performanter und sicherer applikationbetrieb mit sd wan · what problems has microsoft seen with...
TRANSCRIPT
1 © 2018 Citrix | Confidential
MAY 24, 2019
© 2016 Citrix | Confidential
Performanter und sichererApplikationbetrieb mit SD Wan Intelligente Lösung für O365, SaaS und Apps aus dem eigenen RZ
Hans-Jörg FriedrichStrategic Partner Manager Networking
Central Europe
2 © 2016 Citrix | Confidential
AgendaWhy is there a need for SD Wan
What is SD Wan and what do I get
O365 as Use Case
SD-WAN and Office 365
ITM for Office 365
Summary
3 © 2016 Citrix | Confidential
Application explosion3
80% 80% 70%79%
In 2019, more than 80% of new applications will be distributed via the cloud
(IDC for AT&T)
Over 80% of employees use unapproved SaaS applications at work
(2018 McAfee)
Over 70% of bandwidth used by non-business critical
application(2018 Orange)
79% of organizations suffer application performance
problems(2018 BT)
Cloud Loss of control ?
4 © 2016 Citrix | Confidential
The WAN is impacted by changeDisruptions Impacting the Enterprise WAN
Explosion of bandwidth intensive applications
Dependence on always on connectivity
Growth in digital voice and video communications
Move of applications to cloud and SaaS
Security concerns at every level
Cost cutting and leaner IT staffs
Increase in virtualized applications and desktops
5 © 2016 Citrix | Confidential
…Wasn’t Designed for Internet Traffic Demands
Data Center
MPLS
Branch
Internet traffic on some enterprises’ MPLS networks
State of the WAN Report, Ashton Metzler & Associates, 2017
Up to 50%
6 © 2016 Citrix | Confidential
Citrix SD-WAN for HMC
Branch, Clinic or Store
Internetaccess
SWG
SaaSApplications
Cloud
Branch, Clinic or Store
Internetaccess
SaaSApplications
Cloud
SWG
DCCitrix SaaS Gateways
2Q18
Branch, Clinic or Store
Internetaccess
SaaSApplications
CloudAWS
Azure
7 © 2016 Citrix | Confidential
SD-WAN: Intelligent Path Control
MPLS
Internet
LTENetScaler SD-WAN NetScaler SD-WAN
Logical tunnel created by encapsulating in UDP
latency loss jitter cong.
latency loss jitter cong.
latency loss jitter cong.
latency loss jitter cong.
latency loss jitter cong.
latency loss jitter cong.
• The quality of every potential path is assessed with every packet, in each direction• QoS per Application; min/max bandwidth and priorization• Link aggregation/utilization• Security pattern user/app/location/device• Wan Optimization• Centralized Management • Z-Touch Deployment
Latency, loss, jitter, congestion and availability are monitored for each path and in each direction. And real traffic is used for the measurement, not probe data.
!
8 © 2016 Citrix | Confidential
Application-aware firewall with Centralized and Integrated Configuration
You can restrict which zones this application can come from and to
Control whether to allow, reject, or drop this traffic
Apply policies to groups of applications, individual applications, or subsets of traffic
within an application
9 © 2017 Citrix
Citrix SD-WAN – What do I get ?
Unified
Policies &
Management
Dynamic Path Control MPLS, Internet, LTE, Satelite1
2 Overlay RoutingFull Routing Capabilities
User Centric dependent on User/App/Location/DeviceSecurity Certificate Details
3
Wan Opt.Flow Control, De-Duplication and Acceleration4
Application Optimized Connectivity
Centralized ManagementOn Prem or Cloud Based5
10 © 2018 Citrix | Confidential
Citrix-Microsoft PartnershipFrom Desktop to Multi-Cloud Evolution
1989 July 2018 Sept 2018 Nov 2018
Virtual DesktopFor Windows
SD-WAN forAzure Virtual WAN
ADC forAzure DNS
SD-WAN forOffice 365
11 © 2018 Citrix | Confidential
Why Citrix SD-WAN for Office 365?
Accelerate Office 365 deployments through API
integration for automation
Routing of Internet traffic based on business policies
Lower latency for improved branch office user
experience
Faster Migration to Office 365 Improved User Experience Boost Workforce Productivity
© 2019 Citrix | Summit 2019 | Confidential – Content in this presentation is under NDA
Office 365—Traditional Enterprise Approach
Data CenterBranch
• All traffic is sent to the data center• Expensive• Slow
• All traffic has to be fully inspected for security• Poor use of resources
• Per Microsoft, latency must be <30 ms to O365 front door
{pi}
MPLS
ISP
13 © 2018 Citrix | Confidential
What problems has Microsoft seen with Office 365?Slide from Ignite 2018 conference (BRK3000)
“Existing internet connectivity to Office 365 will not be ‘good enough’ for most Office 365 usage scenarios”
Gartner
Network Design Best Practices for Office 365, August 2018
14 © 2018 Citrix | Confidential
Microsoft
Global
Network
aka.ms/pnc
© 2019 Citrix | Summit 2019 | Confidential – Content in this presentation is under NDA
Office 365 Use Cases
• Exchange Online
• Teams/Skype for Business
• SharePoint Online & OneDrive for Business
Per Microsoft, users should be <30 ms from the Office 365 front door
Branch MPLS Data Center
Backhauling through the data center?User complaints or performance issues?
