The Unity EdgeConnect SD-WAN edge platform supports five SaaS Optimization pillars to deliver the highest quality of experience to SaaS application users
It’s no secret that the migration to Software-as-a-Service (SaaS) applications and public cloud Infrastructure-as-a-Service (IaaS) offers the enterprise a tremendous opportunity to improve business agility and productivity and lower costs. SaaS delivers the breadth, simplicity and affordability of packaged applications in a fraction of time and at a fraction of the cost of traditional models. But SaaS also changes the dynamics of IT. When applications were hosted in corporate data centers, routing all application traffic from the branch to the data center made sense. However, as the majority of applications are now hosted in public cloud infrastructure or delivered as SaaS, backhauling cloud-destined traffic back to the data center impairs application performance due to added latency. Ensuring high SaaS application performance over the internet is far more complicated than for conventional applications that run in the data center with access over MPLS services. Ensuring predictable SaaS application performance over the internet presents new challenges for IT, even in regions with highly developed internet infrastructure, and software-defined wide area network technologies have emerged to address them.
Ensuring predictable SaaS application performance over the internet presents new challenges for IT, even in regions with highly developed internet infrastructure, and software-defined wide area network technologies have emerged to address them.
This solution brief will outline five Silver Peak SaaS Optimization pillars that describe how the Unity EdgeConnect™ SD-WAN edge platform optimizes SaaS application traffic to ensure the highest cloud application performance and quality of experience for users.
Pillar #1: Cloud Intelligence, DNS Proxy and First-packet iQ
SaaS applications are constantly changing including the IP addresses used to access them. Programming ACLs for specific IPs is an unsustainable solution since IP addresses are deleted and re-provisioned continuously. Silver Peak Cloud Intelligence maintains a database of the IP addresses utilized by more than 10,000 SaaS applications and 300 million web domains. Silver Peak Unity Orchestrator™ centralized management software provides automated daily updates with the latest application definitions and IP information to EdgeConnect appliances, enabling branch sites to always send traffic to the optimal SaaS destination. This optimizes SaaS application performance and ensures users always experience the best SaaS application performance.
In order to reach SaaS applications, the DNS server must quickly resolve the names of the SaaS applications into IP addresses. With EdgeConnect, customers can reach DNS servers in close proximity to branch sites eliminating backhaul of the DNS request to the remote data centers where enterprise DNS servers are typically hosted. From the branch location itself, DNS requests can be made directly to global DNS servers, which reduces the impact of latency in establishing a SaaS application session, thereby improving SaaS application performance.
EdgeConnect appliances not only identify and classify applications, they do so with maximum efficiency. Silver Peak First-packet iQ™ enables identification and classification of application traffic on the first packet, enabling granular traffic steering (see Figure 1). From Orchestrator, customers can define custom traffic steering policies for each class of application. For example, Point of Sale (POS) traffic can be directed to the headquarter’s-based data center where a next-generation firewall performs security inspection since transaction handling software is hosted in the data center. However, Microsoft Office 365 traffic can be automatically steered directly over the internet to a local O365 point of presence to deliver better performance.
Additionally, application traffic requiring more thorough inspection can be steered to a cloud-delivered security service such as offered by Zscaler or Check Point, where comprehensive security checks can be applied before sending traffic to the appropriate destination. Application-aware traffic steering minimizes latency resulting in better application performance while ensuring enforcement of appropriate security policies.
Pillar #2: Microsoft Office 365 REST API Integration
Enterprises can deliver unprecedented Office 365 application performance with EdgeConnect. With First-packet iQ application classification and automated integration with the new Microsoft Office 365 REST API, EdgeConnect enables secure internet breakout directly from the branch office to the closest Office 365 entry point using the latest Office 365 end-point data. Office 365 endpoint data is a global list of IP addresses and fully qualified domain names (FQDN) that is continuously updated and made available on a regular basis through the Office 365 REST API. With Office 365 REST API integration, Silver Peak continuously learns and discovers new Office 365 end points and/or IP addresses and automatically re-configures EdgeConnect if a new, closer Office 365 end point becomes available. By doing so, users always achieve optimal Office 365 connectivity and performance by reducing the round-trip time (RTT).
