Lippis Report 174: Cloud-Enabled Branch Office Strategy that Reduces WAN Cost and Increases Security Defenses

Being close to customers has proven to be a good strategy over the past business cycle as IT business leaders have invested in their branch offices. New customer-based applications continue to be added at the branch level expanding revenue generating opportunities while at the same time video communications have increased significantly for both client and employee interactions. In addition to corporate applications and video, internet access and cloud-based applications have boomed too over the past business cycle thanks to smartphones and mobile tablets connected to local branch Wireless Local Area Networks or WLANs. All of this would be fine if for not one issue…all application and communication traffic is being forced to backhaul over the same (wide area network) WAN/VPN to either connect to corporate data centers, public clouds or the internet. In this Lippis Report Research Note, we explore a new cloud-enabled branch office strategy from Cisco that’s simple, eliminates backhauling of internet-bound traffic while increasing security, visibility and management. What’s fascinating about this new approach is that the Return on Investment or ROI is very short as it’s paid by WAN arbitrage.

IBM Expands System Networking Offering

Listen to the Podcast

Branch office WANs are usually based upon Metro Ethernet, MPLS, frame relay networking, etc. Integrated services routers such as Cisco’s ISR G2 dominate the market and provide a range of services in one hardware platform, including routing, switching, WLAN, unified communications, an application development environment, UCS platform, firewall, IPS, VPN, etc. IT business managers have come to see the ISR as a branch IT platform where they can enable multiple sets of functionality to simplify management plus maintenance and extend that functionality over time.

And extend functionality they have. Branch office networking is being equipped with a wide range of corporate applications, IP-based voice and video communications plus internet access and increasingly cloud-based applications. Most, if not all, of the traffic associated with these applications flow over the WAN to a data center where corporate applications and IP voice and video communications are routed to their respective corporate servers. Traffic flows bound to the internet and cloud providers are routed to the corporate firewall to perform policy and/or security control then off to the internet, all of which is expensive and adds latency.

Extreme Networks Starts Race to 40GbE Cloud Networking with Open Fabric

Listen to the Podcast

Keep in mind upload versus download speeds. A small query from an iPhone, iPad or Android-based device connected to a branch WLAN will send a small message to a server over the internet which usually responds with more than ten times the amount of downstream traffic, most of which flows over the data center internet access link and branch office WAN. As mobile cloud computing has expanded significantly over the past eighteen months so has its consumption of branch WAN and data center Internet access bandwidth. At the same time, video communications has been added to branch offices for a wide range of purposes, including real-time video content, Telepresence meetings between employees plus employees and customers, employee training, making content experts available to customers, etc. The combination of all these flows over the branch office WAN is forcing many IT leaders to either increase WAN plus their data center internet access bandwidth, or prioritize applications and do without.

Cloud-Enabled Branch Office

A new option is now available that does not require any new hardware, either in the branch office or data center. This new option is called the cloud-enabled branch office. This strategy separates internet-bound traffic from corporate applications and internal communications. Separating internet-bound traffic at the branch level eliminates this traffic from flowing over the WAN and consuming data center Internet access bandwidth. This separation of traffic provides more WAN bandwidth for corporate applications and communications, which is sorely needed in most enterprises as video to the branch has become a requirement. With increased WAN bandwidth for video too, lower latency should be observed, increasing user video experience.

Force10 Networks Introduces New Era of Open Cloud Networking

Listen to the Podcast

The cloud-enabled branch office approach not only increases WAN and data center internet access bandwidth by re-directing internet- and cloud-bound traffic to local internet access, but in the process solves a lingering issue with which most IT leaders have been struggling and that is inconsistent and complex branch office web security solutions. In addition, Cisco’s approach offers a quick and easy deployment model for cloud-based web policy and security to protect against zero-day threats with no impact to ISR router performance.

