Unity EdgeConnect SaaS Optimization

The Unity EdgeConnect SD-WAN edge platform supports five SaaS Optimization pillars to deliver the highest quality of experience to SaaS application users

It’s no secret that the migration to Software-as-a-Service (SaaS) applications and public cloud Infrastructure-as-a-Service (IaaS) offers the enterprise a tremendous opportunity to improve business agility and productivity and lower costs. SaaS delivers the breadth, simplicity and affordability of packaged applications in a fraction of time and at a fraction of the cost of traditional models. But SaaS also changes the dynamics of IT. When applications were hosted in corporate data centers, routing all application traffic from the branch to the data center made sense. However, as the majority of applications are now hosted in public cloud infrastructure or delivered as SaaS, backhauling cloud-destined traffic back to the data center impairs application performance due to added latency. Ensuring high SaaS application performance over the internet is far more complicated than for conventional applications that run in the data center with access over MPLS services. Ensuring predictable SaaS application performance over the internet presents new challenges for IT, even in regions with highly developed internet infrastructure, and software-defined wide area network technologies have emerged to address them.

Ensuring predictable SaaS application performance over the internet presents new challenges for IT, even in regions with highly developed internet infrastructure, and software-defined wide area network technologies have emerged to address them.

This solution brief will outline five Silver Peak SaaS Optimization pillars that describe how the Unity EdgeConnect™ SD-WAN edge platform optimizes SaaS application traffic to ensure the highest cloud application performance and quality of experience for users.

Pillar #1: Cloud Intelligence, DNS Proxy and First-packet iQ

SaaS applications are constantly changing including the IP addresses used to access them. Programming ACLs for specific IPs is an unsustainable solution since IP addresses are deleted and re-provisioned continuously. Silver Peak Cloud Intelligence maintains a database of the IP addresses utilized by more than 10,000 SaaS applications and 300 million web domains. Silver Peak Unity Orchestrator™ centralized management software provides automated daily updates with the latest application definitions and IP information to EdgeConnect appliances, enabling branch sites to always send traffic to the optimal SaaS destination. This optimizes SaaS application performance and ensures users always experience the best SaaS application performance.

In order to reach SaaS applications, the DNS server must quickly resolve the names of the SaaS applications into IP addresses. With EdgeConnect, customers can reach DNS servers in close proximity to branch sites eliminating backhaul of the DNS request to the remote data centers where enterprise DNS servers are typically hosted. From the branch location itself, DNS requests can be made directly to global DNS servers, which reduces the impact of latency in establishing a SaaS application session, thereby improving SaaS application performance.

EdgeConnect appliances not only identify and classify applications, they do so with maximum efficiency. Silver Peak First-packet iQ™ enables identification and classification of application traffic on the first packet, enabling granular traffic steering (see Figure 1). From Orchestrator, customers can define custom traffic steering policies for each class of application. For example, Point of Sale (POS) traffic can be directed to the headquarter’s-based data center where a next-generation firewall performs security inspection since transaction handling software is hosted in the data center. However, Microsoft Office 365 traffic can be automatically steered directly over the internet to a local O365 point of presence to deliver better performance.

Additionally, application traffic requiring more thorough inspection can be steered to a cloud-delivered security service such as offered by Zscaler or Check Point, where comprehensive security checks can be applied before sending traffic to the appropriate destination. Application-aware traffic steering minimizes latency resulting in better application performance while ensuring enforcement of appropriate security policies.

Figure 1: First-packet iQ application identification and classification enables granular traffic steering to enforce application-specific QoS and security policies.

Pillar #2: Microsoft Office 365 REST API Integration

Enterprises can deliver unprecedented Office 365 application performance with EdgeConnect. With First-packet iQ application classification and automated integration with the new Microsoft Office 365 REST API, EdgeConnect enables secure internet breakout directly from the branch office to the closest Office 365 entry point using the latest Office 365 end-point data. Office 365 endpoint data is a global list of IP addresses and fully qualified domain names (FQDN) that is continuously updated and made available on a regular basis through the Office 365 REST API. With Office 365 REST API integration, Silver Peak continuously learns and discovers new Office 365 end points and/or IP addresses and automatically re-configures EdgeConnect if a new, closer Office 365 end point becomes available. By doing so, users always achieve optimal Office 365 connectivity and performance by reducing the round-trip time (RTT).

The EdgeConnect SD-WAN edge platform has been independently tested and certified to support the Microsoft Office 365 Connectivity Principles and provides reliable connections directly from branch office locations to the nearest Office 365 entry point (see Figure 2). As a result of the independent testing, the EdgeConnect platform has been inducted into the Microsoft 0ffice 365 Networking Partner Program and has been given the official “Works with Office 365” designation.

Figure 2: EdgeConnect enables secure internet breakout directly from the branch office to the closest Office 365 entry point using the latest Office 365 endpoint data.

