zscaler: secrets to optimize office 365 performance

21

Upload: arthel-bibbens-cissp

Post on 21-Jan-2018

35 views

Category:

Technology


5 download

TRANSCRIPT

©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2 ©2017 Zscaler, Inc. All rights reserved.

Secrets to Optimize Office 365 PerformanceDhawal Sharma | Director, Products

©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION3

Zscaler: The Market Leader in Cloud Security

Enterprise Customers

2,700 CUSTOMERS

Over 80 of the Fortune 500

Global Partners

100Data centers

35BDaily requests

185Countries served

Cloud Scale

Largest Cloud Security Platform in the World

Mature Global Cloud Operations

700+Office 365 customers

2881 TBOffice 365 traffic processed per

month and growing

108 TBOffice 365 traffic processed

per month for one customer

70% of Fortune 500 companies have purchased Office 365

Office 365 traffic growth and Scalability1.5 billion Office 365 requests daily

Elastic scale: Mailbox migration from a large customer

27 X Growth Over 3 years

Microsoft’s Connectivity Guidance for Office 365

1. Local Network Egress as close to user as possible

2. Unhindered access to Microsoft

3. Local DNS resolution

4. Optimized connectivity to Microsoft’s global network

TechNet Blog: bit.ly/ZscalerO365

Legacy Hub and Spoke the WRONG approach

• Cloud apps are designed for direct access

• Hub and Spoke Networks adds unnecessary latency

• User experience for Office 365 is compromised

• Costly are increased due to MPLS links

DC Apps

HQ/IOT San FranciscoNew York

Paris London

Local Network Egress

Zscaler transforms your network by letting you break free from Hub-and-Spoke networks

DC Apps

HQ/IOT

• Highly complex to configure correctly

• Need to perform NGFW capacity assessment – long lived, high throughput connection

• Need to assess WAN latency

San FranciscoNew York

Paris London

ExpressRoute

Hub-and-spoke with ExpressRoute

“Microsoft has a review policy… ensure that all parties are aware of the 2-6 months of planning, extra complexity…”

ExpressRoute for Office requires Microsoft approvalComplex and adds extra planning

Local Network Egress

Zscaler enables local internet breakouts for optimized Office 365 connectivity

Increased load on firewalls and proxies

Outlook connections per

user

• Office 365 creates a high number of long-lived sessions that quickly exhaust firewall ports (we’ve seen between 8-20 connections per user)

• Around 2,000 clients can be supported by a single public IP safely (may require architectural changes)

• Office 365 use will require more than Web browsing (ports 80 / 443) – uses ephemeral ports

IMPACT ON THE USER EXPERIENCE

Random hangs and connection issues (Outlook in a disconnected state)

Local Network Egress

The Zscaler Cloud Platform provides unlimited capacity and elastically scales by demand

Local DNS resolution eliminates latency

LOCAL DNS

San Jose User > San Jose DNS > San Jose O365

Shortest path, fewer hops = faster user experience

Latency: 12ms

Centralized DNS

San Jose user > LA > Denver > Austin > Atlanta O365

Lots of hops increases: slower user experience

Latency: 158ms (22ms+36ms+48ms+52ms)

Los AngelesRTT=22 ms

AustinRTT=48 ms

AtlantaRTT=52 ms

DenverRTT=36 ms

San JoseRTT=12 ms

Local DNS

Local DNS

Centralized DNS

O365 Connection

O365 Connection

Zscaler’s 100 Data Centers always provide a local DNS connection no matter User location

Los Angeles Dallas

Denver

Toronto

New YorkWashington DC

AtlantaMiami

Paris

Sao PauloJohannesburg

LondonAmsterdam

Oslo

Brussels Frankfurt

Gdansk

StockholmMoscow

Mumbai

Singapore

Sydney

Hong Kong

TokyoMadrid

TaipeiDubaiRiyadh

CairoKuwait City

Kuala Lumpur

Cape Town

San FranciscoChicago

Lagos

Tel Aviv

Milan

Copenhagen

Melbourne

Zurich

Chennai

Tiajin

ManilaDoha

Abu Dhabi

Jeddah

Al Khobar

Warsaw

30B+Requests / day

125M+Threats blocked /

day

120K+Unique security updates / day

Zscaler peers with Office 365 in major DCs

100 DATA CENTERS – 5 CONTINENTS

Secure

On-going thirdparty testing

CertifiedReliableRedundancy within and

failover across DCs

TransparentTrust Portal for service availability monitoring

O365 Peering Data Center

Optimized ConnectivityUnhindered Access

Seattle

Zscaler Office 365 One-click configuration

• Automatically configures a white list, exempting Office 365 traffic from authentication and SSL decryption, as recommended by Microsoft.

• Zscaler fingerprints all Office 365 applications; you won't have to worry about any URL and IP changes in the Office 365 applications.

Unhindered Access

How well is Office 365 being adopted by your users?

Low Office 365 traffic in NY despite

being one of the largest offices – user

issues?

John in IT and Kyle in Marketing are the

top users

OneDrive traffic is low – is Box still

being used?

Real-time traffic volume trending

Zscaler Bandwidth ControlEnsuring Office 365 traffic is prioritized over YouTube

Office365 guaranteed 40%YouTube capped at 10%

• Policies are defined in a single console and immediately enforced globally

• Policies are enforced in the cloud, before the last mile bottleneck

• Window shaping and bandwidth throttling deliver a smooth user experience

©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION15

Direct to InternetBlock the bad, protect the good

The best approach for SD-WAN and Office 365

Zscaler Internet Access – Fast, secure access to the Internet and SaaS

Data CenterAPPSMPLS

HQMOBILEBRANCHIOT

Your security stack as a service

Data Loss PreventionCloud Apps (CASB)File Type Controls

Data Protection

Cloud FirewallURL FilteringBandwidth ControlDNS Filtering

Access ControlAdv. ProtectionCloud SandboxAnti-VirusDNS Security

Threat PreventionReal-time policy enginePolices follow the userChanges are immediately enforced, worldwide

Business analyticsGlobal visibility into apps and threats blockedIdentify botnet infected machines for remediation

Real-time policy and analytics

SaaS Open Internet

Enable Office 365 ✔

1. Microsoft recommended deployment model (700+ customers)

2. Best possible user experience (fast response times)

3. Rapid deployment (no upgrades, configuration changes)

4. Investment protection and cost avoidance (no hardware or backhaul)

5. Visibility into all Internet traffic within seconds (single console)

Zscaler for Office 365: Five Reasons why

©2017 Zscaler, Inc. All rights reserved.17

Your Users Deserve Better.Run Office 365 successfully

Learn How at Booth 1936.

©2017 Zscaler, Inc. All rights reserved.18©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.

©2017 Zscaler, Inc. All rights reserved.19

• Causing WAN congestion

• Sessions were overwhelming firewalls

• Deploying UTMs or NGFWs was prohibitively expensive and complex (650 locations)

CHALLENGES

• Local Internet breakouts for a fast connection

• Cloud Firewall – elastic scale to handle the increase number of connections

• Bandwidth Control for Office 365 prioritization

SOLUTION

17B monthly transactions

700+ successful customer deployments and growing

1.2PB of traffic processed monthly (Oct. 2016)

Office 365 is finally the highest use – not YouTube

40% of bandwidth reserved for O365 during periods of

contention

YouTube capped at 20%

WAN transformation: Fast Office 365 experience

©2017 Zscaler, Inc. All rights reserved.20

https://aka.ms/ignite.mobileapp

https://myignite.microsoft.com/evaluations