Next-Generation Branch Office Architecture Resolves Remote Issues

Branch offices have long posed a challenge for distributed organizations, since it is not efficient or cost effective to maintain IT staff and resources at each location. Yet, despite this, many offices require local compute, storage and networking resources to meet all organizational application requirements.

To deliver the ‘lean’ branch office, organizations have often either resorted to public cloud services that might fail to meet IT requirements for control and security, or attempted to integrate branch functions into expensive, proprietary shared infrastructure platforms that package the physical infrastructure – server and storage – with the requisite IT software. These shared infrastructure platforms may appear to provide IT with competent solutions, but in reality offer limited feature innovation, restrict software choice and lock the buyer into a future of costly hardware upgrades.

Branch issues

Although remote offices differ, certain challenges are common to most environments:

  • Need for increased resource costs of the branch compute, storage and networking infrastructure
  • Protracted provisioning time as IT delivers, configures and installs equipment before the branch becomes operational
  • Branch survivability as wide area network (WAN) infrastructure failure can cause branch office failure
  • High management and maintenance costs given the lack of IT expertise on-site
  • Data protection and security are often limited, as effective safeguards may be lacking
  • Data restoration may take far too long, particularly for tape-based backup. This limits performance in recovering data for a given user
  • Delivering physical appliances may be expensive and time-consuming, particularly for overseas or remote locations

Attempts to address these issues have led some businesses to consolidate infrastructure functions into their appliances, such as routers or WAN optimization hardware. These approaches are attractive in so far as they simplify network deployments, but often come at a price.  For example, when proprietary hardware requires custom developed silicon there are the research and development (R&D) costs.  As such, when businesses invest in off-the-shelf servers they are faced with a premium due to numerous factors including procurement, development and quality assurance testing. Furthermore, high availability (HA) features may not be provided, forcing organizations to double the number of appliances on site for maximum uptime. The bottom line is that proprietary appliances often double the cost of comparable off-the-shelf servers, and even triple when requiring HA.

The capital costs of proprietary appliances are particularly significant given that they’re often unnecessary. Most organizations have a surplus of compute cycles, which is a major catalyst behind the adoption of virtualization. IT functions can often run on existing servers, sharing the underlying hardware with other virtual appliances, and still deliver comparable performance to stand alone appliances.

Operationally, proprietary hardware extracts a heavy penalty. Indeed, sparing becomes more difficult and costly as components must be acquired, typically costing 30 percent or more than comparable equipment on the market. Choice is also limited as customers are restricted to a set of applications and services that can run on these platforms, whether due to the constraints of the hardware or the business strategy of the manufacturer. Finally, changes to the product line frequently force unnecessary, costly, hardware upgrades. Even the perceived benefits of simplified delivery and deployment may not be fully realized, as organizations could still need to deploy switches, routers and other functions in the branch, which are not included in the shared infrastructure platform.

Next-generation branch office architecture

While the theoretical benefits of an integrated appliance remain sound, the execution has often been flawed – until now. Next-generation branch architecture avoids these problems by separating the underlying hardware from the software and leveraging the advances in virtualization and branch server designs. Organizations gain a deployment architecture that is cost-effective and powerful, allowing the continued use of their existing tools and software.

Central to this strategy are the shared infrastructure platforms that combine all of the core branch office services – compute, storage and networking – into a single, integrated unit. These branch office platforms use the manufacturing and production expertise of server providers to lower costs, giving IT exceptional manageability and value without sacrificing agility.

The new architecture considers three types of deployment:

  • Fully distributed – where IT resources are delivered from a server in the branch
  • Partially distributed – that deliver resources locally from shared infrastructure platforms
  • Consolidated branch – where all IT resources are delivered from the data center in the branch office

More specifically, next-generation branch architecture comprises:

Hardware – The new architecture is platform independent, allowing a range of hardware implementations.  A shared infrastructure platform provides the ideal hardware platform by simplifying deployment and management, while a next-generation branch also enables the advances in virtualization, allowing a conventional server to run most, if not all, of a branch office’s functions. Available local storage may be delivered inexpensively through a virtual storage area network (SAN) and server uptime achieved through a HA server cluster.

