As you introduce your enterprise WAN to virtualization, a virtual branch office in a box (vBOB) may be what secures and optimizes your branch offices. Learn in this article how branch office boxes (BOBs) are being rethought and reinvented.
Simply put, a branch office in a box (BOB) is a special server appliance that includes basic functionality needed for a small office. This usually transports base-level network services—such as DNS, DHCP, email support, print services, Web-based applications and secure VPN connections—to and from a data center or corporate headquarters at an optimized speed. At the networking level, BOB devices usually include routing, integrated LAN switches (usually Layer 2 Ethernet, but some come with VLAN or even vSwitch capabilities), and traffic prioritization and traffic grooming capabilities via QoS support and other proprietary features.
Rethinking branch office in a box for the 21st century
New networking and virtualization technologies are calling the branch office in a box concept into question, however. For one thing, there’s a growing trend to ditch the wiring on office networks and to convert wired topologies into their wireless equivalents. Thus, for example, vendors like Aruba now offer wireless branch-in-a-box implementations that cost about one-third to one-half of more traditional offerings from networking vendors such as Cisco, Netgear or NetDevices. The onslaught of 4G technologies such as WiMAX and LTE also dictates that wireless WAN technologies may soon untether BOB devices completely from both the WAN and LAN side without sacrificing speed or capability.
There’s also a growing tendency to equip server appliances with increased capabilities to bring a more complete computing environment into BOB devices and remote branch offices. Early branch office in a box devices lacked features that enterprises now demand: complete security coverage, full VPN support, anti-malware support and other advanced security appliance features. Consider the following laundry list of features commonly found in more cutting-edge BOB offerings these days:
- Security coverage: Where corporate networks typically turn to unified threat management (UTM) appliances to secure their network boundaries, most of the functionality found in standalone security appliances is also making its way into BOB devices (including features like advanced firewalling, content filtering, intrusion detection and prevention, anti-malware protection and so forth).
- Voice over IP (VoIP): Because businesses are moving away from conventional POTS to IP-based telephony, branch and remote offices do best to follow suit. Today’s BOB offerings do more than simply enable IP handsets; they typically include basic local IP-based PBX capabilities and may even integrate unified communications with corporate Exchange or other high-end email servers at the data center.
- Remote provisioning and management: Most enterprises would rather not have IT staff taking care of branch and remote offices away from headquarters or the data center. Because of this, it’s become commonplace for BOB devices to be coordinated and controlled through a management dashboard back at the data center, so that devices can be remotely provisioned, configured and managed from afar.
- Business services and applications: BOB devices must still be able to stand in for links to a data center or cloud processing facility in the event of wide area network outages, so these appliances will often include basic storage and service processing capabilities for email, file services and critical line-of-business and Web applications. Should WAN links go down, many BOB boxes now use Windows Server 2008 R2’s read-only AD controller capability in order to provide failover access to AD catalogs and information.
- Backup/restore, data loss prevention, and storage management: BOB devices usually interact with data center-based storage, snap-shot and backup/restore facilities to protect branch and remote office systems and data. Some advanced units include data loss prevention content filtering to ensure compliance with privacy and confidentiality requirements for customer data, credit card processing, financial account data and so forth.
- WAN optimization controllers (WOCs): To make the most of precious WAN bandwidth, remote and branch offices need to work with similar devices in data centers (or at the other ends of their WAN links) to compress traffic, eliminate chatty protocols, exploit item dictionaries, apply encryption and other security measures. Today’s best BOB units integrate hardware-based WOC capabilities as key components to boost performance and throughput.
Virtualization changes everything: Brace yourself for virtual branch office in a box
The never-ending panoply of creative uses for virtualization technology is also making its way to the BOB market. Given that a server appliance is being deployed to remote and branch office locations anyway—often, a reasonably powerful multi-CPU enclosure with 24 GB or more of RAM, and at least a few TB of local storage—there’s no reason why a host OS can’t act as a hypervisor for one or more runtime images that actually fulfill all the various roles and tasks described in the preceding sections of this article. For many vendors, the move to a virtualized runtime environment makes their jobs of building and updating images easier. Likewise, organizations that use BOB devices often find it simpler and more straightforward to handle provisioning, deployment and updates when runtime environments are packaged and managed as virtual machines, and handled as such.
It’s tempting to see the next step in the evolution of branch office in a box as a virtual branch office in a box, where the images and virtual machines (VMs) that make the device work are carefully crafted and managed back at the data center and simply pushed out into the field. This makes management and deployment simpler and more straightforward, and perhaps even faster and more efficient. With that in mind, why use a BOB when a vBOB works better?
About the author: Ed Tittel is a longtime computer industry writer with over 100 computer books and thousands of articles to his credit. His most recent security book is Computer Forensics JumpStart (Sybex, 2011, ISBN-13: 978-0470931660). Read his IT Career JumpStart and Windows Enterprise Desktop blogs for TechTarget, too, and his weekly posts for PearsonITCertification.com.