Changing branch networking needs reshape the branch office box

Choosing a branch office box has become more complex. Branch office designs and requirements are changing, vendors offer widely different approaches, and server virtualization offers a do-it-yourself method on standard server hardware.

As large enterprises grow more distributed and further centralize their IT staff, the do-it-all branch office box becomes more appealing. However, choosing a branch office box has become more complex. Branch office designs and branch networking requirements are changing, vendors offer widely different approaches, and server virtualization offers a do-it-yourself method on standard server hardware with virtual branch office in a box (vBOB) devices.

More enterprises are inquiring about and "dancing around the question" of deploying branch office boxes as workforces grow more distributed, particularly in locations that have neither the space nor staff for dedicated servers and appliances, according to Andre Kindness, senior analyst at Forrester Research.

"Companies are feeling a lot more confident about running branch offices," he said. "Kiosks are showing up in the middle of the malls and banks are showing up in grocery stores." 

The branch office box consolidates basic network services, such as printing or domain name system (DNS) services, onto what would otherwise be a dedicated appliance, such as a router. Some branch office boxes incorporate business applications or advanced services, such as anti-virus capabilities and intrusion prevention systems (IPS), into the vendor's proprietary hardware as well. 

As branch networking requirements change, however, so does the branch office box. Amid the increasing adoption of mobile devices and the dawn of 4G networks, the latest update to Cisco Systems' Integrated Services Router (ISR) G2 targets wireless WANs with a module to support 4G connectivity on Verizon Wireless' Long-Term Evolution (LTE) network. Mobility, virtual desktops and cloud services will continue to shape the ISR's evolution, said Inbar Lasser-Raab, senior marketing director at Cisco.

Vendors from other markets have also introduced branch office boxes, seeking to differentiate by playing up their brand's strengths. In 2009, wireless LAN vendor Aruba Networks launched its branch office box line -- the Remote Access Point (RAP) series in its new Virtual Branch Networking (VBN) line -- as a series of lightweight, Wi-Fi devices that require no on-site configuration. Product pricing ranges from $99 to$595, whereas traditional branch office boxes range from $500 to$2,000, according to Manav Khurana, head of solution marketing at Aruba.

WAN optimization controllers (WOC) will also "evolve to the point that they can support serverless branch operations," according to the latest Gartner Magic Quadrant for WOCs. WOC-based branch-in- a box options are limited today, but the Gartner Magic Quadrant identified Riverbed Technology and Juniper Networks as having clear visions in place.

Branches in flux require new kind of branch office box

Fixed infrastructure does not suit the fluid branch environment that Forrest Schroth, lead data network engineer for SFN Group Inc., must support across North America. In recent efforts to curb real estate costs, SFN, a Fort Lauderdale, Fla.,-based staffing services firm, consolidated and dissolved some of its smaller branch offices, Schroth said. The firm replaced some branch offices with temporary offices rented for teleworkers assigned to short-term projects, he said.

Cisco might actually have an advantage because it's connected to some routing infrastructure … but for what we're doing, that was extreme overkill.

Forrest Schroth
Lead Data Network Engineer, SFN Group

SFN has neither the space to install nor local IT staff to manage multiple servers and branch appliances in the small and temporary branches, severely limiting branch networking options, he said. Most of those sites use standard Internet connections, but even the smallest SFN branch has strict security requirements that a public Internet connection can't offer.

Although all part of the same organization, each business unit operates independently of one another and wants its traffic secure from the others, Schroth said. Some sites must accommodate clients or partners with guest networks, which he said must also be isolated from the corporate WAN.  

Although Schroth had an expansive footprint of other Cisco gear -- 1,800 nodes in all -- he said that the ISRs, which enable network engineers to partially customize branch office boxes by choosing from an array of Cisco modules, were too complicated for his deployment.

"If I really needed a lot of the advanced services of really heavy IDS or IPS or really heavy [Cisco Security, Monitoring, Analysis, and Response System] CS-MARS-like reporting, then maybe Cisco would make sense," he said. "Cisco might actually have an advantage because it's connected to some routing infrastructure … but for what we're doing, that was extreme overkill."

Instead, Schroth deployed Aruba's two-port AP-125 access points (APs), which support the same functions, features, operating system and coding as the RAP-5 from Aruba's VBN line, which had not been available at the time of deployment. The newer RAP-5, which Schroth said he would purchase as needed from now on, has five Ethernet ports and a USB cellular uplink port.

The APs require only a power supply and Internet connection to communicate with a central controller. With the data center-based controller, the APs can establish virtual private network (VPN) tunnels that support everything from DNS and DHCP services to 3G backup and IP phones, Schroth said.

"Now I can securely provide these guys a connection in some remote location over the Internet without a whole lot of configuration or setup or the need to bring in a hard circuit, if it's just going to be for a small period of time," he said.

Not all enterprises need branch office boxes, either. Brian Crandall, global systems architect at Nu Skin Enterprises, a cosmetics company based in Provo, Utah, said his branch infrastructure is already scant and doesn't require further consolidation. Larger branches support local file sharing and connectivity to the corporate WAN; smaller branches only support WAN connectivity.

"We have already consolidated quite a bit to our corporate office," Crandall said. "We don't deploy any 'branch in a box' strategy at this time. Being in different countries, we are not able to do everything cookie cutter, though we stay as standard as feasible."

Will virtual WAN appliances kill the branch office box?

IT shops with significant investments in server virtualization can essentially create their own branch office box on a cheap standard server, as many of the equipment vendors now offer virtualized versions of their branch appliances. This will become the ideal path for many WAN pros, said Forrester's Kindness.

Blue Coat Systems discontinued Packeteer's iShaper product -- a branch office box product developed with Microsoft. Instead, it has focused on developing its ProxySG Virtual Appliance, a software version of its WAN optimization product that can run on standard servers.

"[The branch office box] is about the most expensive way you can do that sort of thing because that fixed appliance is at 70 to80% markup; [whereas] you can literally get twice the CPU, twice the disc and twice the memory if you use [a standard server]," said Mark Urban, senior product marketing director at Blue Coat.

Commodity server and virtualization vendors are also consistent with updating firmware and ensuring backwards compatibility, Kindness said. "When it comes to unique hardware, that's not true at all," he added.

Proprietary branch office boxes have their drawbacks, Kindness said. A platform such as Cisco's locks WAN managers into a single vendor's feature options and sometimes suffers from performance problems, he said. Cisco's Lasser-Raab disputed both claims, saying the ISR offers wide-ranging flexibility and has the compute power to uphold performance.

Proprietary boxes that house third-party software -- such as the Riverbed Services Platform (RSP) on Riverbed's Steelhead appliance and Hewlett-Packard's ProCurve switches -- are usually the least desirable path because they often integrate the software poorly and leave customers in the dark on support issues, Kindness said.

Let us know what you think about the story; email: Jessica Scarpati, News Writer.

Dig deeper on Branch office network design

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchNetworking

SearchUnifiedCommunications

SearchTelecom

SearchSDN

Close