Optimising the Hybrid Cloud: Extending Your Enterprise WAN to Infrastructure as a Service

White Paper

Legacy WAN designs can’t keep up with the traffic growth within enterprise networks today. Hybrid cloud models have emerged as a solution to these traffic issues, but connecting the data center to the cloud can present hidden challenges. If you’re looking into an IaaS solution, you’ll want to uncover all of the issues you may have to handle.

Download this white paper now to learn how IaaS deployments can impact the network and discover a more efficient approach to consistent hybrid WAN architecture. 

Get the download

Below is an excerpt of "Optimising the Hybrid Cloud: Extending Your Enterprise WAN to Infrastructure as a Service ". To get your free download, and unlimited access to the whole of bizibl.com, simply log in or join free.

download

Introduction

Infrastructure-as-a-Service within the enterprise is expected to grow at a rate of 37.3% through 20171 . Gartner supplements this with an additional key data point: infrastructure-as-a-service (IaaS) is the fastest growing segment of the infrastructure service domain2 .

According to ESG’s 2014 Public Cloud Computing Trends report, nearly half (47%) of organizations with more than 500 production servers are already using infrastructure-as-a-service as opposed to 23% of those with fewer than 50 production servers. Similarly, 54% of organizations with at least 1 PB of storage capacity currently use IaaS compared with only 20% of those with less than 100 TB. Perhaps more significantly, organizations with the smallest deployments in terms of storage capacity are more than three times as likely as those with the largest infrastructure footprints (36% versus 11%) to have no plans for or interest in using IaaS.

Thus for larger enterprises, IaaS is no longer limited to “skunkworks” proofs-of-concept (POCs) with no project end in sight. Hard contractual obligations, balance sheet objectives, and increased complexity in hosting critical applications are driving IT to scale some processes off corporate premises toward a hybrid cloud model. (Hybrid cloud is defined as a cloud computing environment in which an organization provides and manages some resources in-house and other resources provided externally.3 )

As IT managers accelerate the pace of moving workloads into the cloud, IaaS providers are in-turn accelerating on innovation in the areas of best-of-breed vendor support and cloud networking capabilities, both to maintain pace and to push differentiation. Traffic growth within the hybrid cloud model is scaling at a rate that is forcing a new look at legacy wide area network (WAN) connectivity, including visibility, control and performance. The big question is, “How’s my WAN holding up?”

Growth of the hybrid cloud

In a typical hybrid cloud deployment, the data center infrastructure is physically distributed among customer-owned sites (on premises) and cloud provider-owned (hosted) environments. The cloud segment extends the existing on-premises network and provides easier global reach and elastic resource assignment and consumption – an ideal scenario for dynamic computing requirements.

Common use cases for IaaS include remote backup and replication, short-term development and test activities, and supporting temporary workload surges. ESG’s recent research found that data protection is the most common IaaS use case among organizations currently employing cloud infrastructure services.

Multiple factors are driving increased workload migration into the cloud for production use – including expanded presence throughout the world via IaaS “regions” and availability zones; maturity of networking; improved cloud security; and automation features including VPN termination, n-tier subnets, multitenant isolation for virtual private clouds, and publicly accessible REST APIs. CIOs are setting strategic directives to move into the cloud. They want to transition from capital equipment expenditure into operational expenditure, utility spending, faster time to value, and building a leaner infrastructure.

While IaaS deployments offer numerous benefits, connecting the enterprise data center to the cloud within a hybrid data center model can present hidden challenges and costs. The hybrid delivery model directly impacts the existing enterprise WAN by increasing the complexity of network topology between IaaS sites and customer-owned data centers. The use of the Internet connectivity and site-to-site VPN tunnels adds further complexity.

This whitepaper focuses on key aspects of how IaaS deployments can impact the network, and proposes a new approach to a resilient, consistent hybrid WAN architecture.

How IaaS Impacts the WAN

Before implementing a cloud service, it is critical to understand the unique impact that IaaS has on WAN performance.

While IaaS offers fast, agile and elastic computing with minimal operational overhead, IaaS services can present some issues, specifically related to connectivity, visibility, and performance. These can translate to lost time and additionally incurred usage charges.

