Prioritize Mission-Critical WAN Traffic to Ensure Consistent Performance.
Most IT organizations do not have service level agreements (SLAs) for the performance of even their most critical applications. Without an SLA for application functionality, it can be difficult to determine thresholds or justify infrastructure investments. Any SLA management strategy considers two well-differentiated phases: the negotiation of the contract and the monitoring of its fulfillment in run-time. An SLA includes contract definition (basic schema with the QoS parameters) SLA negotiation (with the IT group’s internal or external customers), SLA monitoring and SLA enforcement according to defined policies.

Establish “Acceptable Use” Policies
The first step in prioritizing traffic across WAN links involves managers finding a consensus on what constitutes the “highest use” of IT resources. For some, that may be the toughest part of the project.

Everyone will agree that all forms of malicious traffic are unacceptable. There won’t be any argument about content that includes gambling or pornography or the like in business settings. It’s freighted with legal risks. Peer-to-peer applications could be eliminated for the same reason, potentially exposing the organization to copyright infringement. However, its enormous appetite for bandwidth is justification enough to exclude it.

The gray areas begin with other forms of recreational traffic. Internet pastimes like online games, Internet radio, streaming video and even simple Web surfing can consume vast quantities of WAN bandwidth.

The need to conserve bandwidth has to be evaluated in the context of the company’s culture. Is allowing an employee to do online shopping while at work something in keeping with how the company wants to treat its employees? No IT department should attempt this on its own.

Identify Mission-critical Applications
Organizations typically identify only a handful of applications as truly mission-critical. To ensure their performance, administrators must know what these are and what causes them to behave badly.

VistaOne for Visibility
To direct traffic, you need to be able to see what that traffic is. VistaOne has experience with no less than five excellent methods of identifying and classifying WAN data flows.

Device

Features

Reports

$

Blue Coat PacketShaper

Layer 7 visibility at the circuit level. Performance diagnostics, connection profiling and forensics. SLA tracking with proactive altering and management. Mark packets with prescribed DiffServ, IPTOS/ Precedence, MPLS tags, VLANs and others.

Peak and average utilization rates, bytes
transmitted, availability, utilization, top talkers/listeners, network efficiency, more.

$

Blue Coat Reporter

Processes log data from Blue Coat ProxySG, WebFilter, ProxyClient, and ProxyAV. Customized, role-based dashboards and reports drill down from general trends to specific activity.

Web traffic performance, trends, errors, security threats, bandwidth impact, streaming traffic levels and more.

$

Riverbed Cascade

Visibility into end-to-end application delivery and network behavior analysis. Network flow data with application and user identification. Visibility into traditionally “blind” environments like optimized WANs and virtualized systems.

Advanced behavioral analytics identify abnormal activities. Automated, passive discovery and application dependency mapping. Relationship data constructs application delivery path between back-end servers in the data center and application users.

$$

OPNET ACE Live

Application response times segmented into server, network and application delays. Real-time component-level visibility across all servers in the application environment. Network tier visibility isolating end-to-end application transactions from activity introduced by WAN optimization devices.

Detailed real-time and historical information about performance, utilization, route quality, ISP performance and end-user response times. “What-if” predictive analysis for planning/ validating response time improvements in WAN optimized environments.

$$$

Procera PacketLogic

Proprietary identification engine detects the application in each individual data stream (flow, session or connection—even encrypted) via packet sequence in handshake, header information, protocol, actual payload, and other characteristics. Classifies even unidentified traffic based on its behavior: “interactive”, “streaming”, “random-looking” and “bulky”.

Traffic presented per local host (IP address) or per application. Can be grouped in objects and sub-objects to provide a comprehensive overview. Statistics module validates that traffic shaping policies provide the intended results.

$$$

VistaOne’s evaluation programs can help you choose the solution that best fits your organization’s network environment and specific needs. Armed with performance data from your actual network, you can reduce risk and identify optimal ROI.

Taking Control
Together with their traffic identification, automated bandwidth conservation and traffic acceleration features, the products mentioned above permit administrators to establish and enforce policies that green light, delay or block applications by type.