Hypervisor – All branch software will run on a hypervisor, such as VMware vSphere, Microsoft Hyper-V or KVM. As such, host and infrastructure management continues to be performed via the same native tools that exist in the data center, such as VMware vCenter.

Data protection – Virtual data protection software allows IT to backup and restore branch office locations easily in the event of a disaster. Restores can be achieved randomly, so offices can resume work in minutes rather than hours, after an event. Virtual storage arrays and technologies also provide this capability.

Perimeter security – Distributed firewalls allow the IT organisation to secure branch network access. A centralized platform provides the necessary security policy management and control.

Thin and zero clients – For maximum control and security at the desktop, IT can use virtual desktop infrastructure (VDI).

Connecting the branch

Data acceleration software addresses the core performance, availability and security challenges of delivering services to the branch. To ensure a reliable performance of services over the WAN, there are three factors organizations have to overcome – latency, congestion and bandwidth.

Firstly, latency is mitigated by streamlining the protocols underlying enterprise applications. TCP applications are improved through window scaling, HighSpeed TCP and other technologies. In addition, Windows file-sharing and other CIFS-based applications are improved using technologies, such as CIFS read-ahead and CIFS write-behind. Secondly, congestion is overcome by dynamically choosing the least-congested path to a location for an application. Lost or out-of-order packets are recovered and re-sequenced in real time, avoiding retransmission delays, while traffic shaping and QoS mechanisms ensure that applications including voice, data protection and thin clients receive the necessary bandwidth.

Finally, bandwidth usage is minimized with real-time, byte-level deduplication. Data acceleration software in each location inspects, compresses and stores a single local copy of all outgoing traffic in real time. Subsequent instances of the traffic are delivered from the local data accelerator instance rather than the WAN, thus saving bandwidth.

WAN optimization technology addresses network availability by balancing traffic across multiple connections. Indeed, data acceleration software dynamically assesses the paths between locations, selecting the path most closely matching the application’s availability, loss and latency characteristics.

By applying real-time intelligence, organizations can monitor paths for increases in packet loss or latency, and switch traffic to an alternative line before a failure occurs. With security a topical issue at present, WAN optimization solutions are also starting to include accelerated IPSec, which protects data through virtual private network (VPN) tunnels between locations.

To reduce management costs and shorten deployment cycles organizations can use the shared infrastructure platform to consolidate all branch office storage, networking and compute requirements in one device.  Branch resources run within the shared infrastructure platform as virtual machines on a standard hypervisor. IT can therefore enforce best practices while still locating critical resources at the branch. The hypervisor management platform can be used for automating server maintenance tasks and monitoring resources, which minimize the need to troubleshoot remote servers and desktops in person.

The consolidated branch

For maximum efficiency, organizations can manage and standardize server and thin desktop environments in the corporate data center, where administrators can perform backups, upgrades and complete maintenance. Administrators can remove servers and desktops from the remote office, convert them into virtual machines, and host them on the virtual infrastructure behind a secure firewall.

End users in remote offices will benefit from this as they can then access server and desktop workloads over the network. Furthermore, for added security, administrators can enforce strict control over access to virtual machines by delegating customized roles and permissions to authorized administrators and end users.

Ultimately, a centralized approach to deployment maximizes consolidation ratios, ensures security and minimizes management complexity. Because the remote office IT infrastructure is located in the data center, IT staff with technical expertise can offer faster response times and better support to end users in remote locations. Additionally, remote office services can enable data center resources, including high-end servers, storage and networking, as well as data center disaster recovery (DR) and backup plans. Centralized deployment not only enhances security and compliance, but allows local backups to be performed quicker in the data centre over a high-speed local area network (LAN).

Disclaimer: This article was written by a guest contributor in his/her personal capacity. The opinions expressed in this article are the author’s own and do not necessarily reflect those of