Lippis Report Issue 80: Extending Your Networked Business Platform to Branch Offices
There are strong economic and technical drivers transforming branch office operations. Business leaders are growing their branch office operations at a rate of nearly 10% per year. There are multiple factors behind this growth including expanding out of region and global operations, mergers and acquisitions plus tapping into a larger pool of employees and increasing existing employee retention. Not only has there been a large spike in the number of branch office employees but they are also fueling corporate growth strategies and represent a larger share of corporate intellectual property and decision-making. It´s no wonder then that IT budget consumption to support branch office operations is as high as 70%! It is for all these reasons that the corporate network business platform needs to be extended to include branch offices. In this Lippis Report we´ll show you how.
Networking has evolved from a connectivity service to a strategic business platform thanks to the integration of services embedded into the network fabric. Networking technology anticipates systemic changes in how business applications will be written and deployed across networks so as to support unforeseen and future requirements. In doing so branch office network solutions have increasingly integrated services such as network security, application intelligence, IP telephony and wireless LAN access points to increase branch office employees´ productivity while reducing cost. The result of this evolution is that branch office networks are mission critical resources that deliver a wide range of services to the point of being an integral component of the strategic network business platform.
The Old Branch Office Network Model
Overlay after Overlay = High Cost and Unreliability
As branch office network requirements grew many IT leaders simply added networking services through appliances to meet their needs. This was a simple solution with relatively low capital cost to provide IP telephony, WLANs, network security, etc. But as requirements have grown over the past five years so too have the number of appliances. Many IT executives now realized that they had too many appliances to support, all with different management interfaces and configuration rules. Not only does adding multiple appliances increase capital cost but operational cost skyrockets as well. Remember that the average number of branch office locations is nearly 100, which means every branch office investment is increased by two orders of magnitude. With operational cost representing some 90+ percent of branch office network total cost of ownership adding appliances, in retrospect, is penny wise but pound-foolish. In addition to high operational cost reliability is decreased as the number of appliances which can malfunction increases.
Too Many Slow Speed WAN Links
Branch office operations are typically supported through multiple networks such as voice, data, security, fax, etc. Many of these networks, in particular fax, voice and security are aging networks based upon TDM technology. These older analog networks have become more expensive as service providers increase tariffs to entice IT leaders to migrate to new broadband and IP-based networks. As branch offices are usually many miles away from central offices, this distance increases the price of phone and data lines, which tends to limit the amount of bandwidth per branch location a corporation can justify. In the old branch office network model, with as many as four lines entering a branch office to support four separate IT services, wide area network resources or bandwidth tends to be limited for any one service. Inconsistent WAN service among branch locations is another characteristic of older branch office networks thanks to offices being distributed over large geographic distances and between multiple service providers. So not only is bandwidth limited but WAN management is expensive and problematic as netops is forced to manage multiple service providers.
Lack of Network Design = Poor Security + Inconsistent Performance + Lack of Preparation
With the growth of branch offices taking many IT leaders by surprise, many have not architected a solution for their remote offices; rather they have built out their networks in a piece meal fashion. As a result many branch office networks are not fractal, meaning that there is no consistency in design. In short these branch office locations are equipped with different devices and vendors. This inconsistency of design often results in mixed performance between branch office locations. Perhaps most importantly is the fact that piece meal branch office design is less secure, since it is nearly impossible to update all branch office locations with the latest security enhancements and/or exploit signatures. Further, many have limited business continuity plans and are not prepared for man-made or natural disasters. Lack of a mobility solution is a key indictor of this design flaw.
Branch Office Network Best Practices
Thoughtful Design = Improved Performance + Security + Business Continuity
As mentioned above branch office operations are driving growth initiatives and are empowered with decision-making authority. Consequently traffic patterns are following this shift in corporate authority and responsibility. Traffic patterns used to flow hierarchically from headquarters to regional offices to branch offices. Now branch-to-branch flows are layered on top of hierarchical traffic to support executive decision making in the field between branch locations. Branch office network design needs to incorporate this requirement with flexible WAN services and routing.
Integration = Lower TCO + High Reliability
Much of the vendor community has embraced the concept of integrated services in branch office network devices. There are many suppliers of branch office network equipment such as Cisco, Avaya/Juniper, Nortel, Silver Peak, NetD, etc. SilverPeak and NetD are small players in the market. Cisco is by far the market leader having shipped more than 2.3 million Integrated Services Routers (ISR). Their growth rate is impressive too. It took Cisco 18 months to ship 1 million ISRs, but only 9 months to ship their second million — an impressive growth rate. With over 2 million ISRs in production, Cisco is turning the ISR into a business platform equipped with its own ecosystem. More on this below.
Branch office networks require thoughtful design, as its business function is mission critical and TCO high. In fact branch office network TCO is best managed through architecture development and integrated equipment. The best design attributes include the following:
- Consistent design in both network equipment and WAN service
- Converged IP telephony, fax, security and data networking into an Ethernet/IP fabric
- Support for mixed traffic flows both hierarchically and branch-to-branch
- Business continuity and disaster planning through mobility and redundancy in both equipment and WAN access
- Layered network security with multiple defenses included SSL and IPSec VPN, firewall, IPS and Network Access Control/Network Access Protection
The level of integration should be weighted heavily when IT leaders are evaluating branch office network equipment. The latest security, IP telephony, video/surveillance and data technologies should be integrated into a single network device on top of switching and routing functionality. Management and configuration should be simplified with a single interface to all functions as well as virtualized interfaces so that secops, netops, etc may configure and monitor their respective organizational responsibilities. Careful review should be applied to WAN capabilities not only in terms of link support such as DSL, Cable, T1/EI, ISDN, frame relay, MPLS, etc., but WAN optimization and acceleration functionality as well in order to improve the branch office user experience by minimizing network delays in application access. Network security functionality should be comprehensive with integrated VPN, firewall, IPS, NAC, NAP and tunneling. Wireless and wireline Ethernet access should be transparent and integrated with access points being built into equipment, supporting business continuity planning. Functionality such as Power over Ethernet (PoE), real time dial and/or broadband backup should be table stakes.
3G = Diverse Access or Main WAN Link
As mentioned above, Cisco is turning the ISR into a platform. The best example of this came recently in late March ´07 when it announced 3G wireless support in its 1841, 2800 and 3800 ISRs. What was significant in this announcement was that it was made with Verizon Wireless, Sprint, AT&T and Telefonica and Moviles. While 3G is being introduced as a consumer technology, Cisco was able to use the 2.3 million ISRs as a platform to bring this technology to the enterprise. 3G will offer bandwidth between 300kbs to 1Mbs, depending on the service. This joint announcement between Cisco and service providers gives the service providers instant access to the enterprise market to sell new 3G services while offering IT leaders a truly diverse link to branch offices at less than $100 per month or a new primary high speed link option.
By architecting the branch office and integrating its IP telephony, security and management into the corporate IP network, branch office networks become an extension of the corporate network business platform. As branch office operation trends are a result of market realities, business leaders will only increase their corporate investment. To maximize the benefit of more than 70% of IT spend on remote offices, architecting networks with integrated services equipment is clearly the direction of best industry practices.