For many organisations, branch offices are critical to business and often, rather than being a remote backwater, they represent the point of delivery for business. Meanwhile, organisations want to spend less on IT – and, as IT hardware and software prices fall, providing local resources improves performance for end-users. That sounds great until considering that local IT provision escalates support and administration costs so it makes more financial sense to deliver centralised services (which have a consequential effect on performance and availability). These conflicting business drivers create a real problem for organisations with a large number of branch offices.

For the last few weeks, I’ve been looking at a branch office consolidation exercise at a global organisation who seem to be suffering from server proliferation. One of the potential solutions for consolidation is using Windows Server 2008 and Hyper-V to provide a virtualised infrastructure – a “branch office in a box”, as Gartner described it in a research note from a few years ago [Gartner RAS Core Research Note G00131307, Joe Skorupa, 14 December 2005]. Windows Server 2008 licensing arrangements for virtualisation allow a server to run up to 4 virtualised operating system environments (with enterprise edition) or a single virtual and a single physical instance (with standard edition). It’s also possible to separate domain-level administration (local domain controllers, etc.) from local applications and infrastructure services (file, print, etc.) but such a solution doesn’t completely resolve the issue of maintaining a branch infrastructure.

Any consolidation at the branch level is a good thing but there’s still the issue of wide area network connectivity which means that, for each branch office, not only are there one or more Windows servers (with a number of virtualised workloads) to consider but also potentially some WAN optimisation hardware (e.g. a Cisco WAAS or a Riverbed Steelhead product).

Whilst I was researching the feasibility of such as solution, I came across a couple of alternative products from Cisco and Citrix which include Microsoft’s technology – and this post attempts to provide a high level overview of each of them (bear in mind I’m a Windows guy and I’m coming at this from the Windows perspective rather than from a deep networking point of view).

Cisco and Microsoft Windows Server on WAAS

When I found the Windows Server on WAAS website I thought this sounded like the answer to my problem – Windows Server running on a WAN optimisation appliance – the best of both worlds from two of the industry’s largest names, who may compete in some areas but still have an alliance partnership. In a video produced as part of the joint Cisco and Microsoft announcement of the Windows on WAAS solution, Cisco’s Vice President Marketing for Enterprise Solutions, Paul McNab, claims that this solution allows key Windows services to be placed locally at a reduced cost whilst providing increased flexibility for IT service provision; whilst Microsoft’s Bill Hilf, General Manager for Windows Server marketing and platform strategy, outlines how the branch office market is growing as workforces become more distributed and that the Windows on WAAS solution combines Windows Server IT services with Cisco WAAS’ WAN optimisation, reducing costs relating to infrastructure management and power usage whilst improving the user experience as services are brought closer to the user.

It all sounds good – so how does this solution work?

• Windows on WAAS is an appliance-based solution which uses virtualisation technologies for Cisco WAAS and Microsoft Windows Server 2008 to run on a shared platform, combined with the advantages of rapid device provisioning. Whilst virtualisation in the datacentre has allowed consolidation, at the branch level the benefit is potentially the ability to reconfigure hardware without a refresh or even a visit from a technician.
• Windows Server 2008 is used in server core installation mode to provide a reduced Windows Server footprint, with increased security and fewer patches to apply, whilst taking advantage of other Windows Server 2008 enhancements, such as improved SMB performance, a new TCP/IP stack, and read-only domain controllers for increased directory security at the branch.
• On the WAAS side, Cisco cite improved application performance for TCP-based applications – typically 3-10 times better (and sometimes considerably more) as well as WAN bandwidth usage reduction and the ability to prioritise traffic.
• Meanwhile, running services such as logon and printing locally means that end user productivity is increased.

Unfortunately, as I began to dig a little deeper (including a really interesting call with one of Cisco’s datacentre product specialists), it seems that this solution is constrained in a number of ways and so might not allow the complete eradication of Windows Server at the branch office.

Firstly, this is not a full Windows Server 2008 server core solution – only four roles are supported: Active Directory Domain Services; DHCP server; DNS server and Print services. Other services are neither supported, nor recommended – and the hardware specifications for the appliances are more akin to PCs (single PSU, etc.) than to servers.

It’s also two distinct solutions – Windows runs in a (KVM) virtual machine to provide local services to the branch and WAAS handles the network acceleration side of things – greatly improved with the v4.1 software release.

On the face of it (and remember I’m a Windows guy) the network acceleration sounds good – with three main methods employed:

1. Improve native TCP performance (which Microsoft claim Windows Server 2008 does already) by quickly moving to a larger TCP window size and then lessening the flow once it reaches the point of data loss.
2. Generic caching and compression.
3. Application-specific acceleration for HTTP, MAPI, CIFS and NFS (but no native packet shaping capability).

