept any number of servers
is merged to a “cluster.” The servers
are syndetic and every active session is
known by every server. This is why the
session can be overtaken by any other
server in case of an interruption. Some
solutions even allow for an equal authority
of all cluster nodes instead of applying
the standard master-slave concept with
one server having the command of all
other servers.
WAN clustering can also provide a
relatively low-cost form of parallel
processing (rapid processing of program
instructions by dividing them among
multiple processors) for scientific and
other applications.
With load balancing, all sessions can
be optimally distributed amongst all
servers, too – for a perfect performance
and an efficient use of resources. This is
particularly interesting since – in times of
tablets, smart devices and BYOD – the
number of server requests is expected to
increase rapidly.
Secure Business Connectivity
10
Role of WAN Clustering in Disaster Recovery/ Business Continuity
Secure Business Connectivity
11
In a disaster recovery/business continuity
situation, the functions of a particular ser-
ver or entire network location are taken
over by any server(s) at a different location
when one server or network location be-
comes unavailable for any reason, such
as scheduled down time, hardware or
software failure, or a cyber attack. The
process involves automatically offloading
tasks to another server location so that
the procedure is as seamless as possib-
le to the end user. The recovery process
can apply to any aspect of a system; it
might protect against a failed processor,
network connection, storage device, or
Web server. It might protect against lo-
cally bordered natural disaster effects like
flooding or blackouts, too.
Secure Business Connectivity
12
Originally, stored data was connected
to servers in very basic configurations:
either point-to-point or cross-coupled.
In such an environment, the failure (or
even maintenance) of a single server
frequently made data access impossible
for a large number of users until the
server was back online. More recent
developments, such as the storage area
networks and cloud computing, make
any-to-any connectivity possible among
servers, data storage and other systems.
Typically, these networks utilize many
paths between the server and the
system. Each consists of complete sets
of all the components involved. A failed
path can result from the failure of any
individual component of a path. IT teams
employ multiple connection paths, each
with redundant components to avoid
single points of failure, to help ensure that
the connection is still viable even if one
(or more) paths fail.
Secure Business Connectivity
13
Role in Load Balancing
Secure Business Connectivity
14
Load balancing is the division of a
computer’s or server’s or network’s
workload between two or more
computers/servers so that more
work gets done in the same amount
of time and, in general, all users get
served faster. Load balancing can be
implemented with hardware, software, or
a combination of both. Load balancing is
often the main reason IT teams opt for a
clustering architecture.
Companies whose websites receive large
volumes of traffic also frequently select
clustering architecture. For load balancing
Web traffic, there are several approaches.
For Web serving, one approach is to
route each request to a different server
host address in a domain name system
(DNS) table, round-robin fashion. Usually,
if two servers are used to balance a
work load, a third server is needed to
determine which server to which to
assign the work. In some approaches,
the servers are distributed over different
geographic locations.
VPN technology is also critical to an
effective load balancing strategy. Rapid,
safe and secure transfer of critical
business data among servers to optimize
the user experience.
Secure Business Connectivity
15
Maximizing WAN Clustering Potential through
Well-Managed VPNs
Secure Business Connectivity
16
No matter the objective, a well-managed
VPN is essential to successful WAN clus-
tering. When designing VPNs into a clus-
tered architecture, IT teams must strike
a balance between accessibility, speed
and cost. There are several strategies IT
teams should employ to achieve the op-
timal performance from VPN technology.
While IT managers can typically estimate
how many users the VPN will handle on a
day-to-day basis, they often have troub-
le accounting for the rapid bursts of VPN
usage that occur for a variety of reasons.
IT teams must size VPN capacity to hand-
le worst-case scenarios, but this can be-
come very expensive, especially if most of
the time there is limited VPN usage. Prio-
ritizing the information needs of particular
key people or types or data is a proven
approach to achieving the balance bet-
ween cost-effective VPN infrastructures
and meeting the needs of peak periods.
