zscaler: secrets to optimize office 365 performance
TRANSCRIPT
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2 ©2017 Zscaler, Inc. All rights reserved.
Secrets to Optimize Office 365 PerformanceDhawal Sharma | Director, Products
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION3
Zscaler: The Market Leader in Cloud Security
Enterprise Customers
2,700 CUSTOMERS
Over 80 of the Fortune 500
Global Partners
100Data centers
35BDaily requests
185Countries served
Cloud Scale
Largest Cloud Security Platform in the World
Mature Global Cloud Operations
700+Office 365 customers
2881 TBOffice 365 traffic processed per
month and growing
108 TBOffice 365 traffic processed
per month for one customer
70% of Fortune 500 companies have purchased Office 365
Office 365 traffic growth and Scalability1.5 billion Office 365 requests daily
Elastic scale: Mailbox migration from a large customer
27 X Growth Over 3 years
Microsoft’s Connectivity Guidance for Office 365
1. Local Network Egress as close to user as possible
2. Unhindered access to Microsoft
3. Local DNS resolution
4. Optimized connectivity to Microsoft’s global network
TechNet Blog: bit.ly/ZscalerO365
Legacy Hub and Spoke the WRONG approach
• Cloud apps are designed for direct access
• Hub and Spoke Networks adds unnecessary latency
• User experience for Office 365 is compromised
• Costly are increased due to MPLS links
DC Apps
HQ/IOT San FranciscoNew York
Paris London
Local Network Egress
Zscaler transforms your network by letting you break free from Hub-and-Spoke networks
DC Apps
HQ/IOT
• Highly complex to configure correctly
• Need to perform NGFW capacity assessment – long lived, high throughput connection
• Need to assess WAN latency
San FranciscoNew York
Paris London
ExpressRoute
Hub-and-spoke with ExpressRoute
“Microsoft has a review policy… ensure that all parties are aware of the 2-6 months of planning, extra complexity…”
ExpressRoute for Office requires Microsoft approvalComplex and adds extra planning
Local Network Egress
Zscaler enables local internet breakouts for optimized Office 365 connectivity
Increased load on firewalls and proxies
Outlook connections per
user
• Office 365 creates a high number of long-lived sessions that quickly exhaust firewall ports (we’ve seen between 8-20 connections per user)
• Around 2,000 clients can be supported by a single public IP safely (may require architectural changes)
• Office 365 use will require more than Web browsing (ports 80 / 443) – uses ephemeral ports
IMPACT ON THE USER EXPERIENCE
Random hangs and connection issues (Outlook in a disconnected state)
Local Network Egress
The Zscaler Cloud Platform provides unlimited capacity and elastically scales by demand
Local DNS resolution eliminates latency
LOCAL DNS
San Jose User > San Jose DNS > San Jose O365
Shortest path, fewer hops = faster user experience
Latency: 12ms
Centralized DNS
San Jose user > LA > Denver > Austin > Atlanta O365
Lots of hops increases: slower user experience
Latency: 158ms (22ms+36ms+48ms+52ms)
Los AngelesRTT=22 ms
AustinRTT=48 ms
AtlantaRTT=52 ms
DenverRTT=36 ms
San JoseRTT=12 ms
Local DNS
Local DNS
Centralized DNS
O365 Connection
O365 Connection
Zscaler’s 100 Data Centers always provide a local DNS connection no matter User location
Los Angeles Dallas
Denver
Toronto
New YorkWashington DC
AtlantaMiami
Paris
Sao PauloJohannesburg
LondonAmsterdam
Oslo
Brussels Frankfurt
Gdansk
StockholmMoscow
Mumbai
Singapore
Sydney
Hong Kong
TokyoMadrid
TaipeiDubaiRiyadh
CairoKuwait City
Kuala Lumpur
Cape Town
San FranciscoChicago
Lagos
Tel Aviv
Milan
Copenhagen
Melbourne
Zurich
Chennai
Tiajin
ManilaDoha
Abu Dhabi
Jeddah
Al Khobar
Warsaw
30B+Requests / day
125M+Threats blocked /
day
120K+Unique security updates / day
Zscaler peers with Office 365 in major DCs
100 DATA CENTERS – 5 CONTINENTS
Secure
On-going thirdparty testing
CertifiedReliableRedundancy within and
failover across DCs
TransparentTrust Portal for service availability monitoring
O365 Peering Data Center
Optimized ConnectivityUnhindered Access
Seattle
Zscaler Office 365 One-click configuration
• Automatically configures a white list, exempting Office 365 traffic from authentication and SSL decryption, as recommended by Microsoft.
• Zscaler fingerprints all Office 365 applications; you won't have to worry about any URL and IP changes in the Office 365 applications.
Unhindered Access
How well is Office 365 being adopted by your users?
Low Office 365 traffic in NY despite
being one of the largest offices – user
issues?
John in IT and Kyle in Marketing are the
top users
OneDrive traffic is low – is Box still
being used?
Real-time traffic volume trending
Zscaler Bandwidth ControlEnsuring Office 365 traffic is prioritized over YouTube
Office365 guaranteed 40%YouTube capped at 10%
• Policies are defined in a single console and immediately enforced globally
• Policies are enforced in the cloud, before the last mile bottleneck
• Window shaping and bandwidth throttling deliver a smooth user experience
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION15
Direct to InternetBlock the bad, protect the good
The best approach for SD-WAN and Office 365
Zscaler Internet Access – Fast, secure access to the Internet and SaaS
Data CenterAPPSMPLS
HQMOBILEBRANCHIOT
Your security stack as a service
Data Loss PreventionCloud Apps (CASB)File Type Controls
Data Protection
Cloud FirewallURL FilteringBandwidth ControlDNS Filtering
Access ControlAdv. ProtectionCloud SandboxAnti-VirusDNS Security
Threat PreventionReal-time policy enginePolices follow the userChanges are immediately enforced, worldwide
Business analyticsGlobal visibility into apps and threats blockedIdentify botnet infected machines for remediation
Real-time policy and analytics
SaaS Open Internet
Enable Office 365 ✔
1. Microsoft recommended deployment model (700+ customers)
2. Best possible user experience (fast response times)
3. Rapid deployment (no upgrades, configuration changes)
4. Investment protection and cost avoidance (no hardware or backhaul)
5. Visibility into all Internet traffic within seconds (single console)
Zscaler for Office 365: Five Reasons why
©2017 Zscaler, Inc. All rights reserved.17
Your Users Deserve Better.Run Office 365 successfully
Learn How at Booth 1936.
©2017 Zscaler, Inc. All rights reserved.18©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.
©2017 Zscaler, Inc. All rights reserved.19
• Causing WAN congestion
• Sessions were overwhelming firewalls
• Deploying UTMs or NGFWs was prohibitively expensive and complex (650 locations)
CHALLENGES
• Local Internet breakouts for a fast connection
• Cloud Firewall – elastic scale to handle the increase number of connections
• Bandwidth Control for Office 365 prioritization
SOLUTION
17B monthly transactions
700+ successful customer deployments and growing
1.2PB of traffic processed monthly (Oct. 2016)
Office 365 is finally the highest use – not YouTube
40% of bandwidth reserved for O365 during periods of
contention
YouTube capped at 20%
WAN transformation: Fast Office 365 experience
©2017 Zscaler, Inc. All rights reserved.20
https://aka.ms/ignite.mobileapp
https://myignite.microsoft.com/evaluations