  • Setup: Virtual Private Clouds (VPCs) are logically isolated compute services that are hosted at an IaaS provider. Each VPC provides network-level segmentation on shared hardware, and in some cases, customers can select dedicated hardware isolation. Isolation between customers is a basic requirement for Internet-based computing, along with privacy for data in flight. However, extending security to provide data privacy can require multiple steps. For example, some customers may find setting up a VPN connection between an Amazon Web Services (AWS) VPC their data center to be complex, requiring the customer’s data center firewall to be on the supported equipment list published by AWS. Configuring and setting up this tunnel typically requires approval and involvement from a different IT department. 
  • Networking: Cloud providers have mostly standardized on basic concepts such as multi-tenant isolation, workload size archetypes, and general workflow for provisioning and management. However, there are still major differences in how each provider’s environment offers networking, both within a VPC and across VPCs. Multi-cloud peering is also relatively immature because of the inherent differences in each IaaS provider’s architecture (for example, connectivity between AWS and VMware vCloud).
  • Bandwidth usage: Some applications require guaranteed bandwidth rates between server instances. Cloud computing applications are highly dependent on Internet bandwidth, latency, and link quality. Bandwidth controls need to be in place to reduce or throttle the amount of bandwidth consumed while not compromising application performance.
  • VPN limitations: Establishing a secure VPN connection between the data center and the IaaS provider is a must. Even within a single cloud provider environment, there may be limitations to how many VPN tunnels can be supported from a VPC to a data center, forcing new decisions about architecture and topology that can slow down the planning phase prior to migrating into the cloud. For example, a single VPC can only support 10 VPN tunnels per virtual private gateway (VPG). For a customer looking to extend a fully meshed VPN environment into the cloud, this is an architectural limitation. For example, a company with several branch offices accessing applications hosted at an IaaS provider will each need their own tunnel, thereby limiting the number of sites that can be connected to that VPC.
  • Multi-cloud support: Migrating data to another virtual private cloud from the same provider, or to a different cloud provider, can be problematic. Establishing direct connectivity between IaaS vendors is complex. For cloud-based disaster recovery, enterprises should maintain redundant copies of data on premises and at different cloud providers for mission critical data4 . These datasets are generally quite large, scaling up to tens-of-terabytes in size. Without the intervention of specialized cloud migration service providers, data may need to be “backhauled” from one IaaS host through a VPN connection to the on-premises data center, and then sent out through a second VPN connection to the other IaaS host. Each provider may charge for data transfer. (See Figure 1) In September 2013, a US-based cloud storage services company suddenly announced it was going out of business. Customers were told they two weeks to transfer petabytes of data elsewhere. While migrating data into the cloud can be slow, imagine a two week rush period (later extended to four weeks) where all data must be migrated at the same time.
  • Initial migration of data into an IaaS provider can be slow: IaaS services typically involve moving large amounts of data across the WAN as part of an onboarding process. As such, their success is gated by the available bandwidth. When data movement must be performed in real-time, geographic distance and WAN quality can also play a major role in the success of these projects. Large volumes of data, available bandwidth, the enterprise data center’s the proximity to the cloud host can all affect the time required for data migration. Enterprises therefore need to consider strategies for migrating data both into and out of the cloud, or deploying across multiple cloud vendors for data protection.

Extending Your Enterprise Network to IaaS

Silver Peak Unity is an intelligent wide area network fabric that unifies the enterprise network with public cloud services. Silver Peak Unity gives IT the ability to monitor and control connectivity to the cloud while providing users with consistent performance.

Silver Peak software installed in data centers, branch offices and cloud interconnection hubs generates the Unity fabric, a network overlay that controls and accelerates connectivity to any combination of enterprise services, IaaS resources and SaaS applications. Each Silver Peak instance on the Unity fabric communicates with Silver Peak’s Cloud Intelligence service, which aggregates constantly changing information about cloud providers and Internet weather. Unity uses this information, along with calculations from each software instance, to dynamically route traffic to the cloud over the optimal path.

