The market paradigm for consolidating enterprise applications and data resources at the corporate data center is becoming well established. With many enterprises already employing office-to-office acceleration appliances, the demand is shifting again. The new mandate is for a software client solution for the growing percentage of small branch offices and workers who are not permanently connected to the enterprise LAN. As this document discusses, the combination of Cisco® Wide Area Application Services (WAAS) Mobile techniques described in this document delivers superior performance for transfers of remote files, email attachments, web pages, and web-based enterprise applications over narrowband, high-latency, and problematic networks.
The New Corporate Mandate: Application Acceleration Client Software
The market paradigm for consolidating enterprise applications and data resources at the corporate data center is becoming well established. Regulatory compliance and rising support costs have impelled the movement of remote servers to the data center, requiring network connectivity for many employees' everyday use of shared files and applications.
At the same time, employees are dispersing, remaining connected by an ever-expanding extended network. However, that extended network is not simply a bigger LAN connected by high-speed links. For many employees, bandwidth is much less, latency is much greater, and error rates can be significant.
The challenge in extending the corporate network is to deliver LAN-like behavior over the WAN to everyone, regardless of location (Figure 1).
With many enterprises already employing office-to-office acceleration appliances, the demand is shifting again. The new mandate is for a software client solution for the growing percentage of small branch offices and workers who are not permanently connected to the enterprise LAN, such as:
• Retail and restaurant chains
• Investment brokers and insurance adjusters
• Small branch offices
• Remote field sales forces, service technicians, and mobile workers
• Teleworkers, corporate travelers, and employees working from home on evenings and weekends
Figure 1. The Remote Office Worker
The Unique Requirements of Mobile and Small-Office Workers
Cisco WAAS Mobile is designed expressly for small-office or home-office (SOHO) and mobile workers. This founding principle is important because these users' requirements are significantly different and often more challenging than those of workers in larger branch offices. This paper explores the challenges facing mobile and small office workers and describes the technologies that have been developed and optimized to meet these challenges.
The unique challenges facing SOHO workers include:
• Lower-quality networks: These workers typically have consumer-grade broadband connectivity over DSL or cable.
– Greater packet loss: Unlike business-grade service that is installed in branch offices, commercial connections often exhibit significant packet loss (0.5 to 1 percent), with worst-case packet loss of 2 to 5 percent during peak periods (7 p.m. to 10 p.m.).
– Higher latency: The round-trip latency of consumer-grade cable connections is both highly variable and much greater than that of business-grade connections. During daytime hours, round-trip latency can be 60 ms higher, and even greater during peak evening hours.
• High-cost networks: Small branch offices that cannot withstand the loss and latency of public infrastructure are overpaying for T1 lines and receiving less bandwidth than they would get with lower-cost, though less reliable, networks. Opportunities now exist for reducing network cost and gaining speed without sacrificing network reliability.
• Different use scenarios than in larger branch offices: WAN optimizers for large branch offices take advantage of the commonality of data accessed by large groups of users and have optimized second-time access while using generic, open-source compression for first-time access. However, SOHO users are much more likely to download a given item only once. For these workers, first-time performance is often more important than subsequent file access.
• Lack of available IT staff: Many SOHO workers lack even basic computer and network troubleshooting skills. They often have scores of programs running on PCs that are several years old and have limited resource capacity. Their IT support desk is remote, understaffed, and typically unable to provide deep troubleshooting and repair support.
• Need for Secure Sockets Layer (SSL) VPN interoperability: Increasingly, SSL VPNs are being deployed by enterprises with large numbers of small offices to provision access on a per-resource basis instead of granting complete network access. The client acceleration software must be appropriately designed to provide broad interoperability for SSL VPNs.
• Need for Internet access acceleration: Unlike in larger branch offices, which have local Internet access, when remote workers are connected by VPN, their Internet access usually goes through the corporate gateway.
• Need for integrated voice: Many SOHO workers take advantage of low-cost voice over IP (VoIP) services to reduce long-distance phone bills. A variety of products are now available to enable voice calls (and videoconferencing) from the PC. However, performance can be severely degraded by email and other traffic. An acceleration solution should manage the overall traffic so that real-time traffic is not degraded while background traffic continues to flow.