All of this comes without the need to make any modifications to the existing network – no tunnelling and no TCP header changes – so the existing quality of service (QoS) and network security policies in place are unaffected by the intervening network acceleration (as long as there’s not another network provider between the branch and the hub with conflicting priorities).

From a support perspective Windows on WAAS is included in the SVVP (so is supported by Microsoft) but KVM will be a new technology for many organisations and there’s also a potential management issue as it’s my understanding that Cisco’s virtual blade technology (e.g. Windows on WAAS) does not yet support centralised management or third party management solutions.

Windows on WAAS is not inexpensive either (around $6,500 list price for a basic WAAS solution, plus another $2,000 for Windows on WAAS, and a further $1,500 if you buy the Windows licenses from Cisco). Add in the cost of the hardware – and the Cisco support from year 2 onwards – and you could buy (and maintain) quite a few Windows Servers in the branch. Of course this is not about cheap access to Windows services – the potential benefits of this solution are much broader – but it’s worth noting that if the network is controlled by a third party then WAN optimisation may not be practical either (for the reasons I alluded to above – if their WAN optimisation/prioritisation conflicts with yours, the net result is unlikely to result in improved performance).

As for competitive solutions, Cisco don’t even regard Citrix (more on them in a moment) as a serious player – from the Cisco perspective the main competition is Riverbed. I didn’t examine Riverbed’s appliances in this study because I was looking for solutions which supported native Windows services (Riverbed’s main focus is wide area application services and their wide area file services are not developed, supported or licensed by Microsoft, so will make uncomfortable bedfellows for many Windows administrators).

When I pressed Cisco for comment on Citrix’s solution, they made the point that WAN optimisation is not yet a mature market and it currently has half a dozen or more vendors competing whilst history from in other markets (e.g. SAN fabrics) would suggest that there will be a lot of consolidation before these solutions reach maturity (i.e. expect some vendors to fall by the wayside).

Citrix Branch Repeater/WANScaler

The Citrix Branch Repeater looks at the branch office problem from a different perspective – and, not surprisingly, that perspective is server-based computing, pairing with Citrix WANScaler in the datacentre. Originally based around Linux, Citrix now offer Branch Repeaters based on Windows Server.

When I spoke to one of Citrix’s product specialists in the UK, he explained to me that the WANScaler technologies used by the Branch Repeater include:

1. Transparency – the header is left in place so there are no third-party network changes and there is no need to change QoS policies, firewall rules, etc.
2. Flow control – similar to the Cisco WAAS algorithm (although, somewhat predictably, Citrix claim that their solution is slightly better than Cisco’s).
3. Application support for CIFS, MAPI, TCP and, uniquely, ICA.

Whereas Cisco advocate turning off the ICA compression in order to compress at the TCP level, ICA is Citrix’s own protocol and they are able to use channel optimisation techniques to provide QoS on particular channels (ICA supports 32 channels in its client-server communications – e.g. mouse, keyboard, screen refresh, etc.) so that, for example, printing can be allowed to take a few seconds to cross the network but mouse, keyboard and screen updates must be maintained in near-real time. In the future, Citrix intend to extend this with cross-session ICA compression in order to use the binary history to reduce the volume of data transferred.

The Linux and Windows-based WANScalers are interoperable and, at the branch end, Citrix offers client software that mimics an appliance (e.g. for home-based workers) or various sizes of Branch Repeater with differing throughput capabilities running a complete Windows Server 2003 installation (not 2008) with the option of a built-in Microsoft ISA Server 2006 firewall and web caching server.

When I asked Citrix who they see as competition, they highlighted that one two companies have licensed Windows for use in an appliance (Citrix and Cisco) – so it seems that Citrix see Cisco as the competition in the branch office server/WAN optimisation appliance market – even if Cisco are not bothered about Citrix!

Summary

There is no clear “one size fits all” solution here and the Cisco Windows on WAAS and Citrix WANScaler solutions each provide significant benefits, albeit with a cost attached. When choosing a solution, it’s also important to consider the network traffic profile – including the protocols in use. The two vendors each come from a slightly different direction: in the case of Cisco this is clearly a piece of networking hardware and software which happens to run a version of Windows; and, for Citrix, the ability to manipulate ICA traffic for server-based computing scenarios is their strength.

In some cases neither the Cisco nor the Citrix solution will be cost effective and, if a third party manages the network, they may not even be able to provide any WAN optimisation benefits. This is why, in my customer scenario, the recommendation was to investigate the use of virtualisation to consolidate various physical servers onto a single Windows Server 2008 “branch office in a box”.

Finally, if such a project is still a little way off, then it may be worth taking a look the branch cache technology which is expected to be included within Windows Server 2008 R2. I’ll follow up with more information on this technology later.