COVID-19 and the Mobility Tsunami: Imperatives for Business-as-Usual
COVID-19 has been declared a pandemic and organisations around the world are facing their biggest challenge ever on business continuity and employee productivity. Governments are being forced to take difficult decisions like lockdowns in the interest of public safety. In these circumstances, organisations are under pressure to find alternate ways to ensure business continuity. One of the key solutions most organisations seem to be adopting is to promote remote working. But questions remain. How do people access the tools / applications they need remotely, how secure will the data be, how do we ensure that the employees are as productive as they were earlier, etc.
In the light of this unprecedented situation this article intends to explore how organisations need to re-think their IT architecture specifically network architecture and address the concerns that organisations might have.
The Traditional 80:20 Access Rule
Traditional enterprise architectures use private data centres for hosting different application workloads which are accessed by end users. Majority of the end users access these workloads within the office on a local area network. Remote connectivity for a minority of mobile users is enabled through a virtual private network.
It is safe to assume that this solution follows the 80:20 rule, i.e. 20% of users are mobile and access private corporate content for bulk of their work from outside the organization, using internet as their primary mode of connectivity, while 80% of the employees work within an organisation’s office infrastructure and hence access corporate applications within the company’s private local area network.
When Crisis Hits: The Mobility Tsunami
In business continuity scenarios such as the Coronavirus pandemic, employees may be required to work from home or safe public locations, the end users would access different workloads through varied wired or wireless technologies. Users may also use their own devices (not necessarily company provided assets) to access the workloads. This scenario reverses the 80:20 rule, thus creating a scenario where more employees become mobile and / or remote working. This creates significant demand on the networks, resulting in a Mobility Tsunami, posing many challenges to the enterprise IT team.
Challenges in Remote & Corporate Network Infrastructure
Remote User Infrastructure
Remote access for employees is not mandated by most organisations, leaving them no control over the connection type, bandwidth and the performance elements of the employee’s internet connection. In such a scenario where employees are forced to work remotely, the key issues are:
Type of connectivity: Internet connectivity technology is highly localized, varying from place to place. The bandwidth depends hugely on technology. i.e. 3G/4G access, Broadband on POTS lines and Fiber to home.
Performance: Internet is a shared medium and typically oversubscribed by ISPs for home connections with performance varying dynamically.
Security: Security is a major challenge with any type of internet connectivity. ISPs have limited mechanisms to avert modern security attacks on internet connections.
Corporate Network Infrastructure
At the data centre end, where applications are hosted in a private network, the challenges are in:
Rapid Scaling: As most user traffic comes from the internet, in BCP situations significant scalable bandwidth is required for internet links. Beyond Internet links, all perimeter routing and security devices need to be capable of handling a high surge in enterprise traffic coming from the internet. The scalability of the devices and links is dependent on free capacity and the ability to load balance among High Availability devices.
Speed of Provisioning: If the links and devices can’t scale with their existing free capacity, new hardware and links need to be provisioned in short spans of time, making speed of provisioning mission critical.
NextGen Technology Trends & Solutions
Alleviating the many key challenges in traditional infrastructure, today’s new technology trends and their adoption by enterprises need to be designed to support the remote work model. The choice of technology and infrastructure must be carefully thought through to ensure there is no impact on user experience.
Technologies for User end Infrastructure
5G, FTTH (Fiber to the home)
After widespread adoption of Broadband and 4G/LTE, the next wave of technology changes for the end user is 5G and FTTH — these technologies deliver greater bandwidth and ultra-low latency, giving remote end users a seamless experience while accessing business applications. Organizations can look at enabling Users with devices that adopt these technologies wherever available to ensure that the User is not only easily accessible but also has an ‘in-campus’ experience even while operating from remote.
WAN Optimization
For remote users with poor internet connectivity in terms of bandwidth and latency, organizations need to consider WAN optimization solutions which will mitigate remote access application performance issues. There are agent-based WAN optimization solutions that are available that sit on the Remote Users laptop which provide better Performance for the remote user. Another solution is for the remote user to connect to the nearest internet gateway solution in a hub or PoP (point-of-presence) and pass the long-distance traffic through a better optimized and high-performance backbone to reach far-end data center.
Endpoint Encryption for Remote Users
One of the critical challenges of enabling remote users is to ensure seamless connectivity to corporate applications but in a secure manner. Enabling Endpoint encryption technologies onto the remote laptops and desktops ensures that there is protection of both the data that is being accessed as well as the remote user from external cyber threats. Multiple endpoint encryptions that ensure Whole Drive Encryption which renders a laptop, server, or other device unusable except for holders of the correct PIN or encryptions to ensure specific files, folders protection through Files Folders Removable Media (FFRM) encryption locks. Access to data can also be protected through RSA as well as AES technologies, thus ensuring a secure work spot for the user whether inside or from outside the campus
Technologies for Far-end Infrastructure
SDWAN
Recently, enterprises have started adopting the internet at a higher rate, with some of them looking at “Internet-as-Enterprise WAN” or an “Internet-First” strategy. The ubiquity and cost of the internet, as well as its alignment with the cloud strategy, has led to this shift. With the Internet getting distributed to offices and edge computing gaining prominence in remote sites, there is a need to handle remote site traffic intelligently, with the right security stack. SD-WAN solutions enable faster, transport-independent internet adoption at remote locations and data centers to support the BCP. SD-WAN solutions also come with Network Function Virtualization and WAN optimization capabilities that would further support Branch-in-a-Box Infrastructure.
