When portions of two Wisconsin state agencies combined to form the Department of Children and Families (DCF), the IT staff had only five months to build the infrastructure for the new organization. Because workers in regional offices would access centralized applications over the wide area network, latency was a prime concern. We knew it would be challenging to provide users with a LAN-like experience across the WAN.
To combat latency and speed application performance, DCF decided to implement WAN optimization. We selected Riverbed Steelhead appliances after a proof-of-concept project because the equipment offered the best fit for our needs and environment.
We also deployed a VMware virtualized desktop infrastructure (VDI) to give users the look and feel of local applications. We deliver all services from our central data center in Madison via dedicated circuits. The only physical devices housed at the sites are optimization appliances, routers, switches, multifunction printers and computers. Agencies that are centralizing applications could benefit from WAN optimization. What follows are some tips and lessons learned from our experience deploying the technology.
Before installing the Riverbed appliances, we completed an onsite analysis to better understand the end-user experience. During this analysis we looked at application performance, the size and location of files, and LAN/WAN performance. Certain applications stood out more than others, specifically those that were housed in different data centers. With a requirement to manage services from a central location, it was apparent we also needed VDI. This would allow IT to support the environment from any location if needed.
Where do you want to see improvements? Identify the most critical applications or protocols traversing the WAN to target your optimization and deployment strategy. I recommend focusing on traffic such as Voice over IP, PC over IP, Secure Sockets Layer, quality of service and video. Learn how these types of protocols will be affected by your deployment.
In our environment, all services run across the WAN on a dedicated circuit back to a centrally located data center. As a result, we optimize everything we can, including print and HTTP traffic.
Our Steelhead appliances are configured in an “in path” deployment, in which all traffic passes through the appliance. Such an installation is fairly simple: In just a few minutes, I installed the appliances and connected them with the hardware at the branch sites. In the data center, all WAN traffic connects directly to the Steelhead appliances after the handoff from our routers. Both appliances sit directly in front of a pair of Cisco Nexus N7010 core switches. There is also an “out-of-path” deployment that sits to the side of the network. This requires a router or switch configuration to forward traffic to the optimization device.
Our current WAN optimization deployment consists of six Steelhead appliances: two in the data center, three in branch offices and one in a test environment. We plan to soon deploy seven more devices in remaining sites, focusing on those with six or more staff. Knowing the architectural design of your network will help identify where your head-end and branch office devices need to be deployed. Once those items are analyzed, consider these factors:
When deciding how many devices to deploy, you’ll want to scale according to your bandwidth and the number of connections between branch offices and the data center. Your vendor will have detailed deployment recommendations to cater to your environment.
Understanding WAN optimization hardware features and capabilities will allow you to get the most out of your investment. Many products offer additional features beyond optimization. For example, DCF leverages a VMware component that allows us to run local services on virtual machines on the optimization appliances. I have scaled our branch office Steelhead appliances to accommodate Windows 2008 R2 Servers for print and imaging services, which can be deployed and managed remotely.
During implementation we experienced minor network outages due to Layer 1 connections. I noticed that our WAN links were up just after port negotiations occurred. Our optimization hardware allowed us to swing the networks over before any configurations had been completed (which is where bypass mode comes in handy). Basic configurations can be completed prior to optimization, so you are able to configure IP addresses to manage the device from the network immediately.
Many protocols will be configured out of the box, while others need to be configured manually. Such configurations are generally referred to as rules. Setting up rules allows you to define which protocols will be optimized and place them in sequence by order of priority. We have set up various rules within the WAN optimization system, which specifically target priority applications and protocols on our appliances. These rules are configured to optimize traffic in order to maximize user performance.
One hardware feature we found very important was the ability to put the hardware in bypass mode. This allows you to simply turn off optimization at any time, which gives you the ability to rule out optimization as the root cause of a problem.
The Department of Children and Families experienced an immediate return on investment with our WAN optimization deployment. Once WAN optimization began, there was no question we would be able to reduce our WAN circuits. By scaling back, we are able to save money over the long term. Even so, this is just one benefit: The best return is that our branch offices operate across the WAN with LAN-like performance while all services are managed from a central data center.