A policy architecture manages the rules that govern how and in what sequence network resources may be consumed by specific users, applications, or systems. It contains:

  • Policy clients: switches and routers running various queuing algorithms that process network traffic. Policy clients query policy servers for rules on handling traffic.
  • Policy servers: the central authority that interprets network policies and distributes them to policy clients.
  • Policy information system: the single source (usually a directory services database) where administrators specify usage policies for individuals, applications and systems.

The policy server uses protocols like LDAP (Lightweight Directory Access Protocol) or SQL to obtain this information and form policies that can be distributed to policy clients. Policy clients talk to policy servers via such network protocols as COPS (Common Open Policy Service) and SNMP (Simple Network Management Protocol). COPS is an intradomain mechanism for allocating bandwidth resources and it is being adapted for use in establishing policy associated with a Diff-Serv-capable networks.

Blue Coat
With Blue Coat’s Director appliance administrators can centrally create and manage application delivery policies for optimization and security. The need to change application policy can occur at any time: a CEO Webcast, a new security threat, response to a disaster or other network failure.

Administrators can use the Visual Policy Manager to create policy on the Director and distribute the change on the fly. They can store multiple policy templates making it easy to customize policies based on region, workgroup or myriad other characteristics. For more advanced users, policies can also be automated and distributed based on the powerful Content Policy Language (CPL).

PacketShaper’s Shaping Module also ensures QoS and provides latency-sensitive, business-critical applications with the bandwidth they need to perform at their peak using flexible policy-based controls.

IntelligenceCenter provides powerful application performance monitoring for PacketShaper appliances deployed across your entire system. By collecting, correlating and reporting on business critical applications, IntelligenceCenter empowers IT organizations to:

  1. Provide reports on application and network utilization.
  2. Ensure business critical applications meet service level agreements (SLAs).
  3. Track Voice over IP (VoIP) performance levels.
  4. Quickly identify and diagnose performance problems.
  5. Identify rogue applications on the network.

Riverbed
Cascade provides the ability to define and monitor authorized usage, security and performance policies. Policy violations generate alerts that reveal rich contextual information about the policy, the specifics of the violation, the affected users and possible mitigation actions. This unique policy-based approach allows customers to better support regulatory compliance, IT governance and business service best practices.

Again, a VistaOne evaluation can help you find the best solution or the best way to complement your existing investment.

Resources:

Controlling P2P in the Enterprise (Blue Coat)

Provide Centralized Configuration and Policy Management (Blue Coat)

Video: Charlotte County Public Schools Selects Blue Coat for WAN Optimization and Web Security

Universities Deploy Procera Hardware to Prioritize Network Traffic

Technology Primer: QoS and Bandwidth Management (Blue Coat)

Lehigh Valley Health Network Utilizes ACE Live™, ACE™ Analyst, and OPNET Panorama™ for End-to-End Application Performance Management

Riverbed Streamlines WAN Visibility and Reporting with Enhancements to its Cascade Appliances

Cascade Saves You Money (Riverbed)

The Riverbed Optimization System (RiOS) 5.0


 

 

Site Map
About VistaOne
Contact VistaOne
Legal & Privacy

Products
Blue Coat PacketShaper
Blue Coat Proxy SG
Exinda
Opnet
Palo Alto Networks
Procera
Riverbed Steelhead
Riverbed Cascade
Vineyard Networks 		Services
Evaluations
  Baseline Analysis
  Proof of Concept 
 Solution Evaluation
    Blue Coat
    PacketShaper Eval
    Blue Coat
    Proxy SG Eval
    Riverbed Steelhead Eval
    Exinda Eval
    Procera Eval
Professional Services
  Best Practices Audit  
  Two-Hour Tune Up
  Product Configuration
Support
  Blue Coat Support
  Riverbed Support

 Services (Continued)
Training
  Blue Coat Training
    Blue Coat Training
      Schedule
  Riverbed Training
    Riverbed Training
      Schedule

Solutions
Reduce IT Costs
Consolidate Data Centers
Accelerate Backups
Prioritize Network Traffic
Boost Mobile Worker Access
Comply with Regulations
Block Malware

© 2009, 2010 VistaOne Corporation