Branch Office Automation

Branch offices are the extension of an organization, which help improve
customer reach. An organization's image and the impression in the minds of its
customers is directly linked to the quality of its branch office. As branch
offices deal directly with customers, and are responsible for bringing in
business, they need to be agile and efficient, else it could lead to delays in
clearing customer orders, which translates into direct business loss. In today's
competitive scenario, it's not possible to make a branch office efficient
without using IT. An organization, therefore, must incorporate branch office
automation in its IT strategy. The trouble is that branch offices are not given
as much attention as the main corporate office. So while an organization might
have a swanky corporate office lass with the latest IT infrastructure, it may
have poor IT infrastructure in its branch offices. In this story, we'll talk
about how to automate a branch office, and the key challenges involved in doing
so.

There are several ways of automating a branch office. By definition, branch
office automation is IT enabling your branch office in such a manner that you
can control and sync it with your central datacenter. The essence of branch
office automation (BOA) is that virtually all offices should be on the same
network sharing a common resource pool. This can only happen if you have a well
managed WAN infrastructure. For that to happen, you would need to take care of
bandwidth, connectivity, security and data availability. We'll briefly talk
about these areas before we move on to the actual implementation.

Connectivity: The first goal is to find a suitable connectivity
solution. This may not be too much of a problem with branch offices in metros,
but it could become an issue for other locations. The ISP may or may not provide
services there, or may provide them through a third party. In such a case,
defining the SLA can become very difficult. Make sure that you sign an SLA with
the ISP and get a minimum guaranteed uptime. Depending upon the size and
importance of a branch office, you should keep a backup link ready that can be
used in case the primary link fails. You will find that this turns out to be far
cheaper than actually putting an SLA in place. And the fringe benefit which you
will get in this case will be that you can use all the lines in Active-Active
failover and even aggregate them to get better bandwidth. When one goes down you
still have the minimal required connectivity available.

For places where there's no ISP, such as rural areas, the most feasible
option today is a VSAT. The satellite connections generally come with SLAs and
the recurring cost is pretty cheap. The key concern in VSATs is high
installation cost, which can run into several Lakhs.

From the ISA interface, start the new access rule wizard to define protocol/ protocols on which you want to enable compression

Security: While deploying a connection between your BOs and HO, you
need to ensure that the data flowing across this is secure. So, the solution is
nothing but encryption. Whatever you send, let it be mail, files or just
Intranet traffic, remember to deploy some kind of encryption mechanism on top of
it. One option would be to use VPN over your WAN links. But if because of some
reasons you are not able to do so then try encrypting the protocols that are
carrying the most critical data.

The other security concern for a BO will be enforcing local security policies
across all systems in branch offices. For this, you need something that can push
policies across the machines in your branch offices. Microsoft's Windows 2003
Server R2 in conjunction with  Internet Acceleration Server can provide
this functionality as well as a firewall.

Availability: This is the most important part of a branch office. As
the branch office is connected to the head office, it must always have access to
the most up to date data. This could be the latest HR details, your corporate
intranet, your sales proposals, and anything else. One way of making this data
available could be through a VPN. But then, if there's a lot of data, then
bandwidth concerns need to be taken care of. A key enabler for availability over
WAN can be DFS replication. This is essentially a Windows 2003 R2 feature which
does replication scheduling and bandwidth throttling. It uses RDC (remote
differential compression) algorithm. RDC is a client-server protocol that is
used to update files over a limited-bandwidth network. RDC can detect
insertions, re-arrangements of data in files in turn enabling DFS Replication to
replicate only the changed file blocks when files are updated. Another feature
called Cross-file RDC reduces the  b/w required to replicate new files.