Mobile workers face even more challenges:
• Much poorer networks, with less bandwidth, higher latency, and greater packet loss. Hotel wireless access is notoriously poor: Very lossy and with very low bandwidth. Users connecting through 2G and 3G wireless can, in locations with good coverage, expect 788-kbps throughput, 200-ms latency, and 2 percent packet loss. At the edges of coverage zones and in environments with high amounts of radio frequency noise such as airports, packet loss is much greater (5 to 10 percent), and latency can exceed 1 second.
• Inconsistent acceleration because of mobility: When mobile, users are often assigned different IP addresses. Wireless subscribers want consistent acceleration when moving between coverage zones: between WiFi and 3G or between wireless LAN (WLAN) access points.
• Lower security: Security is a serious concern for the mobile worker:
– Mobile workers' network access is inherently insecure, and almost anyone can intercept communications. Accordingly, secure communications protocols must be used for all access. Since many guest networks block VPNs that use IP Security (IPsec), HTTPS support is essential.
– Laptop computers can be stolen from cars and hotel rooms. Sensitive data stored in acceleration histories must be secured to help ensure that it cannot be exploited.
An additional set of WAN-related challenges are common to all branch offices, and an effective SOHO and mobile worker solution must also address these:
• Chatty application protocols. The Server Message Block (SMB) or Common Internet File System (CIFS) and Messaging Application Program Interface (MAPI) protocols used for file shares and email are notoriously chatty and, in some cases, require thousands of round trips to transfer a file or email. Typically, whenever latency exceeds 40 ms, SMB performance is noticeably poor.
• Chatty applications. Dynamic web applications frequently request many small objects per page, which on first access are fetched sequentially and on subsequent access are validated for freshness. For typical pages, each 100 ms of delay slows down page rendering by 2 to 4 seconds. On high latency evolution-data optimized (EVDO) links or international access, performance is intolerable.
Cisco WAAS Mobile: Solving the Mobile and Small- and Home-Office Performance Problem
Cisco WAAS Mobile is the only software client accelerator on the market today designed specifically to address the performance challenges of mobile and small- and home-office users. While several of these users' challenges mirror those of remote corporate office workers, many unique capabilities distinguish the Cisco WAAS Mobile solution. The combination of techniques that this solution offers delivers superior performance for transfers of remote files, email attachments, Internet browsing, and web-based enterprise applications over narrowband and high-latency networks.
The Cisco WAAS Mobile software architecture provides the framework for several common and advanced acceleration technologies (Figure 2):
Application accelerators reduce application protocol chattiness, intelligently prefetch data objects, and maintain security for signed SMB file shares and HTTPS traffic.
• Data reduction decreases the amount of data transmitted on first and subsequent user requests by 80 percent or more. Cisco WAAS Mobile transfers the least amount of data possible and then applies application accelerators and transport optimizers to speed the transfer in the fewest number of round trips.
• Transport optimizers improve the effective throughput over networks with restricted bandwidth, high latency, or high packet loss. Cisco WAAS Mobile uses a User Datagram Protocol (UDP) transport that uniquely overcomes network problems, can allocate bandwidth dynamically to voice and other unified communications traffic, and can maintain an acceleration session through temporary network disconnects, resuming in-process transfers when connectivity is reestablished.
Figure 2. Cisco WAAS Mobile Software Architecture
This robust set of technologies is further enhanced with a high degree of dynamic decision making throughout the system that applies the most advantageous combination of techniques in each situation, such as:
• Selection of the best transport optimization techniques based on the latency and packet loss detected in the network, including bypass of Cisco WAAS Mobile when appropriate
• Application-aware transport decisions such as dynamic allocation of bandwidth when a new network is detected or in the presence of an IP voice call
Cisco WAAS Mobile recognizes that Windows file shares, web-based applications, and Outlook and Exchange email all use chatty communication protocols that make many sequential requests over the network to satisfy a single user request. These round-trip transmissions multiply any latency in the network, quickly degrading response time. Application accelerators speed multiple, related transactions by continuously predicting what is likely to be requested in the future, effectively focusing on the original user request. Predicted requests and their responses are bundled together for efficiency, reducing the number of transmissions; the application being accelerated is unaware of what is happening in the background.
