Not so long ago, branch offices might have had only a PBX and a VPN back to headquarters, and an IT staff that was tiny or even non-existent. This picture has radically changed as enterprises have become increasingly decentralized and international. With some 80% of enterprise employees now located in large branch and regional offices, more business applications are distributed to branch offices, and branch office IT has taken on a more important role.
Today, organizations have an average of 6.1 products per branch, according to Nemertes Research. Purchasing, integrating, maintaining, and managing appliances such as routers, switches, and firewalls is expensive and time consuming. To ensure that these products are integrated with corporate IT, branch offices are no longer left to design and implement their own ad-hoc network infrastructure and applications. However, it is costly for enterprises to build and staff these branch-networking infrastructures in order to provide performance that is comparable to that at headquarters. The more boxes, the more complex and difficult it becomes to manage them and to integrate the local network with centralized IT. Operational costs are high, and there are multiple points of failure.
Enterprises now realize that they need branch networking solutions that integrate multiple functions to support enterprise business processes, protect critical data, and are just as functional, reliable, and available as the corporate network. To keep in touch with the rest of the business without placing a heavy load on corporate IT staff, branch office IT solutions need to be standards-based, resilient, and remotely manageable and configurable.
Multi-function routers: The first step
To simplify branch office networking, routing vendors started offering multi-services devices that consolidate multiple independent services such as a switch, a firewall, and support for VPNs into one platform. The concept of a multi-function router is certainly attractive; one platform costs less than six, managing one platform instead of six is less time consuming and complex, and the platform takes up less valuable real estate. However, such solutions actually offer little in the way of economies of scale, cost, processing, or ease of management. Plus, when individual components and processes are connected together in a disjointed way, performance, especially of real-time services such as VoIP, can suffer.
The greater the number of services, the greater the processing load and the less efficient the overall system becomes. In addition, latency constantly increases and scalability degrades every time a service is added because each service consumes significant additional processing resources. The risk of conflicts among applications increases greatly, as does the risk of configuration errors -- and both can lead to an increase of unplanned downtime. Resiliency is also a problem, since any one of the services may fail.
Because multi-function routers typically cannot be managed remotely, headquarters must dispatch IT personnel whenever a failure occurs -- and until they arrive, the failure can affect the performance of the rest of the branch office, potentially cause staff downtime, and affect revenues. If the router includes VoIP functionality, a failure could also leave the branch without any telephone communications, even within the branch itself.
Services gateway: An alternative
A new category of platform has emerged that carries the idea of integrated services for the branch office to its logical conclusion. Known as services gateways, these platforms are built from the ground up to truly unify the growing range of security and data networking services that branch offices need today. These services include standards-based security services such as stateful firewall and intrusion detection/prevention, next-generation services such as VoIP, networking services such as dynamic routing and Ethernet switching, data services, and access services such as VPNs. Unlike multi-function routers, services gateways classify and inspect packets just once for all services, keeping the processor load down and minimizing latency.
Services gateways are modular, so enterprise IT can start and stop individual services and computing modules and easily add new services and modules without affecting other services or degrading overall performance. Plus, the failure of one service will not affect the performance of any other service on the gateway; this is a key for enterprises concerned about quality of service. The services are unified into one always-available platform that can be managed remotely from a central location, so corporate IT does not have to dispatch specialists to branches every time a problem occurs or services need to be upgraded.
The services gateway has all of the characteristics needed to fully integrate the branch office infrastructure into the IT infrastructure at headquarters. It offers a combination of unified services, high performance, cost savings, resiliency, ease of adding new services, and remote manageability. And the services gateway has the flexibility to grow and change along with branch office needs.
About the author: Mark Weiner is Senior Director, Marketing and Worldwide Communications at NetDevices, Inc.