Branch Office Automation

Branch offices are the extension of an organization, which help improve

customer reach. An organization's image and the impression in the minds of its

customers is directly linked to the quality of its branch office. As branch

offices deal directly with customers, and are responsible for bringing in

business, they need to be agile and efficient, else it could lead to delays in

clearing customer orders, which translates into direct business loss. In today's

competitive scenario, it's not possible to make a branch office efficient

without using IT. An organization, therefore, must incorporate branch office

automation in its IT strategy. The trouble is that branch offices are not given

as much attention as the main corporate office. So while an organization might

have a swanky corporate office lass with the latest IT infrastructure, it may

have poor IT infrastructure in its branch offices. In this story, we'll talk

about how to automate a branch office, and the key challenges involved in doing

so.

There are several ways of automating a branch office. By definition, branch

office automation is IT enabling your branch office in such a manner that you

can control and sync it with your central datacenter. The essence of branch

office automation (BOA) is that virtually all offices should be on the same

network sharing a common resource pool. This can only happen if you have a well

managed WAN infrastructure. For that to happen, you would need to take care of

bandwidth, connectivity, security and data availability. We'll briefly talk

about these areas before we move on to the actual implementation.

Connectivity: The first goal is to find a suitable connectivity

solution. This may not be too much of a problem with branch offices in metros,

but it could become an issue for other locations. The ISP may or may not provide

services there, or may provide them through a third party. In such a case,

defining the SLA can become very difficult. Make sure that you sign an SLA with

the ISP and get a minimum guaranteed uptime. Depending upon the size and

importance of a branch office, you should keep a backup link ready that can be

used in case the primary link fails. You will find that this turns out to be far

cheaper than actually putting an SLA in place. And the fringe benefit which you

will get in this case will be that you can use all the lines in Active-Active

failover and even aggregate them to get better bandwidth. When one goes down you

still have the minimal required connectivity available.

For places where there's no ISP, such as rural areas, the most feasible

option today is a VSAT. The satellite connections generally come with SLAs and

the recurring cost is pretty cheap. The key concern in VSATs is high

installation cost, which can run into several Lakhs.

From the ISA interface, start the new access rule wizard to define protocol/ protocols on which you want to enable compression

Security: While deploying a connection between your BOs and HO, you

need to ensure that the data flowing across this is secure. So, the solution is

nothing but encryption. Whatever you send, let it be mail, files or just

Intranet traffic, remember to deploy some kind of encryption mechanism on top of

it. One option would be to use VPN over your WAN links. But if because of some

reasons you are not able to do so then try encrypting the protocols that are

carrying the most critical data.

The other security concern for a BO will be enforcing local security policies

across all systems in branch offices. For this, you need something that can push

policies across the machines in your branch offices. Microsoft's Windows 2003

Server R2 in conjunction with  Internet Acceleration Server can provide

this functionality as well as a firewall.

Availability: This is the most important part of a branch office. As

the branch office is connected to the head office, it must always have access to

the most up to date data. This could be the latest HR details, your corporate

intranet, your sales proposals, and anything else. One way of making this data

available could be through a VPN. But then, if there's a lot of data, then

bandwidth concerns need to be taken care of. A key enabler for availability over

WAN can be DFS replication. This is essentially a Windows 2003 R2 feature which

does replication scheduling and bandwidth throttling. It uses RDC (remote

differential compression) algorithm. RDC is a client-server protocol that is

used to update files over a limited-bandwidth network. RDC can detect

insertions, re-arrangements of data in files in turn enabling DFS Replication to

replicate only the changed file blocks when files are updated. Another feature

called Cross-file RDC reduces the  b/w required to replicate new files.