Traditionally, IT teams had the choice to backhaul all traffic to a central point to filter and secure, or to deploy additional web security hardware at each location. These options can add additional latency and have inconsistent policy enforcement as well as vastly increased management and maintenance overheads. Cisco ISR Web Security offers the ability to deploy and enforce centralized policy and security across a distributed enterprise; avoiding the cost and complexity of backhauling traffic while minimizing management overhead.

Cisco Cloud Security Accelerates Cloud Adoption

Get the White Paper

Cisco’s ISR Web Security with Cisco ScanSafe

Cisco is approaching the cloud-enabled branch office solution by integrating its ISR Web Security solution and ScanSafe into IOS for the ISG G2. IT leaders who own and run branch office networks with ISR G2s can cloud enable them with a software update. Additional Command Language Interface or CLI commands cloud enables the branches plus provides authentication and centralized identity services.

Cisco ISR Web Security with Cisco ScanSafe integrates into authentication services, such as Active Directory, to enable branch offices to enforce granular security and control policy protecting branch office users from malware. ScanSafe provides centralized management and reporting controls for web content/url filtering. This provides one management point for policy, reporting, maintenance and management. That is a global view provided to IT operations with the ability to make changes of policy, etc., that are implemented globally from a centralized location.

Open Cloud Networking: Unlocking the Full Potential of Cloud Computing

Get the White Paper

By cloud enabling the branch office, backhaul bandwidth related to internet traffic can be eliminated from the WAN, which reduces cost and provides a higher web performance experience. For multinationals with thousands to tens of thousands of branch offices around the world, the backhaul reduction plus centralized management, maintenance, policy definition and control of web traffic afforded by ISR Web Security and ScanSafe reduces complexity and saves operational cost.

Another way to view this option is the backhaul reduction potentially postpones a WAN and data center internet access upgrade, which funds cloud-enabled branch office activation. A calculation of this trade off and its potential cost savings is advised. The larger the number of branch offices, the shorter the ROI and the larger the potential savings.

The 7 Deadly Traps of IPv6 Deployment and How to Avoid Them

Get the White Paper

Cloud-enabled Branch Office Solution Evolution

From the above, it’s clear that Cisco is enabling ScanSafe via its ISR G2 offering as part of its cloud-enabled branch strategy. ISR G2 customers will benefit from Cisco’s ability to inject new cloud-based services into the ISG G2 platform. This approach to add value extends existing ISR G2 investment. With the ISR G2 integrating networking, communications, security plus computing, it’s expected that additional features and functions will be added through software upgrades such as the cloud-enabled branch. Look for interesting management advantages in the coming quarters.

With cloud-enabled branch office networking, employees can access the internet and cloud services without backhauling. In addition, ScanSafe delivers a range of security features that mitigates threats plus provides IT leaders with centralized control and policy definition.

As enterprises increasingly utilize mobile and cloud computing, the cloud-enabled branch office affords IT business leaders an approach to do so securely. For example, a major benefit of cloud computing is the reduction of in-house application development as IT leaders seek to augment their application portfolio mix with cloud-based applications. Therefore, armed with a method to increase the use of cloud computing at the branch office level, IT business leaders will find new flexibility in branch office application delivery. In short, the cloud-enabled branch office provides an IT deployment model for IT leaders that allow cloud services to be deployed with centralized policy definition and control plus management.

4 Debates over Lippis Report 174: Cloud-Enabled Branch Office Strategy that Reduces WAN Cost and Increases Security Defenses

  1. Paul Tan said:

    Cisco’s ScanSafe via its ISR G2 offering is a very unic solution. Congratulation!
    Paul Tan

  2. Andrew Cole said:

    Incredibly insightful thank you, I reckon your current followers may well want a good deal more reviews like this continue the excellent content.

  3. G2S said:

    Much needed information thanks also really useful white papers

  4. Brett said:

    Eliminating backhaul bandwidth through the cloud is such a big office solution especially for companies that have multiple branches. Centralization was a problem in the past but cloud-based systems have made it possible for one branch to connect with the rest without delay. Accessing cloud services and the internet without backhauling is a great development.