• Home
• Archives
• Newsletter
• Career Center
• White Papers
• Contact

Hot IT Jobs

Hiring to Process Orders for Big Brands, Data Entry. $45/Hr

Director, Data Warehouse and Database Administration (Netezza an

.NET Programmer/Analyst

Animation Studio Sales Position

Database and Information Technology Specialist

Network Performance

Optimize application performance

The complexity of large global networks provides a particular challenge to IT managers.

by Frank Lyonnet

Managing WAN application traffic flow in organizations with a limited number of offices can be demanding. Yet, some businesses have hundreds or thousands of offices that must share and manage information over the network. These organizations often find that they need to optimize application performance using a more strategic approach.

One issue that many large organizations grapple with is that applications used within the company may be different. Thus, network teams are often confronted with a complex environment: dozens of applications, thousand of sites and tens of thousands of workstations.

This complexity means that the slightest incident with centrally located servers may cause serious repercussions at branch offices, including a complete failure of network services.

These challenges are compounded by the size and complexity of meshed networks, coupled with the characteristically small size of the central IT team and the fact remote offices often cannot justify having dedicated equipment on site. In addition, these organizations are challenged to deliver the quality of experience to mobile workers to ensure their productivity.

For example, branches often exchange information with other sites, such as hosting applications from server centers or providing load-balanced access to regional offices. In some instances, corresponding sites can differ from one branch to the next (e.g., the Boston branch and the San Francisco branch may not be in contact with the same regional office and therefore receive different information).

This situation translates to "some-to-many flows," where a small number of sites communicate with a subgroup of offices. To guarantee application performance, this partial meshing needs to be taken into account by the company's optimization system. This system should automatically determine the groups covering central branches and be capable of managing situations where there is competition between the different flows.

OPTIMIZATION'S THREE INGREDIENTS

Network professionals need to be armed with tools and methods that allow them to get information, make decisions and rapidly apply them. Network managers need three ingredients to optimize large branch office applications successfully:

• an overall view of applications, traffic matrices, network performance and applications;
• the ability to guarantee the performance of critical applications at all times; and
• the jurisdiction to act locally in case of any incident (e.g., alarms, local analyses of flows).

In addition, network managers need to manage their budgets and supply high-level information to management or to their internal customers.

Traditional network traffic tools offer management rules and traffic monitoring for each site, but they may soon surpass their limits because the configuration becomes too complex due to the multitude of possible situations. In these cases, managing change can become a nightmare.

Without real-time visibility into end-user response times and traffic flows, the management and optimization of application performance can be difficult. Too often, network managers have no way of knowing how well their organization or service provider is meeting its performance targets.

Other solutions have also emerged in recent years, such as WAN optimization controllers (WOCs), which address application performance hurdles in selected portions of the network. Some enterprises have tactically deployed WOCs at sites that exhibit poor end-user experiences for networked business applications. While this approach has advantages because of the immediate relief it provides, not all networks are compatible with such a tactical approach to application performance.

DEPLOYMENT DIFFICULTIES

Many large organizations, however, cannot deploy WOCs on their networks. Modern networks have meshed topologies that WAN optimization controllers might not be able to handle properly. Even if the technology tends to be more affordable, these tools still cost much more than a branch router.

In addition, WOCs need to be configured individually. The configuration of each device needs to be consistent with the others, yet all devices must reflect local requirements. Finally, few are able to scale benefits to hundreds or thousands of sites.

A new generation of WOCs can cooperate with each other as part of a global WAN optimization system. These WAN optimization systems offer a more global top-down approach that offers possibilities particularly adapted to the challenges. There are four key reasons why:

Efficiency. WAN optimization systems address application performance problems globally. They not only reduce the response times of business applications but also guarantee consistent response times regardless of network topology and occurrences on the network.

Minimal investment costs. The components within WAN optimization systems cooperate with each other so they can serve the needs of all branch offices without requiring a device at each site.

Low management costs. Network managers configure WAN optimization systems globally using application-performance objectives. Devices do not need to be configured individually. WAN optimization systems dynamically compute and apply configurations based on algorithms that ensure correct settings, even when the network, applications, users or site characteristics are evolving.

Scalability. WAN optimization systems are designed and built for large networks. They are able to scale to the largest networks without risking or affecting efficiency and reliability.

Frank Lyonnet is vice president of product marketing for Ipanema Technologies, Waltham, Mass.

For more information (click here)

Identity-based management

by Shawn Nunley

Today's bandwidth-management tools need to go beyond traditional traffic shaping and provide network managers visibility into the identity of users of applications, so that network traffic can be optimized through the management of bandwidth by applications and, more importantly, by users. The correlation between WAN application activity and user identification is important for implementing effective and efficient policies. Bandwidth reports with user identity information can enable more efficient management of network activities to help network troubleshooting and satisfy compliance requirements.

Early attempts to control the usage of WAN bandwidth relied on mechanisms that would analyze the traffic and identify the type of applications being used. As these bandwidth-management tools became more common, however, applications that wanted to dodge these controls emerged and did not necessarily follow the rules; simply categorizing traffic according to port numbers was no longer effective.

In order to more accurately categorize traffic, bandwidth-management tools began to use deep-packet inspection to look at the application layer. While this more accurately identifies the application, it does not offer any information regarding the identity of the user of the application.

Without identity information, bandwidth-management policies are limited to controlling WAN usage by application type, source IP, destination IP and possibly other non-user-specific information like time of day. This leads to heavy-handed policies that allow, deny or rate-limit WAN usage for the entire population of users as a whole. All users, however, do not have the same profile, and some users have legitimate reasons to access applications that other users do not.

For example, peer-to-peer (P2P) software is a common type of application traffic to restrict or deny in many corporations. P2P is becoming a mainstream method to transfer large files between business partners, however, and a network manager may want to allow that particular application for a specific user, while denying that type of traffic for everybody else. Without identity, the network manager may be forced to allow this type of traffic for everybody if it is allowed at all.

Although source IP information can be useful, it does not necessarily equate to identity. In dynamically addressed networks (DHCP), source IP can be useless. One IP address can belong to several users over the course of one day. With DHCP, some addresses can be statically assigned, but this defeats the purpose of using dynamic addresses and is not an acceptable solution in most networks.

The optimal solution would be capable of associating IP addresses with user authentications to various systems, such as Active Directory, RADIUS, TACACS+, LDAP and other authentication servers. By monitoring these authentications, users can be accurately identified.

A database of user-identities and associated assigned source IP addresses can be used for reporting and for applying bandwidth-management policies. In this scenario, a particular user can be granted access to a particular application without affecting policies that are assigned to the rest of the user population.

Keeping track of user identities and assigned IP addresses also provides benefits in the area of network troubleshooting. When a network is suddenly experiencing poor performance or a service interruption due to a misbehaving application or user, identifying the source of the problem can be a painstaking process.

With identity-based reporting and policies, the process of locating the problem can be reduced to minutes. Furthermore, with identity information included in bandwidth- and application-usage reports, a more complete understanding of network requirements is possible, and better policies can be implemented.

Shawn Nunley is director of product marketing for A10 Networks, San Jose, Calif.

 For more information (click here)