Bandwidth: This is something which you can never have enough of. The

more you get the more you need. So in case of WANs, the trick is not in getting

more bandwidth but in optimizing its usage. There are multiple ways of doing

that. The best thing is to use a WAN accelerator. There are quite a few WAN

accelerator appliances available in the market. And you can even build one by

using MS Windows 2003 R2 Server with ISA Server. In this article, we will see

how to do HTTP compression using ISA Server. The key role of a WAN accelerator

is to enhance the performance of the WAN connection. It does using several

different technologies like data and protocol compression, data indexing, data

caching, protocol optimization, etc.

Using HTTP compression in IAS, you can compress all types of data like HTML, Text and multimedia files

A WAN accelerator is capable of actually compressing protocols such as RDP

and HTTP when it actually leaves the LAN and enters the WAN. Data reduction is

achieved by indexing the data that it is to be sent across and then by only

sending the parts which are being modified. WAN accelerators are also capable of

optimizing protocols by reducing round trips of acknowledgments done by some

chatty protocols such as CIFS and by doing flow control for protocols such as

TCP. Now let's do some hands on and see how it works.

Compression using ISA



Let's suppose that you have a website hosted at the intranet of your HO and you
want to deploy some technology by which you can actually reduce the amount of

traffic between HO and BOs. And if you are using Internet Security and

Acceleration Server 2006 as your firewall and Proxy, then you don't need

anything else to achieve the goal. Let's see how to set it up.

The scenario is very simple. You have a web server configured. This web

server can be hosted on the Internet or can be sitting on an Extranet which is

your corporate WAN.

The web server machine can have any application running such as IIS, Apache

or whatever you like. Till it is serving HTTP traffic, the compression will

happen. Now you have a BO, where, as a Firewall and Proxy server you are using

ISA 2006 on top Windows 2003 server. And of course you have a few clients inside

the LAN which can access the web site through the IAS proxy. The process is

pretty simple and you can create such a process for testing by using just three

machines. And that's exactly what we did.

Using HTTP compression in IAS, you can compress all types of data like HTML, Text and multimedia files

The setup



We suppose that you already know how to install ISA server on top of a Windows
2003 machine and do basic Firewalling with it. So we are not going into detail

on how to do so in this article. The second thing which we are assuming is that

you already know how to setup a web server by using IIS. The only thing which

you have to check while you setup the webserver is to check one htm or html file

which you are going to access through the IAS server, for size. So that, you can

check later on, whether it had really compression the file or not.

As your IIS and ISA servers are ready with the basic configurations, go to

the IAS server and start the ISA Server Management console from Program Files.

Now, select the machine name of the server from the left pane and then click on

the “Firewall Policy” option. Now click on the “Default Rule” and then at the

right side of the window click on the “Create Access Rule” Option. A wizard will

open. In the first window click and expand the “Common protocols” option and

then select and add the “HTTP” option. Now proceed to the next step. In this

page select the “Internal” from the “Networks” option and add it. Now click next

to proceed.

In this step do exactly the same but instead of “Internal” select “External”

and Add. On the next step just proceed with the default options which says “All

users”.

Now click on the Apply button to save and apply the settings. When this is

done, select the 'Configuration' option under the machine name in the IAS

Management window. And inside configure select the 'General' Option. Now in the

right side of the window click on the 'HTTP Compression Preference' and a window

will open. Here select the 'Return Compressed Data' tab and click on the Add

button. Now select the 'Networks' and click on 'Internal' option and click Add

button. You can also click on the 'Content Types' option to check for which all

protocols will be compressed by IAS. Here make sure that HTTP traffic is checked

for compression. You can even set compression for Multimedia files from this

window. Click on OK and close the window and Apply the settings and you are

done.

Now just make sure that in the client, from where you are going to access the

Website has the IP address of the IAS server set as its proxy server and in the

“Advanced settings” of Internet explorer “Use HTTP 1.1 through proxy connection”

is enabled.

To check the performance of the IAS server, you can use Windows System

Monitor to check the amount of data transferred to and from the Client and the

IIS server.

In our case we transferred a 115K Html file and the data transferred on the

network after enabling compression was just 45K so we got a compression level of

around 40%.