IT teams should also watch VPN per-
formance continuously to gauge usa-
ge and to analyze for trends. If em-
ployees “discover” the benefits of a
well-managed VPN, they may begin to
use it more, resulting in additional data
Secure Business Connectivity
17
flows that can impede performance.
Concurrently, if the company is growing
and expanding the number of employees
and servers, IT teams have to make sure
that existing hardware can cape with the
traffic and that there are enough VPN li-
censes for every user available.
Employees should also receive training
in the types of data best suited to travel
through VPNs. Uploading or downloading
rich media applications or streaming vi-
deo can tie up significant VPN resources.
Being even somewhat selective with what
data travels over the network can provide
important performance benefits. Some
IT teams divert non-sensitive data off the
VPN, ensuring sensitive data can reach
its destination, a process called split tun-
neling. However, due to security reasons
one should stick to anti-split tunneling be-
cause otherwise malware has a potential
way into the company´s network.
Secure Business Connectivity
18
Creating the Optimal WAN Clustering for Your Needs
Secure Business Connectivity
19
When creating a WAN clustering
architecture, it’s critical to consider the
organization’s short- and long-term
goals. IT teams must strike the right
balance between being cost effective and
ensuring the architecture remains optimal
as demands grow. Among the factors
they must consider include:
• What data types will travel over
the WAN – voice, video, synchro-
nous and asynchronous data, etc.
• Existing and planned applications
• Local and remote access
requirements
• Existing equipment, both
employee’s desktops, laptops
and personal devices, as well
as network equipment such as
routers and switches
• Required connectivity outside the
organization, such as to
key suppliers
Secure Business Connectivity
20
• Understanding network activity,
meaning what activity it is me-
ant to support, such as email,
voice, video, remote access, etc.
• Consider company headcount
growth and accommodate for the
extra requirements of these
employees
• Similarly, determine the number
and type of devices the network
will support, both today and into
the future
Assuming the company already has a
WAN and the IT team is planning for its
upgrade and/or expansion, they should
begin by studying the current traffic bet-
ween servers as well as traffic between
servers and end users. This should also
include a discovery phase where the
team identifies all the components on
the network. IT teams should continue
by conducting a performance analysis to
better understand how well the network
functions in terms of throughput, band-
width, latency and related key factors.
As the IT team begins to add compo-
nents to the network, they should monitor
network capacity, including:
• Study bandwidth usage and
determine where any
bottlenecks occur
• Consider the need for
redundancy and how this will
impact capacity
• Test network capacity regularly
using traffic generators to identify
and address latency, packet loss
and any other issues
Secure Business Connectivity
21
When selecting VPN technology as part of
a WAN clustering architecture, it is impor-
tant to know how end users will access
data. For example, if they will access in-
formation through a smartphone or other
mobile device, IT teams should select a
VPN solution that enables people to look
at content without downloading it to their
device. If employees work on PCs as well
as Macs, the VPN technology should be
able to work with both operating systems
as well.
Secure Business Connectivity
22
Selecting the Best VPN Technology for
Your Network
Secure Business Connectivity
23
As with any technology, IT teams must
determine what objectives they are trying
to reach before selecting which VPN
technology to implement. One ongoing
area of discussion is on the merits of SSL
VPNs or IPsec VPNs.
There are reams of articles on the benefits
and weaknesses of each protocol.
Briefly, an IPSec VPN creates a secure
connection through a client application on
the remote device and a VPN terminator
on the company’s network. IPsec VPN
solutions are very widely used and for
many years were the standard remote
access solution. They are especially well-
suited for fixed connections, for example,
from the enterprise network to branch
offices or suppliers. They allow complete
network access and are considered to be
secure and reliable.
When using IPsec VPN technology in a
large scale environment, this technology
exhibits a major drawback: an IPsec
VPN client has to be installed on every
end device. To do this, installation and
administrator rights are needed.
Secure Business Connectivity
24
An SSL VPN allows full network
connectivity, as does an IPsec VPN,
but can be deployed more easily to
remote users since neither installation
nor administrator rights on the client are
needed. This makes SSL-VPN solutions
attractive for enterprises.