A Unity fabric is built by deploying Silver Peak instances (Silver Peak VX software or NX appliances) at data centers, branch offices, cloud interconnection hubs, or within IaaS providers such as AWS or VMware vCloud. An annual subscription to Unity Cloud Intelligence works with Unity instances to create an Internet weather map, enabling Silver Peak software to route traffic to any cloud service over the optimal path.

A key component that helps extend an enterprise’s reach into IaaS is Silver Peak’s a VPN with high performance edge-toedge encryption based on IPsec with AES-256 encryption and SHA-1 authentication. Whereas traditional IPsec deployments were complicated and inflexible, Silver Peak’s IPsec VPN technology makes it easy to create secure VPN connections between enterprise data centers and multiple IaaS providers. Silver Peak’s VPN can establish secure connections between enterprise data centers and a VPN edge router. By placing a Silver Peak instance in each IaaS host as well as in enterprise data centers or branch offices, users can establish a meshed network of secure VPNs to the IaaS provider without having to configure the Virtual Private Gateway.

Addressing the IaaS limitations simply, securely and efficiently

The Silver Peak Unity WAN fabric helps mitigate the limitations and concerns around deploying IaaS. Where there is a lack of consistent networking standards among cloud providers, Silver Peak offers a simplified way to setup connectivity to multiple IaaS vendors. Instead of managing complex firewall configuration rules, users can place a Silver Peak software instances in each cloud and easily establish a secure IPSec VPN connection without having to configure or manage the cloud provider’s default gateway.

Bandwidth

With Silver Peak, bandwidth usage can be configured with advanced Quality of Service, so that traffic does not burst through its SLA. Applications can be classified to prioritize critical traffic classes like email or storage replication, while constraining recreational or personal traffic classes like social media or streaming music services. Silver Peak can honor existing traffic management policies or create new tags that leverage up to 10 different QoS classes within the Silver Peak devices. Silver Peak perfectly complement QoS policies already implemented by cloud service providers.

Silver Peak’s data reduction (deduplication) and compression technology ensure that redundant application data is not sent over WAN between your data center and cloud, thus minimizing the amount of bandwidth required.

Visibility and control

Global visibility is provided through Silver Peak’s Global Management Systems (GMS), which provides centralized orchestration of Silver Peak deployments, advanced application classification, and detailed performance metrics.

Multi-cloud deployments

As part of the Unity fabric, users can migrate data between clouds securely and simply using Silver Peak instances deployed in virtual private clouds including Amazon Web Services, VMware vCloud, and Microsoft Azure. Unity enables a scalable and secure cloud infrastructure with no single point of failure in the cloud and no vendor lock in. By deploying Silver Peak instances into an IaaS provider, users can quickly and easily migrate data between multiple cloud providers and the enterprise data center for more complete data protection.

Data migration

Data migration becomes much easier with Silver Peak data acceleration. Typical data transfers can perform as much as 20X faster with Silver Peak.

WAN deduplication and compression maximizes the available WAN bandwidth. Traffic is inspected constantly and repetitive transmissions of duplicate data are eliminated. This operates across all IP applications and protocols, including IaaS providers and be done at the byte-level so that all duplicate data can be found and retrieved.

Dropped and out-of-order packets are a common occurrence when connecting to IaaS over the Internet. Silver Peak applies path conditioning not only across the enterprise WAN, but out across the Internet. Silver Peak Forward Error Correction reconstitutes dropped packets, while Packet Order Correction techniques re-sequence packets that traverse multiple paths across this new expanded WAN that includes IaaS.

Traffic shaping, which has been in use for many years now, is also applied to the IaaS-driven WAN. This enables various applications being hosted in IaaS environments to be classified appropriately, and enables IT to prioritize critical traffic classes (e.g. data protection to AWS) while constraining recreational or personal use traffic classes (e.g. YouTube).

SaaS Optimization

Ensuring SaaS performance over the Internet is far more complicated than conventional applications that run over your MPLS or private network. If a conventional application has a performance problem, the IT organization typically has the right levels of visibility and control to respond to trouble tickets. Compute or storage resources can be added to improve performance, and if the network is the issue, organizations can reposition servers closer to the office or add bandwidth.

