With the 2012 Summer Olympics games right around the corner, it's a good time for IT to assess network traffic and data center technologies, as well as re-prioritize bandwidth: Will increased use of cloud services require a reallocation of bandwidth for essential applications?
Virtualization, cloud computing and consolidation in the data center are the main drivers for IT to consider WAN traffic prioritization policies, says Rocky Giglio, director of Microsoft and VMware practices, at Arraya Solutions. "You have to look at the networks in your data center and LAN links, routers, switches--how old are they and when were they last replaced?" he says. As part of the assessment, IT must talk to the business units and find out what their goals are, says Giglio.
"The cloud is all about service levels," regardless of whether the enterprise wants to deploy public or private clouds, he says. So it's critical to find out what the applications' needs are and what types of technologies the business units need to support those apps. "Figuring out what the challenges are for the business as it grows, whether the equipment is the same as when they started, and the business doesn't have enough capacity to handle needs of remote users--all those things come into an assessment," as well as what is driving the business to consider the cloud, he says. But with the Olympics games around the corner, it's safe to assume users will be streaming video across the corporate network, and IT needs to determine what to allow and what to cut off.
"For my money, the best way to get a handle on choking off non-work-related apps is to deploy a firewall with application control capabilities," says Randy George, a senior systems analyst with the Boston Red Sox and an InformationWeek contributing author. "You can go with something trendy out in front, like a Palo Alto Networks firewall, but most enterprise firewalls have a pretty good level of app ID and app control built in nowadays."
For example, he says, the team's Check Point firewall now has software blades for DLP, URL filtering and application control. This enables him to easily create a security policy that can outright prevent, or just log and alert on, the usage on thousands of known applications and sites.
"This really isn't a hard problem to solve technology-wise--it's a harder problem to solve politically. Users always feel entitled to use whatever applications they want," he says. Application and URL control can be accomplished via a strong group policy or client-side third-party tools, but the most scalable way to accomplish that is with a gateway technology like a firewall, he says.
There are cloud providers that will also offer application and URL control, assuming the business is OK with proxying all of its outbound traffic through a third-party Web security provider, he says. "Most Web security players offer hybrid deployment scenarios where an appliance sits on-site in the case where connection count needs to scale," says George. In that instance, IT could also use a product like Websense to handle app and URL control for a corporate location, and a Websense proxy client for remote access users.
Giglio says video and voice traffic, along with replication and storage, definitely have greater emphasis for his clients during WAN traffic prioritization compared with other traffic. "This is done most commonly with QoS policies in the switches and routers," he says. "While QoS is important in any data center, it is that much more important with the move to virtualization and 10-Gbit Ethernet. Both of these technologies mean that more traffic types are sharing the same links and creating a potential quality-of-service loss if one type of traffic is consuming more than its fair share." Fibre Channel over Ethernet (FCoE) is becoming more popular with 10 Gigabit Ethernet, as well, says Giglio, and this storage traffic has to be protected or all applications could be affected.
Once a business has determined what the priorities are, IT can then create the required classifications to protect the various cloud traffic flows, says Giglio. "As the industry realizes the importance of QoS in the cloud, you are seeing support for standards-based flow controls in virtual switches from VMware and Cisco, and others will be following suit soon."
Additionally, traffic analyzers can help determine if QoS policies are being enforced or if they need to be adjusted, he says. "While you can manually assess and create policies, the dynamic loads of a private or public cloud system will require constant monitoring and possibly changes to ensure the highest levels of service."