Software Defined WAN will enable wireless technologies and broadband technologies to be commissioned very easily instead of expensive long lead time MPLS circuits. To accommodate the additional traffic coming in from the remote workers wireless technologies and broadband circuits can be quickly provisioned using SDWAN architecture.
Automation
Network solutions that enable network automation further improve availability and performance for remote connectivity through analytics. Predictive analytics to assess the network infrastructure elements is critical to ensure the network is “on” continuously, and to take precautionary steps to address issues that will ensure the network is “self-healing”. Specifically, the security operations need to be strengthened as well to ensure “attack” traffic is limited.
Security
Once remote working kicks in, a whole range of devices will come into play from desktops to laptops to smartphones. The entire security infrastructure needs to be reassessed, including the creation of “corporate application islands” within smartphones to prevent data transfer between personal corporate applications. This needs a significant re-architecture of the infrastructure.
As remote working increases the chances of cyberattacks increase, it is important to continuously monitor the infrastructure, to ensure “tackling” and “blocking” of these attacks.
Secure VPN access for enterprise users from internet needs to scale rapidly in DR situations. Some solutions to ponder for rapid user VPN scaling are Service provider VPN gateways or NFV based solutions for VPN terminations within enterprise.
Cloud Migration
Migration of key workloads to cloud will reduce the load on the network traffic hitting the corporate network. But any such migration will need to ensure there is the right network architecture. So appropriate planning of the network needs to be undertaken, depending on the workload.
Plan for the Mobility Tsunami
To summarize, enterprises need to plan for the Mobility Tsunami in the case of a crisis and safeguard themselves from the flash flood of internet-based enterprise traffic. Microland recommends the following approach to assess your network infrastructure for its needs.
Step 1: Understand the network’s current traffic pattern, in terms of workload visibility and traffic paths. Revisit the tools infrastructure to determine optimal traffic and application visibility.
Step 2: Look at current network and security infrastructure from a high-availability and capacity perspective.
Step 3: Plan for higher internet-based enterprise application traffic. Identify the gaps in design and configuration which can bring about optimal performance and security.
Step 4: Consider new technology solutions explained in previous sections, including Distributed Internet, SD-WAN, WAN optimization, 5G and Wi-Fi.
Step 5: Build spare capacity at critical locations with higher internet bandwidth. Get the right mix of commodity and business-grade internet.
Step 6: Strategize and continuously enhance Network Automation.
Capturing its significant experience, Microland has developed a Network Assurance Platform that provides significant feature sets in the areas of Service Intelligence, Service Visibility and Automation. Some key highlights of the platform include
· User experience benchmarking and measurement
· Integrated dashboard for a view of end-to-end services
· Technology-specific transformation templates
· Business unit, region and criticality based views of services
· Service performance metrics for all service vendors
· Service visibility through analytics and automation
· Customer data source integration for real time data input and analytics
As the famed Benjamin Franklin once said, “By failing to prepare, you are preparing to fail”. Planning and preparation are the right vaccines for IT infrastructure in these virulent times.
Keep your business running as usual, no matter what the situation is. Microland’s extensive work in the areas of network transformation and cloud enablement will ensure our customers do not experience drop in user experience or productivity and that the digital infrastructure is not compromised. We make digital happen with predictability, reliability and stability.
About the Author(s)
For more information about Microland’s Network Services visit www.microland.com/digital/networks, or reach out to our digital experts.
Kumaran Rangaswamy, Vice President — Networks:
Kumaran heads the Networks business for Microland, with over 25 years of architecting, building and managing network infrastructure across a myriad of technologies. He also holds a patent related to enhanced Managed Network Services.
Natarajan Sathyamoorthy, Senior Director — Networks: NatarajanS@microland.com
Raj (Natarajan) has over 22 years of experience in consulting, product development, solution design and presales specific to network technologies. At Microland, Raj is responsible for spearheading the network services initiatives for some of our marquee clients.
About Microland
Microland’s delivery of digital and “Making Digital Happen”. allows technology to do more and intrude less. We make it easier for enterprises to adopt nextGen Digital infrastructure. We enable this using our expertise in Cloud and Data Centers, Networks, Digital Workplace, Cybersecurity and Industrial IoT. Ensuring the embrace of brilliance is predictable, reliable, and stable.
Incorporated in 1989 and headquartered in Bengaluru, India, Microland has more than 4,500 digital specialists across offices and delivery centers in Asia, Australia, Europe, Middle East and North America.
