Effective WAN Clustering Relies on High Quality VPNs

Effective WAN Clustering Relies on High Quality VPNs



WAN Clustering, also called geo-clustering, plays an increasingly critical role to many companies. Might it be for reasons of disaster recovery or business continuity, might it be due to ...

WAN Clustering, also called geo-clustering, plays an increasingly critical role to many companies. Might it be for reasons of disaster recovery or business continuity, might it be due to “distributed” company sites – high quality VPNs are a critical component to create such clustered networks. Download our e-book and find out how you can benefit from WAN clustering.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Effective WAN Clustering Relies on High Quality VPNs Effective WAN Clustering Relies on High Quality VPNs Presentation Transcript

    • Effective WAN ClusteringRelies on High-Quality VPNsRemote Access
    • Secure Business Connectivity2Why WAN Clustering ? 04More about WAN Clustering 07Role of WAN Clustering in Disaster Recovery/Business Continuity 10Role in Load Balancing 13Maximizing WAN Clustering Potential through Well-Managed VPNs 15Creating the Optimal WAN Clustering for Your Needs 18Selecting the Best VPN Technology for Your Network 22Conclusion 27Interested? 28Picture Sources 29
    • Secure Business Connectivity3WAN clustering, also called geoclusteringor remote clustering, is a networkarchitecture through which multipleservers and other computing resourceshoused in different geographical locationsform what appears to the user to be asingle, highly-available network.WAN clustering has become a business-critical capability for many businessesas these businesses have become more“distributed.” For example, an organiza-tion might have its product design anddevelopment teams in the U.S., enginee-ring and manufacturing in Taiwan, custo-mer service in India, and sales offices inseveral continents.
    • Secure Business Connectivity4Why WAN Clustering ?
    • Secure Business Connectivity5It is essential in today’s businessenvironment for an organization to runits operations uninterrupted. Customers,partners, vendors, shareholders andothers demand this. In some industries,the ability to operate uninterrupted can bea competitive advantage.If the mail server fails to deliver criticalemails, if order management softwarefails to inform vendors of neededmaterials, if customers fail to receivehigh-quality customer service, the resultscan be catastrophic for the organization.Indeed, these failures can have regulatoryimplications. In the financial servicesindustry, for example, if a bank fails toprovide specific documentation tocustomers within certain deadlines, theycan earn stiff penalties from an alphabetsoup of regulatory bodies. This isespecially true since the recent recessionand increased oversight of banks.
    • Secure Business Connectivity6Figure: VPN technology is a critical component of an organization’s WAN clustering strategy.The goal of WAN clustering includes maxi-mizing employee productivity by ensuringinformation assets are available anytime,anywhere. It is a principal architecture ITteams employ as part of disaster recove-ry/business continuity programs and loadbalancing. WAN clustering can be usedfor just about any computing resource,including mainframes, file servers, PCs,and software application stacks.Two core technologies that have enabledthe rapid growth of WAN clustering arevery rapid wide area network connectivity,and the ability to create and managea clustered network through a single,virtualized master identity.Another core capability that is critical tothe rapid and secure operation of a WAN-clustered network architecture is VPNtechnology. VPNs ensure information issecure traveling between servers as wellas to and from servers and end users’devices, be they PCs, laptops, tablets orsmart devices.
    • Secure Business Connectivity7More about WAN Clustering
    • Secure Business Connectivity8Advocates of clustering suggest that theapproach can help an enterprise achieve99.999 percent (so called 5 9’s) availa-bility in some cases. A common use ofWAN clustering is to load balance trafficon high-traffic networks, especially net-works where users upload and downloadlarge files, such as complex drawings andvideo. Formerly, “cold-standby“ solutionshad been the rule: a replacement serverwas only used if the running system failed.This is less efficient and unnecessarily tiesup resources. Today, it is common thatseveral, connected servers are operatedin parallel – the load is equally distribut-ed amongst the servers with the help ofload balancing. One distinguishes herebetween active/active and active/passi-ve concepts depending on the task- androle allocation within the server cluster.
