Branch Office Automation

We tell you the key points to keep in mind when IT enabling your branch offices, and tell you how to enable HTTP compression over a WANlink for faster connectivity between a branch and head office

Tuesday, April 03, 2007

Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

Branch offices are the extension of an organization, which help improve customer reach. An organization's image and the impression in the minds of its customers is directly linked to the quality of its branch office. As branch offices deal directly with customers, and are responsible for bringing in business, they need to be agile and efficient, else it could lead to delays in clearing customer orders, which translates into direct business loss. In today's competitive scenario, it's not possible to make a branch office efficient without using IT. An organization, therefore, must incorporate branch office automation in its IT strategy. The trouble is that branch offices are not given as much attention as the main corporate office. So while an organization might have a swanky corporate office lass with the latest IT infrastructure, it may have poor IT infrastructure in its branch offices. In this story, we'll talk about how to automate a branch office, and the key challenges involved in doing so.

There are several ways of automating a branch office. By definition, branch office automation is IT enabling your branch office in such a manner that you can control and sync it with your central datacenter. The essence of branch office automation (BOA) is that virtually all offices should be on the same network sharing a common resource pool. This can only happen if you have a well managed WAN infrastructure. For that to happen, you would need to take care of bandwidth, connectivity, security and data availability. We'll briefly talk about these areas before we move on to the actual implementation.

Connectivity: The first goal is to find a suitable connectivity solution. This may not be too much of a problem with branch offices in metros, but it could become an issue for other locations. The ISP may or may not provide services there, or may provide them through a third party. In such a case, defining the SLA can become very difficult. Make sure that you sign an SLA with the ISP and get a minimum guaranteed uptime. Depending upon the size and importance of a branch office, you should keep a backup link ready that can be used in case the primary link fails. You will find that this turns out to be far cheaper than actually putting an SLA in place. And the fringe benefit which you will get in this case will be that you can use all the lines in Active-Active failover and even aggregate them to get better bandwidth. When one goes down you still have the minimal required connectivity available.

For places where there's no ISP, such as rural areas, the most feasible option today is a VSAT. The satellite connections generally come with SLAs and the recurring cost is pretty cheap. The key concern in VSATs is high installation cost, which can run into several Lakhs.

From the ISA interface, start the new access rule wizard to define protocol/ protocols on which you want to enable compression

Security: While deploying a connection between your BOs and HO, you need to ensure that the data flowing across this is secure. So, the solution is nothing but encryption. Whatever you send, let it be mail, files or just Intranet traffic, remember to deploy some kind of encryption mechanism on top of it. One option would be to use VPN over your WAN links. But if because of some reasons you are not able to do so then try encrypting the protocols that are carrying the most critical data.

The other security concern for a BO will be enforcing local security policies across all systems in branch offices. For this, you need something that can push policies across the machines in your branch offices. Microsoft's Windows 2003 Server R2 in conjunction with  Internet Acceleration Server can provide this functionality as well as a firewall.

Availability: This is the most important part of a branch office. As the branch office is connected to the head office, it must always have access to the most up to date data. This could be the latest HR details, your corporate intranet, your sales proposals, and anything else. One way of making this data available could be through a VPN. But then, if there's a lot of data, then bandwidth concerns need to be taken care of. A key enabler for availability over WAN can be DFS replication. This is essentially a Windows 2003 R2 feature which does replication scheduling and bandwidth throttling. It uses RDC (remote differential compression) algorithm. RDC is a client-server protocol that is used to update files over a limited-bandwidth network. RDC can detect insertions, re-arrangements of data in files in turn enabling DFS Replication to replicate only the changed file blocks when files are updated. Another feature called Cross-file RDC reduces the  b/w required to replicate new files.