SaaS services have different network dependencies based on the type of application. Cloud based storage, for example, may not be very latency sensitive but may be bandwidth intensive, while the opposite may be true for real-time database queries.

Across relatively short connections with small amounts of delay, SaaS performance issues may not be noticeable. But as SaaS traverses longer distances with larger delays, the throughput of the underlying TCP session decreases dramatically.

As part of the Unity fabric, Silver Peak software instances can be installed within IaaS providers to bring the enterprise to the doorstep of SaaS applications. Silver Peak Unity adds awareness of the subnets and IP addresses used by the SaaS providers. Every Silver Peak instance can then measure its loss, latency and other metrics to these subnets and distribute that information to the Silver Peak instances across the Unity fabric, including those deployed in IaaS. Those instances can then determine the optimal end-to-end path for connecting to the SaaS application, which could include instances deployed within AWS, VMware vCloud or Microsoft Azure.

For example, users in Brazil trying to access an Office 365 service setup in the US could experience delays in using the service, resulting from Internet latencies in excess of 300 milliseconds (ms) or more.

Instead, the enterprise can install a Silver Peak Unity software instance with an IaaS provider closest to the Microsoft Office 365 data center to establish a proximate egress to the SaaS application. Silver Peak will identify the fastest path to the Office 365 service and direct traffic to that cloud service over the least-congested or most available path.

For more details on SaaS optimization, read the whitepaper, “Optimize Every SaaS Application with an Intelligent WAN.”

Data Center WAN Optimization

WAN optimization is critical to cloud computing because it addresses the bandwidth, latency and WAN quality issues described above. Silver Peak’s heritage of building real-time network optimization maximizes the performance of cloud applications across the Internet, and minimizes the costs of enterprise networking.

Silver Peak uses data deduplication and compression to maximize the available WAN bandwidth. Traffic is inspected at the byte level so that repetitive transmissions of duplicate data are eliminated. All IP applications and protocols, including SaaS applications are optimized with Silver Peak.

Because all cloud services inherently use shared WANs, packet delivery challenges are a constant problem in these environments. When IP packets are dropped or delivered out of order during periods of peak network congestion, the packets are retransmitted, lowering effective throughput (and application performance). Latency-sensitive applications will not fare well in these environments. Adaptive Forward Error Correction reconstitutes dropped packets in real-time, while Packet Order Correction re-sequences packets that may traverse multiple paths across the network.

Silver Peak also applies traffic shaping to the new cloud-driven WAN. Applications can be classified appropriately, and IT can prioritize critical traffic classes (e.g. replication workloads to IaaS) while constraining recreational or personal use traffic classes (e.g. YouTube).

As part of building out a new WAN fabric to address enterprise and cloud applications, Silver Peak uses high performance edge-to-edge encryption based on AES-256 IPsec VPN technology. Unlike most IPsec VPN implementations, Silver Peak encrypts traffic sent over the WAN without degrading performance. Additionally, whereas traditional IPsec deployments have been complicated and inflexible, Silver Peak’s approach enables simplified, consistent, and automated encryption for all traffic, spanning the enterprise locations and cloud infrastructure.

Conclusion

Enterprises can gain efficient, scalable and cost effective computing by migrating some of their core services into hybrid clouds using Infrastructure as a Service. The Silver Peak Unity fabric offers secure and simplified connectivity between the enterprise and multiple IaaS providers that bypasses many of the limitations inherent in IaaS deployments, making it possible implement consistency into the hybrid infrastructure. Silver Peak’s heritage in WAN optimization brings better performance into the cloud, decreasing the time required to perform both initial migration and ongoing synchronization of data. Finally, by deploying Silver Peak software instances onto IaaS, enterprises can build out the Silver Peak Unity fabric, which helps enterprise IT see, control, and optimize connectivity to every SaaS application.

Want more like this?

Want more like this?

Insight delivered to your inbox

Keep up to date with our free email. Hand picked whitepapers and posts from our blog, as well as exclusive videos and webinar invitations keep our Users one step ahead.

By clicking 'SIGN UP', you agree to our Terms of Use and Privacy Policy

side image splash

By clicking 'SIGN UP', you agree to our Terms of Use and Privacy Policy