    • Secure Business Connectivity9When using a modern active/activeclustering concept any number of serversis merged to a “cluster.” The serversare syndetic and every active session isknown by every server. This is why thesession can be overtaken by any otherserver in case of an interruption. Somesolutions even allow for an equal authorityof all cluster nodes instead of applyingthe standard master-slave concept withone server having the command of allother servers.WAN clustering can also provide arelatively low-cost form of parallelprocessing (rapid processing of programinstructions by dividing them amongmultiple processors) for scientific andother applications.With load balancing, all sessions canbe optimally distributed amongst allservers, too – for a perfect performanceand an efficient use of resources. This isparticularly interesting since – in times oftablets, smart devices and BYOD – thenumber of server requests is expected toincrease rapidly.
    • Secure Business Connectivity10Role of WAN Clusteringin Disaster Recovery/Business Continuity
    • Secure Business Connectivity11In a disaster recovery/business continuitysituation, the functions of a particular ser-ver or entire network location are takenover by any server(s) at a different locationwhen one server or network location be-comes unavailable for any reason, suchas scheduled down time, hardware orsoftware failure, or a cyber attack. Theprocess involves automatically offloadingtasks to another server location so thatthe procedure is as seamless as possib-le to the end user. The recovery processcan apply to any aspect of a system; itmight protect against a failed processor,network connection, storage device, orWeb server. It might protect against lo-cally bordered natural disaster effects likeflooding or blackouts, too.
    • Secure Business Connectivity12Originally, stored data was connectedto servers in very basic configurations:either point-to-point or cross-coupled.In such an environment, the failure (oreven maintenance) of a single serverfrequently made data access impossiblefor a large number of users until theserver was back online. More recentdevelopments, such as the storage areanetworks and cloud computing, makeany-to-any connectivity possible amongservers, data storage and other systems.Typically, these networks utilize manypaths between the server and thesystem. Each consists of complete setsof all the components involved. A failedpath can result from the failure of anyindividual component of a path. IT teamsemploy multiple connection paths, eachwith redundant components to avoidsingle points of failure, to help ensure thatthe connection is still viable even if one(or more) paths fail.
    • Secure Business Connectivity13Role in Load Balancing
    • Secure Business Connectivity14Load balancing is the division of acomputer’s or server’s or network’sworkload between two or morecomputers/servers so that morework gets done in the same amountof time and, in general, all users getserved faster. Load balancing can beimplemented with hardware, software, ora combination of both. Load balancing isoften the main reason IT teams opt for aclustering architecture.Companies whose websites receive largevolumes of traffic also frequently selectclustering architecture. For load balancingWeb traffic, there are several approaches.For Web serving, one approach is toroute each request to a different serverhost address in a domain name system(DNS) table, round-robin fashion. Usually,if two servers are used to balance awork load, a third server is needed todetermine which server to which toassign the work. In some approaches,the servers are distributed over differentgeographic locations.VPN technology is also critical to aneffective load balancing strategy. Rapid,safe and secure transfer of criticalbusiness data among servers to optimizethe user experience.