Secure Socket Layer (SSL) VPNs have
gained in popularity because they are
“clientless,” meaning the remote device
doesn’t need to have a client pre-installed
to connect to the corporate network. In
many situations, an SSL VPN tunnel is
created when a remote user opens a Web
browser and connects to a pre-defined
URL. The VPN then prompts the user
for a user name and password. Once
authenticated, the user is often taken to
a company individual Web page including
several options for network access or
company applications.
Secure Business Connectivity
25
IT teams can partly address this issue by
researching the quality of bandwidth at
corporate offices and demanding SLAs
with minimum throughput guarantees
within an acceptable range.
Another variable in VPN performance
is completely out of the hands of IT
teams – quality of the local Internet
connection. If an employee is working at
home, at an Internet café or some other
remote location and teens nearby are
downloading the latest movie or playing
interactive video games, performance
may suffer. This is often true in hotels as
well, even expensive ones where guests
pay for broadband. And, it can be true
in corporate offices where carriers have
failed to upgrade pipes adequately.
Secure Business Connectivity
26
Teams should also study the types of
traffic that will travel over the VPN when
selecting the best technology for their
organization. If the VPN will carry voice
traffic, teams must be aware that voice is
highly sensitive to any latency, while video
downloads are less latency sensitive
but typically require more bandwidth.
A well-conceived VPN strategy can help
IT teams address these issues. Some
organizations prioritize traffic based on
port. Voice and business critical traffic
might be prioritized over routine file
transfers, for example.
Secure Business Connectivity
27
ConclusionCalculating the ROI of an effective VPN
deployment is extremely difficult because
the benefits are numerous. Employees
gain anytime, anywhere access to critical
information. With an included option for
geographic clustering, IT teams attain
an effective approach to maximize the
performance of the organization’s
network, while concurrently protecting
critical assets from all forms of threats
– weather, earthquakes, cyber attacks,
et al. It is safe to say that as the credit
card ad goes, a well-managed VPN is –
priceless.
Secure Business Connectivity
28
Interested?
Would you like to check out the numerous
benefits of HOB Software?
Just call us or send us a quick mail!
You are welcome to contact us:
HOB GmbH & Co. KG
Schwadermühlstraße 3
90556 Cadolzburg
Tel: +49 9103 715 0
E-Mail: [email protected]
Webseite: www.hobsoft.com
Information in this document is subject to change without notice
HOB is not liable for any omissions or errors which may be contained in this document.
Product information contained herein is from April 2013.
Any trademarks in this document are the property of their owners.
Layout: Maximilian Göppner
Secure Business Connectivity
29
Picture Sources
• Page 3 - Alexandr Mitiuc
(Thinkstock)
• Page 4 - Oleksiy Mark/Thinkstock
(Thinkstock)
• Page 5 - Chromatika Multimedia
(Thinkstock)
• Page 7 - OneO2/Thinkstock
(Thinkstock)
• Page 8 - Oleksiy Mark
(Thinkstock)
• Page 9 - Spectral-Design
(Thinkstock)
• Page 10 - Thinkstock
• Page 11 - heizfrosch (Thinkstock)
• Page 12 - AKodisinghe
(Thinkstock)
• Page 13 - UmbertoPantalone/
texelart (Thinkstock)
• Page 14 - loops7 (Thinkstock)
• Page 15 - Thinkstock/Luca
Francesco Giovanni Bertolli
(Thinkstock)
• Page 16 - Thinkstock
• Page 17 - Maksim Pasko
(Thinkstock)
• Page 18 - Viktors Ignatenko/
Galina Peshkova (Thinkstock)
• Page 19 - 3Dmask (Thinkstock)
• Page 21 - Laurent davoust
(Thinkstock)
• Page 22 - Thinkstock/
pressureUA (Thinkstock)
• Page 23 - Thinkstock
• Page 24 - ronstik (Thinkstock)
• Page 25 - R. Michael Stuckey
(Thinkstock)
• Page 26 - Federico Caputo
(Thinkstock)
• Page 27 - Thinkstock