Andy Erickson, director of Internet services for Millward Brown, has seen pretty much everything clog up the pipes of the wide-area network (WAN) that serves the more than 12,000 employees of his global branding and market research firm. In the Bogota, Colombia, office, Internet radio killed email and printer services. In South Africa, YouTube was barely a blip, but Facebook brought productivity to a screeching halt, clogging up the limited link back to Millward Brown's central offices.
"We don't want to prohibit the business from doing research," Erickson said. "I know a lot of companies [where] it's more of a black-and-white thing, where you can't do sports, you can't do gambling. But, for example, Xbox is one of the big things we work on, so we have to allow it."
Fortunately, a few time-tested WAN bandwidth strategies, along with some trial and error, helped Erickson juggle these disparate requirements and maintain adequate Internet for Millward Brown and parent company WPP Group, along with the access they needed.
Block the bandwidth hogs
The simplest gut response to bandwidth bogeymen like Hulu, Facebook and Youtube is simply to block them, and in some situations, that can be the best response. That's exactly the line Erickson took with his South Africa branch.
"Facebook was such a problem we had to block it, while YouTube was still allowed," he said. In other offices, the exact opposite policies were applied. He blocked streaming video but allowed social networking, depending on which services were causing problems for that particular link on the WAN.
To make the decisions about which services to block, Erickson took a careful look at traffic patterns, using an appliance from BlueCoat, and he was in close contact with regional managers to see what services were being used for legitimate business purposes before making any across-the-board decisions.
"It's really trial and error at the office level," he said. "A lot of it has come from local office managers and having them educate us along the way." Some sites, such as Hulu, were eventually deemed to be entirely personal and so could be blocked entirely. Others, like YouTube and Facebook, are still decided on an office-by-office basis, and those decisions are subject to change as business needs evolve.
This strategy is not always perfect, however.
"A lot of this just comes down to the enterprise itself, their corporate culture," said Peter Fetterolf, a partner with networking consultancy Network Strategy Partners LLC. "There's always the potential you're blocking stuff that shouldn't be blocked."
That could in turn lead to more headaches -- and higher costs -- down the road as the network support staff works overtime to fill requests for block exemptions or to explain why certain sites are on the blacklist, Fetterolf warned.
"I'm not saying you shouldn't block," he said, "but it depends on organization."
Erickson discovered that blocking sites could be a bit like a game of Whack-A-Mole.
"We had a massive problem where people were all going out and finding radio stations that we can't find and block quick enough," he said.
Fortunately, Erickson was able to apply complementary strategies when users started getting too clever.
Manage and shape the WAN bandwidth demons
Once the streaming media genie is out of the bottle, it's hard to put back in, whether it's in the form of useful corporate training YouTube videos, streaming Web radio, or simply the latest viral video of a cat doing something predictably adorable. Erickson knew that any of the above could potentially slow or even cut access to essential corporate Web applications.
"In general," Fetterolf said, "a lot of enterprise networks have various types of WAN optimization devices that use DPI, or deep packet inspection, to control and manage traffic so that certain types of applications can't take up all the bandwidth and so that business-critical apps always get the performance they're guaranteed to get."
That's exactly the path that Erickson took to conserve WAN bandwidth for the critical applications at many of Millward Brown's branch offices.
Using the BlueCoat appliances deployed both at WPP's central offices and at almost two dozen branch offices, Erickson used a number of techniques to manage streaming media traffic requests.
For example, Millward Brown enabled YouTube video caching, so that once one person watched a video in the branch office, any other requestor would simply be directed toward the local cache, cutting a significant load on the network.
It also speeded up video-playback download times for the end users, since the cached video was already stored locally on site, rather than on YouTube's servers.
"We saw a 60%, 75% increase in HTTP traffic," Erickson said. Increased HTTP traffic represented boosted productivity for workers who needed websites to load quickly in order to get work done.
Erickson also started capping many users at 128k download speeds. That was enough to stream some low-quality video but discourage high-definition video use, while leaving enough bandwidth to go around.
"In terms of the enterprises, I think [traffic shaping] is relatively new stuff," Fetterolf said. "In the big offices, they have it, but in terms of the branch offices, they don't have this kind of capability because you have to manage the DPI engine." But he predicted that as peer-to-peer, streaming video, and other bandwidth drains continue to grow in popularity, such methods will become increasingly popular also.
"It's a problem that people need to be aware of," he said.
Divert Internet traffic off the WAN
Finally, not all traffic needs to go over the WAN, particularly depending on how the enterprise network is architected.
"A lot of smaller branch offices today are connected via DSL to the corporate network," Fetterolf said. This is a significant change from frame relay connections, which have been traditionally popular connectivity options.
For a branch office with a DSL or cable connection, it makes sense to route Internet access, as opposed to intranet access, directly to the Web and route sensitive internal traffic through a VPN or other traditional alternative.
"Any Internet traffic can go straight to the Internet, and that's a no-brainer at that point," Fetterolf said.
He cautioned, however, that any WAN optimization or management vendor encouraging all traffic to be routed back through central offices might be trying to sell a feature that a company may or may not need.
"You take traffic to the nearest point of access, and it's going to the Internet anyway," he said. "So what difference does it make if it's going through point A to point C?"
That calculation can get a little trickier for multinationals like WPP, however.
In many countries -- South Africa and Mexico, for instance -- the cost of bandwidth is the biggest concern, Erickson said, and being charged by the access point means it is actually more effective to backhaul all that traffic over a frame relay than to pay for each local user's access.
"It's really just a cost measure," Erickson said. He is testing and trialing the other strategies regularly, seeking the perfect balance between conserving WAN bandwidth and giving his employees the access they need.