Presentation on theme: "Web Traffic Offload of MPLS Networks"— Presentation transcript:
1Web Traffic Offload of MPLS Networks Jeff Bird, RSMZscaler
2Top multinational enterprise network & telecoms priorities “Which of the following initiatives are likely to be your firm's top telecom adoption priorities over the next 12 months?”2013 GEN5:Base: 954 Telecoms decision-makers at firms with 1,000 or more employees who are responsible for multicountry or global network and telecoms technology decisions (“critical priority” and “high priority” responses); Source: Forrsights Networks And Telecommunications Survey, Q1 2013
3Business globalization drives need for a highly available and reliable international site-to-site networkWorkforces are both increasingly distributed, and mobile.Globalizing business operations demands a highly reliable and resilient corporate network.Globalization resets business, customer and employee expectations about speed of responsiveness and decisions, and for team collaboration.The more internationally distributed a firm’s operations, the bigger the challenge to deliver consistent apps performance.Security becomes a big issue around Web Apps
4MPLS interest is driven mostly by perceptions of “value for spend” Reasons for using MPLS - rankedNeed more QoS network capacityNeed high network reliability, and predictabilityWant to improve user experience with collaboration and productivity appsNeed to upgrade network to support new enterprise communications appsWant a simplified WAN infrastructureWant to improve access to internally hosted, and off-premises hosted and cloud applicationsWant data traffic routing control including QoSNeed a modern and future-proof networkNeed to integrate disparate networks globally
5The Age of Mobility (it’s about the Web apps!) Customer and employee expectations of more , easy to use, mobile apps will change how business is doneDriversIT ChallengesWorkplace virtualizationCollaboration (internal, external)Consumerization (bring-your-own devices, apps)Manage growing complexity (endpoint, network, information security)Cost management – licenses, IT supportDirect technology purchases (BYO-T) risk bypass of IT standards
6Virtualization success rides on getting your Cloud strategy right Most firms are keen to consolidate data centersA majority will adopt hybrid cloud – own DC + virtual private cloud &/or public cloud (e.g., Office 365, Salesforce, Dropbox, gMail)Many will migrate UC&C app to SaaS modelsAll virtualizing firms are beefing up network securityMost firms will shift network and security management towards 3rd party services to help move forward faster and better …Common thread here is more Web traffic…
8Why? The Cloud Goes (Went) Enterprise! Regional GatewayCloud ServicesBusiness CriticalSales from the road on iPADApplicationsHQDLPOffice from everywhereUsersAPT/0DayMarketing user groupsHome or HotelPersonal or business UseTraining videos from iPhoneRegional OfficeOn-the-goCorporate storageWhere is your Corporate Perimeter?
93 Trends Transforming Network & Security Business Users go MobileUsers work from home or on-the-goUsers who BYOD50%90%Cloud Apps go MainstreamCloud-based applications used by an enterprise50Social goes Enterpriseemployees use Facebook at work75%— Impact —Mobile, Cloud & Social: Driving business beyond the corporate network (often without policy & protection)This has broken the traditional trusted “hub & spoke” network.Users are often outside the corporate network accessing cloud-based services.80% of my MLPS traffic used to be for applications at my HQ and 20% was Internet bound. Now it’s just the opposite.” – CIO, Fortune 50 company“
10Traditional MPLS Networking – Hub & Spoke NEW YORKSEATTLEMPLS PROVIDERContact a MPLS Service Provider & Architect1Provision a T3 (45 Mbps) per site to provide connectivity to the MPLS network2T3Provision a 1 Gbps Ethernet circuit to provide the “hub” datacenter connectivity to the MPLS network31 GBHQ: SAN JOSEFor Internet Access also provision a 1 Gbps Dedicated Internet Line at the “hub” datacenter4ATLANTADATACENTER1 GBINTERNET
11Is This The Best Way to Provide Internet Access? MPLS PROVIDERT3NEW YORKSEATTLET3By volume often 70%+ of MPLS backhauled traffic is Internet bound or Web Traffic port 80 & 443MPLS Bandwidth is more expensive than commodity Direct Internet Access$$$$$$$T3HQ: SAN JOSET31 GBATLANTADATACENTER1 GBINTERNET
12“Direct 2 Net” Split Tunnel Path to Insecurity? MPLS PROVIDERLayers of appliances (FW, IPS, AV, DLP, NGFW, BA) are deployed at the “hub” datacenter to secure Internet access!T3T3NEW YORKSEATTLEBranch router security (UTM) is one approach to secure local Internet access…T3HQ: SAN JOSET31 GB… but keeping policy consistent and providing per user policy and reporting/visibility is a nightmareATLANTADATACENTER1 GBEasy way out is to still backhaul…So is MPLS Dead?INTERNET
13The Web Traffic Offload Approach with Zscaler INTERNETISPISPPurchase inexpensive local Internet access at the branches (often faster/lower latency!) and save $$1MPLS PROVIDERT1T1SEATTLENEW YORKReduce the size of the MPLS links to a T1 (1.5Mbps) instead of a T3 Link (45 Mbps) and save $$2Reduce the size of the Internet access at the datacenter. Simplify Network & Security and save $$3T1HQ: SAN JOSET11100 MBOffload your Web traffic to the Zscaler Cloud for security processing!4ATLANTAISPDATACENTERISP100 MBINTERNET
14What Does Typical Security Look Like Today? Mobile & Distributed WorkforceRegionalOfficeHomeor HotspotHQOn-the-goCloud ServicesSocial MediaCloud AppsMobile AppsProxy ServerAPT/Bot GatewayApplication AwaernessURL Web-FilterAntivirus-FilterWAN/SSL AcclerationLoad BalancerDLPSSL/IPSec VPNBotnetExploitsIn a more simplistic picture – the best way to think of Zscaler, is as a global check-post sitting between your employees and the Cloud. In a more technical term some of you might view Zscaler as a Massively scalable and fast Proxy available anytime, globally from any device.
15What Does Zscaler Do? Global check post Enforces business policy Mobile & Distributed WorkforceRegionalOfficeHomeor HotspotHQOn-the-goBlock the bad, protect the goodGlobal check postEnforces business policyNO HARDWARE | NO SOFTWARECloud ServicesSocial MediaCloud AppsMobile AppsBotnetExploitsIn a more simplistic picture – the best way to think of Zscaler, is as a global check-post sitting between your employees and the Cloud. In a more technical term some of you might view Zscaler as a Massively scalable and fast Proxy available anytime, globally from any device.