Pillar #3: Intelligent Cloud Breakout

Most UCaaS service providers (e.g. Ring Central and 8x8) and many other SaaS applications like Dropbox, Box, Salesforce, Slack, Skype for Business and G Suite have deployed high-speed backbone connections with massive bandwidth between their data centers and leading IaaS platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). With intelligent cloud breakout, enterprises can deploy virtual EdgeConnect appliances in their public cloud IaaS instances. Connections between branch locations and the cloud benefit from Silver Peak path conditioning and optional Unity Boost™ WAN Optimization. This “ruggedizes” the first mile between the branch and the cloud, providing improved network quality as well as application performance and availability.

Figure 3: Two SD-WAN appliances work together to improve the performance and reliability of traffic in the “first mile” between the branch and the IaaS platform. High-speed backbone connections in the cloud improve network quality and performance over the “last mile” between the IaaS platform and the UCaaS data center.

As shown in Figure 3, the branch is utilizing two broadband connections to transport application traffic (although the branch could also be served by 4G/LTE, or MPLS connections). EdgeConnect continuously monitors the throughput, packet loss, latency and jitter across all transport services and adapts if performance falls below pre-defined thresholds. If a brownout or blackout occurs, the remaining link(s) continue to carry traffic such that users don’t notice any disruption to voice calls, audio and video conferences or any other application. The performance, quality and reliability of UCaaS and other SaaS application traffic between the branch office and the IaaS platform benefit from the advanced EdgeConnect SD-WAN features such as tunnel bonding, path conditioning, load balancing, dynamic path control and sub-second failover.

Silver Peak intelligent cloud breakout, not only improves the performance and reliability of traffic across the “first mile” from the branch office to the IaaS platform, but it also provides an opportunity to leverage a local high-speed backbone connection over the “last mile” to the UCaaS or SaaS provider.

Pillar #4: Support for Custom User-Defined Applications

Many organizations continue to support applications customized for internal use by the company that are hosted in the corporate data center. Users at branch locations typically access custom applications across an MPLS connection back to the data center. Such custom applications are critical for the enterprise and with EdgeConnect, customers can ensure optimal performance of these applications. From Orchestrator, IT can easily configure a custom application definition that enables EdgeConnect to identify it on the first packet (see Figure 4). The application definition may include parameters such as the destination IP address and TCP port number, protocol type (TCP or UDP) and other application identifying information within the packet header. Once the application signature has been programmed, EdgeConnect identifies and steers traffic as defined by the applicable business intent overlay (BIO). For instance, customers can create a policy that steers custom application traffic to the data center across an MPLS underlay as the primary transport service with broadband configured as the backup. This flexibility allows enterprises to manage the QoS and security policies for custom applications in the same manner as cloud applications, ensuring the highest performance and availability.

Pillar #5: Intelligent Internet Breakout

Often enterprises provision two or more WAN links from remote branch sites to increase network and application availability and performance. These links are used for breaking out traffic locally at each branch. To optimize utilization of the provisioned WAN internet links and to optimize SaaS application performance, EdgeConnect continuously monitors the performance of all of the links serving the branch. EdgeConnect uses statistical learning based on jitter, latency, loss and MOS on all provisioned internet links to dynamically determine which link is performing the best before sending traffic. This optimizes internet break out traffic to deliver the optimal SaaS and cloud application performance (see Figure 5). Configuring these policies is fully automated within Orchestrator and doesn't require any manual configuration. The Orchestrator also enables configuration of an automated policy for finding the best path for that traffic over the SD-WAN fabric, across MPLS or another WAN service, in the rare case that both underlying internet links are underperforming or unavailable (see Figure 6).

Figure 4: EdgeConnect identifies custom applications for internal use by the company on the first packet.

Delivering the highest SaaS application performance and end-user quality of experience is critical for businesses to remain competitive. The five Silver Peak SaaS Optimization pillars highlighted in this solution brief work in harmony to ensure that no matter which SaaS and cloud applications an enterprise deploys, the EdgeConnect SD-WAN will deliver the highest SaaS and cloud application performance for end users.

Figure 5: To optimize utilization of the provisioned WAN internet links (ISP 1 and ISP 2), EdgeConnect monitors the performance of the two links by continuously measuring the packet loss, jitter, latency and mean opinion score (MOS) in real-time. Using statistical learning, EdgeConnect dynamically select ISP 1 to send traffic to the SaaS application.
Figure 6: If both ISP 1 and ISP 2 connections become unavailable, EdgeConnect automatically chooses the configured backup transport service that backhauls traffic through the data center.
Categories: 
Appliance, Application Visibility & Control, Best Practices, Business Intent Overlays, Cloud Intelligence, Customer, Dynamic Path Control, EdgeConnect, Internet Breakout, Latency, Measuring Results, Path Conditioning, Real-Time Monitoring, Replication Acceleration, SD-WAN, Security, Unity Architecture, Unity Boost, Unity Orchestrator