Bandwidth: This is something which you can never have enough of. The
more you get the more you need. So in case of WANs, the trick is not in getting
more bandwidth but in optimizing its usage. There are multiple ways of doing
that. The best thing is to use a WAN accelerator. There are quite a few WAN
accelerator appliances available in the market. And you can even build one by
using MS Windows 2003 R2 Server with ISA Server. In this article, we will see
how to do HTTP compression using ISA Server. The key role of a WAN accelerator
is to enhance the performance of the WAN connection. It does using several
different technologies like data and protocol compression, data indexing, data
caching, protocol optimization, etc.

Using HTTP compression in IAS, you can compress all types of data like HTML, Text and multimedia files

A WAN accelerator is capable of actually compressing protocols such as RDP
and HTTP when it actually leaves the LAN and enters the WAN. Data reduction is
achieved by indexing the data that it is to be sent across and then by only
sending the parts which are being modified. WAN accelerators are also capable of
optimizing protocols by reducing round trips of acknowledgments done by some
chatty protocols such as CIFS and by doing flow control for protocols such as
TCP. Now let's do some hands on and see how it works.

Compression using ISA

Let's suppose that you have a website hosted at the intranet of your HO and you
want to deploy some technology by which you can actually reduce the amount of
traffic between HO and BOs. And if you are using Internet Security and
Acceleration Server 2006 as your firewall and Proxy, then you don't need
anything else to achieve the goal. Let's see how to set it up.

The scenario is very simple. You have a web server configured. This web
server can be hosted on the Internet or can be sitting on an Extranet which is
your corporate WAN.

The web server machine can have any application running such as IIS, Apache
or whatever you like. Till it is serving HTTP traffic, the compression will
happen. Now you have a BO, where, as a Firewall and Proxy server you are using
ISA 2006 on top Windows 2003 server. And of course you have a few clients inside
the LAN which can access the web site through the IAS proxy. The process is
pretty simple and you can create such a process for testing by using just three
machines. And that's exactly what we did.

Using HTTP compression in IAS, you can compress all types of data like HTML, Text and multimedia files

The setup

We suppose that you already know how to install ISA server on top of a Windows
2003 machine and do basic Firewalling with it. So we are not going into detail
on how to do so in this article. The second thing which we are assuming is that
you already know how to setup a web server by using IIS. The only thing which
you have to check while you setup the webserver is to check one htm or html file
which you are going to access through the IAS server, for size. So that, you can
check later on, whether it had really compression the file or not.

As your IIS and ISA servers are ready with the basic configurations, go to
the IAS server and start the ISA Server Management console from Program Files.
Now, select the machine name of the server from the left pane and then click on
the “Firewall Policy” option. Now click on the “Default Rule” and then at the
right side of the window click on the “Create Access Rule” Option. A wizard will
open. In the first window click and expand the “Common protocols” option and
then select and add the “HTTP” option. Now proceed to the next step. In this
page select the “Internal” from the “Networks” option and add it. Now click next
to proceed.

In this step do exactly the same but instead of “Internal” select “External”
and Add. On the next step just proceed with the default options which says “All
users”.

Now click on the Apply button to save and apply the settings. When this is
done, select the 'Configuration' option under the machine name in the IAS
Management window. And inside configure select the 'General' Option. Now in the
right side of the window click on the 'HTTP Compression Preference' and a window
will open. Here select the 'Return Compressed Data' tab and click on the Add
button. Now select the 'Networks' and click on 'Internal' option and click Add
button. You can also click on the 'Content Types' option to check for which all
protocols will be compressed by IAS. Here make sure that HTTP traffic is checked
for compression. You can even set compression for Multimedia files from this
window. Click on OK and close the window and Apply the settings and you are
done.

Now just make sure that in the client, from where you are going to access the
Website has the IP address of the IAS server set as its proxy server and in the
“Advanced settings” of Internet explorer “Use HTTP 1.1 through proxy connection”
is enabled.

To check the performance of the IAS server, you can use Windows System
Monitor to check the amount of data transferred to and from the Client and the
IIS server.

In our case we transferred a 115K Html file and the data transferred on the
network after enabling compression was just 45K so we got a compression level of
around 40%.