Front-door
Front-door
Front-door
© 2019 Citrix | Summit 2019 | Confidential – Content in this presentation is under NDA
Skype for Business / Teams
© 2019 Citrix | Summit 2019 | Confidential – Content in this presentation is under NDA
Exchange Online
© 2019 Citrix | Summit 2019 | Confidential – Content in this presentation is under NDA
Sharepoint Online & OneDrive for Business
© 2019 Citrix | Summit 2019 | Confidential – Content in this presentation is under NDA
21 © 2018 Citrix | Confidential
Good connectivity is required for Office 365
Send directly where possible and recommend not to SSL break & inspect
Some endpoints will have URLs only
Some network latency is not expected to cause major performance issues
Microsoft hosted IPs and URLs
Expect slow rate of change
Should not SSL break & inspect the traffic to these endpoints
Recommend for local egress from the user’s location
Represents over 75% of Office 365 bandwidth
Direct network traffic similar to web browsing
Some endpoints clearly marked optional, lost functionality is described
May not be in Microsoft datacenters
Most endpoints will have URLs only
Standard Internet latency is okay
Office 365 IP & URL Categories
Optimize (Required)(~8 URLs)
Allow (Required)(~100 URLs)
Default (Optional)(Remaining URLs)
22 © 2018 Citrix | Confidential
Microsoft’s Office 365 Connectivity Principleshttps://docs.microsoft.com/en-us/office365/enterprise/office-365-network-connectivity-principles
23 © 2018 Citrix | Confidential
The New Approach: Identify Office 365 traffic using Microsoft APIs
ISP
Low priority / non/untrusted-O365 traffic
Branch
{api}
SD-WAN SD-WAN Data center
Microsoft global networkFront-door
• Optimal routing and traffic management• Local breakout direct to O365 front door• ID and categorize traffic– optimize, allow or
default• Reduced load on corporate resources
• Security devices• Network
• Higher productivity
24 © 2018 Citrix | Confidential
Resolve DNS locally on SD-WAN
Branch
DNS
SD-WAN SD-WAN
{api}
Low priority / non/untrusted-O365 traffic
Data center
ISP
Microsoft global networkFront-door
(Quad 9)
25 © 2018 Citrix | Confidential
Policy integration with Azure Virtual WAN
26 © 2018 Citrix | Confidential
Office 365 Policy Integration with Azure Virtual WAN
Citrix SD-WAN
Internet
Microsoft global
network
Branch
Virtual WAN
• Enable fetching of Office 365 policy settings in Azure Virtual WAN (via Azure Resource Center)
• Enable Office 365 detection and firewall rules to be added automatically
• SD-WAN then splits O365 traffic locally at branch for direct connectivity to the nearest Office 365 front door
Read more: https://bit.ly/2puHp2a
{api}
Azure Resource Manager
Front-door
ISP
27 © 2018 Citrix | Confidential
Simplified O365 Policy ConfigurationPolicy import from Azure
28 © 2018 Citrix | Confidential
• In some cases, if the latency penalty is small, it may be desirable to use Azure as an on-ramp to Office
• Why?
– In some areas of the world, latency on Internet connections varies wildly (50-200ms), far beyond typical “jitter”
– Some jurisdictions unpredictably restrict O365 traffic
• SD-WAN VPX in Azure provides additional functionality not possible with an asymmetric solution, esp. handling of link degradation (“brown-outs”) by leveraging two ISPs
• When? Use this approach if there is an Azure data center near the closest O365 front door to the branch office, when always-on connectivity to O365 is a requirement
Azure as an On-ramp to Office 365
Azure Network
SD-WAN VPX
Citrix SD-WAN
29 © 2018 Citrix | Confidential
Roadmap: Intelligent Traffic Management for O365
30 © 2018 Citrix | Confidential
Path selection using Citrix ITM
Citrix SD-WAN Citrix SD-WAN
Internet (DIA/DSL/Cable)
MPLS
CY’19
60 msISP245 ms
© Citrix – CONFIDENTIAL – The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.
Branch
Microsoft global network
ISP1
Front-door
31 © 2018 Citrix | Confidential
Overall Improvement in Office 365 Experience
Faster opening Word documents in Office Online
Faster opening PowerPoint documents in Office Online
Faster upload speeds Faster download speeds
Better call quality
32 © 2018 Citrix | Confidential