Bandwidth: This is something which you can never have enough of. The more you get the more you need. So in case of WANs, the trick is not in getting more bandwidth but in optimizing its usage. There are multiple ways of doing that. The best thing is to use a WAN accelerator. There are quite a few WAN accelerator appliances available in the market. And you can even build one by using MS Windows 2003 R2 Server with ISA Server. In this article, we will see how to do HTTP compression using ISA Server. The key role of a WAN accelerator is to enhance the performance of the WAN connection. It does using several different technologies like data and protocol compression, data indexing, data caching, protocol optimization, etc.

Using HTTP compression in IAS, you can compress all types of data like HTML, Text and multimedia files

A WAN accelerator is capable of actually compressing protocols such as RDP and HTTP when it actually leaves the LAN and enters the WAN. Data reduction is achieved by indexing the data that it is to be sent across and then by only sending the parts which are being modified. WAN accelerators are also capable of optimizing protocols by reducing round trips of acknowledgments done by some chatty protocols such as CIFS and by doing flow control for protocols such as TCP. Now let's do some hands on and see how it works.

Compression using ISA
Let's suppose that you have a website hosted at the intranet of your HO and you want to deploy some technology by which you can actually reduce the amount of traffic between HO and BOs. And if you are using Internet Security and Acceleration Server 2006 as your firewall and Proxy, then you don't need anything else to achieve the goal. Let's see how to set it up.

The scenario is very simple. You have a web server configured. This web server can be hosted on the Internet or can be sitting on an Extranet which is your corporate WAN.

The web server machine can have any application running such as IIS, Apache or whatever you like. Till it is serving HTTP traffic, the compression will happen. Now you have a BO, where, as a Firewall and Proxy server you are using ISA 2006 on top Windows 2003 server. And of course you have a few clients inside the LAN which can access the web site through the IAS proxy. The process is pretty simple and you can create such a process for testing by using just three machines. And that's exactly what we did.

Using HTTP compression in IAS, you can compress all types of data like HTML, Text and multimedia files

The setup
We suppose that you already know how to install ISA server on top of a Windows 2003 machine and do basic Firewalling with it. So we are not going into detail on how to do so in this article. The second thing which we are assuming is that you already know how to setup a web server by using IIS. The only thing which you have to check while you setup the webserver is to check one htm or html file which you are going to access through the IAS server, for size. So that, you can check later on, whether it had really compression the file or not.

As your IIS and ISA servers are ready with the basic configurations, go to the IAS server and start the ISA Server Management console from Program Files. Now, select the machine name of the server from the left pane and then click on the “Firewall Policy” option. Now click on the “Default Rule” and then at the right side of the window click on the “Create Access Rule” Option. A wizard will open. In the first window click and expand the “Common protocols” option and then select and add the “HTTP” option. Now proceed to the next step. In this page select the “Internal” from the “Networks” option and add it. Now click next to proceed.

In this step do exactly the same but instead of “Internal” select “External” and Add. On the next step just proceed with the default options which says “All users”.

Now click on the Apply button to save and apply the settings. When this is done, select the 'Configuration' option under the machine name in the IAS Management window. And inside configure select the 'General' Option. Now in the right side of the window click on the 'HTTP Compression Preference' and a window will open. Here select the 'Return Compressed Data' tab and click on the Add button. Now select the 'Networks' and click on 'Internal' option and click Add button. You can also click on the 'Content Types' option to check for which all protocols will be compressed by IAS. Here make sure that HTTP traffic is checked for compression. You can even set compression for Multimedia files from this window. Click on OK and close the window and Apply the settings and you are done.

Now just make sure that in the client, from where you are going to access the Website has the IP address of the IAS server set as its proxy server and in the “Advanced settings” of Internet explorer “Use HTTP 1.1 through proxy connection” is enabled.

To check the performance of the IAS server, you can use Windows System Monitor to check the amount of data transferred to and from the Client and the IIS server.

In our case we transferred a 115K Html file and the data transferred on the network after enabling compression was just 45K so we got a compression level of around 40%.

Page(s)   1