The EdgeConnect SD-WAN edge platform has been independently tested and certified to support the Microsoft Office 365 Connectivity Principles and provides reliable connections directly from branch office locations to the nearest Office 365 entry point (see Figure 2). As a result of the independent testing, the EdgeConnect platform has been inducted into the Microsoft 0ffice 365 Networking Partner Program and has been given the official “Works with Office 365” designation.
Pillar #3: Intelligent Cloud Breakout
Most UCaaS service providers (e.g. Ring Central and 8x8) and many other SaaS applications like Dropbox, Box, Salesforce, Slack, Skype for Business and G Suite have deployed high-speed backbone connections with massive bandwidth between their data centers and leading IaaS platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). With intelligent cloud breakout, enterprises can deploy virtual EdgeConnect appliances in their public cloud IaaS instances. Connections between branch locations and the cloud benefit from Silver Peak path conditioning and optional Unity Boost™ WAN Optimization. This “ruggedizes” the first mile between the branch and the cloud, providing improved network quality as well as application performance and availability.
As shown in Figure 3, the branch is utilizing two broadband connections to transport application traffic (although the branch could also be served by 4G/LTE, or MPLS connections). EdgeConnect continuously monitors the throughput, packet loss, latency and jitter across all transport services and adapts if performance falls below pre-defined thresholds. If a brownout or blackout occurs, the remaining link(s) continue to carry traffic such that users don’t notice any disruption to voice calls, audio and video conferences or any other application. The performance, quality and reliability of UCaaS and other SaaS application traffic between the branch office and the IaaS platform benefit from the advanced EdgeConnect SD-WAN features such as tunnel bonding, path conditioning, load balancing, dynamic path control and sub-second failover.
Silver Peak intelligent cloud breakout, not only improves the performance and reliability of traffic across the “first mile” from the branch office to the IaaS platform, but it also provides an opportunity to leverage a local high-speed backbone connection over the “last mile” to the UCaaS or SaaS provider.
Pillar #4: Support for Custom User-Defined Applications
Many organizations continue to support applications customized for internal use by the company that are hosted in the corporate data center. Users at branch locations typically access custom applications across an MPLS connection back to the data center. Such custom applications are critical for the enterprise and with EdgeConnect, customers can ensure optimal performance of these applications. From Orchestrator, IT can easily configure a custom application definition that enables EdgeConnect to identify it on the first packet (see Figure 4). The application definition may include parameters such as the destination IP address and TCP port number, protocol type (TCP or UDP) and other application identifying information within the packet header. Once the application signature has been programmed, EdgeConnect identifies and steers traffic as defined by the applicable business intent overlay (BIO). For instance, customers can create a policy that steers custom application traffic to the data center across an MPLS underlay as the primary transport service with broadband configured as the backup. This flexibility allows enterprises to manage the QoS and security policies for custom applications in the same manner as cloud applications, ensuring the highest performance and availability.
Pillar #5: Intelligent Internet Breakout
Often enterprises provision two or more WAN links from remote branch sites to increase network and application availability and performance. These links are used for breaking out traffic locally at each branch. To optimize utilization of the provisioned WAN internet links and to optimize SaaS application performance, EdgeConnect continuously monitors the performance of all of the links serving the branch. EdgeConnect uses statistical learning based on jitter, latency, loss and MOS on all provisioned internet links to dynamically determine which link is performing the best before sending traffic. This optimizes internet break out traffic to deliver the optimal SaaS and cloud application performance (see Figure 5). Configuring these policies is fully automated within Orchestrator and doesn't require any manual configuration. The Orchestrator also enables configuration of an automated policy for finding the best path for that traffic over the SD-WAN fabric, across MPLS or another WAN service, in the rare case that both underlying internet links are underperforming or unavailable (see Figure 6).
Delivering the highest SaaS application performance and end-user quality of experience is critical for businesses to remain competitive. The five Silver Peak SaaS Optimization pillars highlighted in this solution brief work in harmony to ensure that no matter which SaaS and cloud applications an enterprise deploys, the EdgeConnect SD-WAN will deliver the highest SaaS and cloud application performance for end users.