    • Secure Business Connectivity15Maximizing WANClustering Potential throughWell-Managed VPNs
    • Secure Business Connectivity16No matter the objective, a well-managedVPN is essential to successful WAN clus-tering. When designing VPNs into a clus-tered architecture, IT teams must strikea balance between accessibility, speedand cost. There are several strategies ITteams should employ to achieve the op-timal performance from VPN technology.While IT managers can typically estimatehow many users the VPN will handle on aday-to-day basis, they often have troub-le accounting for the rapid bursts of VPNusage that occur for a variety of reasons.IT teams must size VPN capacity to hand-le worst-case scenarios, but this can be-come very expensive, especially if most ofthe time there is limited VPN usage. Prio-ritizing the information needs of particularkey people or types or data is a provenapproach to achieving the balance bet-ween cost-effective VPN infrastructuresand meeting the needs of peak periods.IT teams should also watch VPN per-formance continuously to gauge usa-ge and to analyze for trends. If em-ployees “discover” the benefits of awell-managed VPN, they may begin touse it more, resulting in additional data
    • Secure Business Connectivity17flows that can impede performance.Concurrently, if the company is growingand expanding the number of employeesand servers, IT teams have to make surethat existing hardware can cape with thetraffic and that there are enough VPN li-censes for every user available.Employees should also receive trainingin the types of data best suited to travelthrough VPNs. Uploading or downloadingrich media applications or streaming vi-deo can tie up significant VPN resources.Being even somewhat selective with whatdata travels over the network can provideimportant performance benefits. SomeIT teams divert non-sensitive data off theVPN, ensuring sensitive data can reachits destination, a process called split tun-neling. However, due to security reasonsone should stick to anti-split tunneling be-cause otherwise malware has a potentialway into the company´s network.
    • Secure Business Connectivity18Creating the Optimal WANClustering for Your Needs
    • Secure Business Connectivity19When creating a WAN clusteringarchitecture, it’s critical to consider theorganization’s short- and long-termgoals. IT teams must strike the rightbalance between being cost effective andensuring the architecture remains optimalas demands grow. Among the factorsthey must consider include:• What data types will travel over the WAN – voice, video, synchro- nous and asynchronous data, etc.• Existing and planned applications• Local and remote access requirements• Existing equipment, both employee’s desktops, laptops and personal devices, as well as network equipment such as routers and switches• Required connectivity outside the organization, such as to key suppliers
    • Secure Business Connectivity20• Understanding network activity, meaning what activity it is me- ant to support, such as email, voice, video, remote access, etc.• Consider company headcount growth and accommodate for the extra requirements of these employees• Similarly, determine the number and type of devices the network will support, both today and into the futureAssuming the company already has aWAN and the IT team is planning for itsupgrade and/or expansion, they shouldbegin by studying the current traffic bet-ween servers as well as traffic betweenservers and end users. This should alsoinclude a discovery phase where theteam identifies all the components onthe network. IT teams should continueby conducting a performance analysis tobetter understand how well the networkfunctions in terms of throughput, band-width, latency and related key factors.As the IT team begins to add compo-nents to the network, they should monitornetwork capacity, including:• Study bandwidth usage and determine where any bottlenecks occur• Consider the need for redundancy and how this will impact capacity• Test network capacity regularly using traffic generators to identify and address latency, packet loss and any other issues
    • Secure Business Connectivity21When selecting VPN technology as part ofa WAN clustering architecture, it is impor-tant to know how end users will accessdata. For example, if they will access in-formation through a smartphone or othermobile device, IT teams should select aVPN solution that enables people to lookat content without downloading it to theirdevice. If employees work on PCs as wellas Macs, the VPN technology should beable to work with both operating systemsas well.
    • Secure Business Connectivity22Selecting the BestVPN Technology forYour Network
    • Secure Business Connectivity23As with any technology, IT teams mustdetermine what objectives they are tryingto reach before selecting which VPNtechnology to implement. One ongoingarea of discussion is on the merits of SSLVPNs or IPsec VPNs.There are reams of articles on the benefitsand weaknesses of each protocol.Briefly, an IPSec VPN creates a secureconnection through a client application onthe remote device and a VPN terminatoron the company’s network. IPsec VPNsolutions are very widely used and formany years were the standard remoteaccess solution. They are especially well-suited for fixed connections, for example,from the enterprise network to branchoffices or suppliers. They allow completenetwork access and are considered to besecure and reliable.When using IPsec VPN technology in alarge scale environment, this technologyexhibits a major drawback: an IPsecVPN client has to be installed on everyend device. To do this, installation andadministrator rights are needed.
