Discussion in 'Business & Enterprise Computing' started by Dekkar, Mar 30, 2012.
Like I said, just turn it off for a few days and let people remember how it was before
For us, it was easy.
Branches were running slow. We had two options - increase the branch links for 180 sites across Australia, or put in a wan optimisation solution. Telstra are very good at not giving discounts on their links, so the decision was a very easy one.
It was cheaper to purchase a branch repeater (plus the small amount of yearly maintenance) than to increase the branch link to the next level. Our branches typically run at 256k, so the upgrade to 512k across the board was going to cost us more. With the wan optimisation solution in place, I'm getting the kind of responsiveness I'd see in a 1mb environment, so its really not much of a comparison.
Using riverbed here in a architecture firm with dfs changes all replicated to our dc in brisbane we are able to get 75% reduction of only 30gb wan traffic 120gb lan across 8 sites in aus a international
We have riverbeds too. They've been a godsend where our remote sites can only get 256 speed connections.
I MUST ask, have you compared the numbers to something external to the riverbed box? Are you trusting on-box stats? I see this a lot but when we stick wireshark in and use the inbuilt wireshark IO graph there are some big problems and a lot of head scratching ensues.
Cannot put enough emphasis on this!! Ironport, Riverbed, AV stats, firewalls any product that justifies its own cost from its own reporting is about as trustworthy as an alcoholic guarding the beer truck.
You might think "but how can it fiddle the numbers, surely it can't just 'make up' stats".
Well, as the old saying goes there are 3 kinds of lies: Lies, damned lies and statistics.
Just keep this in mind, it's very common to say something saved you from x number of attacks or amount of traffic where it will take the first TCP handshake as "one connection" then the syn reply as "another connection" and then the data as "another connection" .. woo instant 3x boost in your statistics and a claimed 3x boost in performance!
Because "well, if you didnt have product X in place ... all that traffic would have gone over the wire, right?"
I havent done any wireshark testing..... But our proof is in its execution...
I cant tell you if the stats on the box are exactly correct.... But I do have users down in Melb connecting to our Sydney DMS..... and they havent really noticed that we have switced server on them.....
It is as though they are working locally...... I tested opening PDFs that range from 2mb to 80mb..... and once the riverbeds had created enough cache on each side, no matter what I open, it happens very quickly...
10mb PDFs open in 5 seconds rather than 2 minutes....... This is proof enough for me.
What Iceman said is right though - its all fine to look at the claims, but you need to be able to understand what they're basing their claims on.
The classic for me was the Riverbed vs Citrix claims of recent - Riverbed made some "we're so much better than Citrix" claims around ICA, and Citrix internally went through a hell of a lot of work to produce a document that shows why Riverbed was basically misleading, so that their sales people could explain it to their customers. I got to see the document, and man, they were NOT happy with Riverbed.
I wouldn't buy a product that had reverse engineered a protocol and then claimed they did a better job than the vendor. Why would they think that people would think this is a good thing? Good luck getting support when you have an issue for a start... lol
Same with us- We put the branch repeaters in, and noticed PDF printing dropping from 3 minutes down to 30 seconds. That's WAN optimization for you though, all the vendors do the same.
Looks like we'll be going down the WAN optimization path, just got a quote for 2/2M to a new proposed site $3K per month . They're in the 3 year NBN roll out proposal but that wont come soon enough.
We'll primarily be wanting to optimize HTTP,CIFS/SMB, Exchange, RDP/Citrix. Let the games begin. Time to start trailing some options.
Out of interest, how much does the device rollout cost?
That is the question yet to be answered once we go to market and will be taken into consideration compared to the delivery for a new service.
Also need to base these decisions on forecast growth at the new site and take the NBN timeline delivery into consideration.
Currently our most expensive services are 10/10 and a fraction the cost of the proposed location so WAN optimization has never been taken into consideration.
Location location location as they say unfortunately. We have a similar situation with our HQ and a particular branch. Company pays approximately the same price for 4/4 connection at a branch vs the 10/10 at HQ.
Where I am at now they have bluecoats as most offices. Offices are located in PNG (about 12 bluecoats), Fiji (5) and one each for Samoa, American Samoa, Tonga, Vanuatu and Brisbane. Some satellite, some copper.
Most of these are links are lucky to be 1Mb and the bluecoats typically get a 1.5x gain at the worst, 4x for intranet HTTP traffic and the like. We use the Proxy side a lot to block a lot of websites/streaming etc which in a way also helps leave some bandwidth for the important stuff.
The Bluecoats seem to need quit a bit of hand holding and setup but I havnt looked at other systems to see how they compare - nor have I used the bluecoat director to push etc. I will say this, they 100% need support we have replaced a few under warranty, sometimes software issues too but they look up and want to send you a new one.
Look at a virtual WAN optimizer
Samoa? Wow to an IT guy in the US that sounds like real pain to deploy and install...is it?
Virtual appliances might be better in those remote cases, if you're setup for virtualization. You can deploy them remotely real quickly and should be fine for 1M links. Some of the folks here have deployed the free VX-X and are reporting great results (92% reduction on RecoverPoint, dropping transaction processing from 86 seconds to 3 etc. )
Disclaimer: Yes, yes, the VX-X is a Silver Peak product and I work for Silver Peak, but that doesn't make me entirely evil - just ask my mother. Really, just trying to help and the VX-X really is free, good for up to 4M of optimized capacity.
Yeah is a pain (but lovely places to visit) and they have been in around 4 years now so will start looking at options in 6 months or so. Only in the last 3 months have we got ESX servers to our smaller islands so we can looks at virtual applicances.
And seriously you silverpeak guys are everywhere. The guy who originally done this bluecoat deployment now works for silverpeak and keeps telling me about them
There is also this http://www.trafficsqueezer.org/
Crap GUI, however its free
Traffic Squeezer and Samoa
Yeah, I was going to mention trafficsqueezer, but I don't have a lot of experience with it. Do you? I've rumors about it, but nothing concrete. What's it like to deploy and manage?
I know the VX-X uses the same code base as Silver Peak's other optimizers, so it's rock solid and free. But you'll be limited to 4m of optimized capacity (very, very roughly a 20M line), plenty in this case but not in all cases.
pH@tTm@N: yeah, we're growing by leaps and bounds, but we still don't have anyone in Samoa, I don't think. So look, if you ever need anyone to go out there and help you out with an install (even if it's Rvbd!), why not tell the power that be over here that you need my personal assistance? .
Technology Evangelist, Silver Peak Systems
Blogger, Network World
That's probably adobe's fault
Once watched traffic on a WAN link while signing a 4Mb PDF, resulted in like 12Mb of traffic out from the client and 8Mb in.
Have used Riverbeds for SMB on links where receive window started to be an issue, seem to have made a pretty reasonable difference. Certainly low effort to configure, and just keep doin their thing without any need to maintain.
We have removed the trial units (250's) and put in some 1050L's and are seeing peaks anywhere from 50mb/s to 120mb/s over a 4mb link across the tasman, traffic consists of cifs, rdp, mapi and some generic tcp.
I ran a file copy and got around ~30mb/s, ran it again and received 600mb/s, the cache works!!
Yeah I have had a couple of IT guys come and tell me it must be the bluecoats causing xyz to not work. Nothing but trouble etc.
So then I got them to copy a 10mb zip file across to our PNG site. Took 20 mins or so. Then disabled the bluecoats, took 45 minutes for the file copy, and also the app didnt work any better either. Then they realise they do a lot more than block facebook.
Spoke with the Aust manager for Silver Peak just today actually.