    • Secure Business Connectivity24An SSL VPN allows full networkconnectivity, as does an IPsec VPN,but can be deployed more easily toremote users since neither installationnor administrator rights on the client areneeded. This makes SSL-VPN solutionsattractive for enterprises.Secure Socket Layer (SSL) VPNs havegained in popularity because they are“clientless,” meaning the remote devicedoesn’t need to have a client pre-installedto connect to the corporate network. Inmany situations, an SSL VPN tunnel iscreated when a remote user opens a Webbrowser and connects to a pre-definedURL. The VPN then prompts the userfor a user name and password. Onceauthenticated, the user is often taken toa company individual Web page includingseveral options for network access orcompany applications.
    • Secure Business Connectivity25IT teams can partly address this issue byresearching the quality of bandwidth atcorporate offices and demanding SLAswith minimum throughput guaranteeswithin an acceptable range.Another variable in VPN performanceis completely out of the hands of ITteams – quality of the local Internetconnection. If an employee is working athome, at an Internet café or some otherremote location and teens nearby aredownloading the latest movie or playinginteractive video games, performancemay suffer. This is often true in hotels aswell, even expensive ones where guestspay for broadband. And, it can be truein corporate offices where carriers havefailed to upgrade pipes adequately.
    • Secure Business Connectivity26Teams should also study the types oftraffic that will travel over the VPN whenselecting the best technology for theirorganization. If the VPN will carry voicetraffic, teams must be aware that voice ishighly sensitive to any latency, while videodownloads are less latency sensitivebut typically require more bandwidth.A well-conceived VPN strategy can helpIT teams address these issues. Someorganizations prioritize traffic based onport. Voice and business critical trafficmight be prioritized over routine filetransfers, for example.
    • Secure Business Connectivity27ConclusionCalculating the ROI of an effective VPNdeployment is extremely difficult becausethe benefits are numerous. Employeesgain anytime, anywhere access to criticalinformation. With an included option forgeographic clustering, IT teams attainan effective approach to maximize theperformance of the organization’snetwork, while concurrently protectingcritical assets from all forms of threats– weather, earthquakes, cyber attacks,et al. It is safe to say that as the creditcard ad goes, a well-managed VPN is –priceless.
    • Secure Business Connectivity28Interested?Would you like to check out the numerousbenefits of HOB Software?Just call us or send us a quick mail!You are welcome to contact us:HOB GmbH & Co. KGSchwadermühlstraße 390556 CadolzburgTel: +49 9103 715 0E-Mail: marketing@hob.deWebseite: www.hobsoft.comInformation in this document is subject to change without noticeHOB is not liable for any omissions or errors which may be contained in this document.Product information contained herein is from April 2013.Any trademarks in this document are the property of their owners.Layout: Maximilian Göppner
    • Secure Business Connectivity29Picture Sources• Page 3 - Alexandr Mitiuc (Thinkstock)• Page 4 - Oleksiy Mark/Thinkstock (Thinkstock)• Page 5 - Chromatika Multimedia (Thinkstock)• Page 7 - OneO2/Thinkstock (Thinkstock)• Page 8 - Oleksiy Mark (Thinkstock)• Page 9 - Spectral-Design (Thinkstock)• Page 10 - Thinkstock• Page 11 - heizfrosch (Thinkstock)• Page 12 - AKodisinghe (Thinkstock)• Page 13 - UmbertoPantalone/ texelart (Thinkstock)• Page 14 - loops7 (Thinkstock)• Page 15 - Thinkstock/Luca Francesco Giovanni Bertolli (Thinkstock)• Page 16 - Thinkstock• Page 17 - Maksim Pasko (Thinkstock)• Page 18 - Viktors Ignatenko/ Galina Peshkova (Thinkstock)• Page 19 - 3Dmask (Thinkstock)• Page 21 - Laurent davoust (Thinkstock)• Page 22 - Thinkstock/ pressureUA (Thinkstock)• Page 23 - Thinkstock• Page 24 - ronstik (Thinkstock)• Page 25 - R. Michael Stuckey (Thinkstock)• Page 26 - Federico Caputo (Thinkstock)• Page 27 - Thinkstock