Although most application acceleration solutions reduce round trips for a selection of applications, Cisco WAAS Mobile offers the broadest set of application protocol optimizers in the industry, including optimizers for SMB and CIFS, MAPI, and other critical business application protocols. It also uniquely accelerates secure application protocols such as Signed SMB and HTTPS for small-office and mobile users:
• SMB signing protects against session hijacking by providing an additional level of secure authentication that protects SMB traffic from a well-known man-in-the-middle vulnerability. Competitive solutions may be able to apply simple transport optimization and data reduction techniques (such as whole-object caching), but for them, the application proxy is blocked by the SMB signature, so the application receives no round-trip time (RTT) reduction. Cisco WAAS Mobile uses specialized technology that allows RTT reduction of Signed SMB file transfers.
• Performance of secure web applications such as Outlook Web Access (OWA), SharePoint, and SAP software is improved with patent-pending technology that enables acceleration of HTTPS without loading private keys onto either the server or client computer.
Reduction of data volume is at the core of any acceleration solution as reduced data volume directly increases the effective throughput of a low-bandwidth connection.
Cisco WAAS Mobile delivers the industry's highest compression for first-time data access by comparing new content against a very deep data dictionary and by encoding new data based on preceding byte sequences. On subsequent accesses of the same data, the Cisco WAAS Mobile patent-pending compression and differencing algorithm typically achieves 2000 to 4000X data reduction. Cisco WAAS Mobile compression and differencing offers these features:
• Acceleration of any size of file (up to the disk store size)
• Application-protocol-agnostic and cross-protocol acceleration
• Bi-directional processing, so that data downloaded in one direction can be used for a subsequent transfer in the opposite direction
• Security, with optional encryption for vulnerable client-side history
Each time data is sent through the Cisco WAAS Mobile client or server, the differencing engine creates a history of file information and data blocks that is used to analyze new data. The history is stored on disk, so that data stored from previous sessions is available for extended time periods and over multiple user sessions. A single, shared server history is used by all clients. Thus, even though thousands of users may download the same file, only a single copy is stored, reducing overall system resource requirements.
Even with the benefits of compression and application protocol optimization, data still needs to be sent over the network, and that still presents a challenge for small-office and mobile users. With the exception of Cisco WAAS Mobile, WAN optimization solutions rely on TCP for transport. But TCP is very inefficient on the unreliable links typical of mobile and remote users, especially when using chatty enterprise application protocols. Attempts to improve the performance of TCP in this area are hampered by the need to preserve good congestion behavior in general networks; an aggressive transport that is aware of application behavior can deliver data as fast as is theoretically possible, even over poor-quality links.
Cisco WAAS Mobile uses its own transport protocol, Intelligent Transport Protocol (ITP), within the acceleration path created between the Cisco WAAS Mobile client and server. ITP runs on TCP/UDP port 1182 and provides better performance than TCP for the transfer of the highly compressed data within the tunnel: up to 15 percent improvement over dial-up and 35 percent improvement for 3G wireless and satellite networks. ITP appears as standard UDP to network routing devices but provides the 100 percent reliability and optimized flow control not found in UDP.
ITP incorporates encryption and many unique features not found in TCP-based products for improving performance. The benefits are best demonstrated in a test comparing throughput to packet loss. Several mobile- and remote-worker networks, such as 3G wireless, DSL, and dial-up networks, experience packet loss of 2 percent or more. The graph in Figure 3 shows that, at 2 percent packet loss, the effective throughput of the Cisco WAAS Mobile ITP transport is at 95 percent of the available bandwidth, whereas TCP-based solutions achieve only 35 percent. In fact, ITP's benefits actually increase as network conditions degrade, delivering eight times the throughput of TCP and significantly better application response time in very high-loss networks.
Figure 3. ITP Throughput Comparison with Competitive Protocols
Additional transport features are designed for special handling of network disruptions, voice traffic, and SSL-enabled applications:
• Advanced roaming and roving: Cisco WAAS Mobile can maintain the acceleration session even through disruptions such as dropped calls and connections, traversal of hybrid networks (for instance, cellular roaming), or movement between wireless access points on a WLAN. To understand the benefits, imagine downloading a very large file; when the transfer is 80 percent complete, it is interrupted by a momentary network disconnect. With competitive solutions, the request must be reinitiated, and the entire download must be repeated. In contrast, Cisco WAAS Mobile maintains the acceleration session; the partially downloaded data is compressed and saved until the session is reestablished, and then the download resumes.
• Dynamic bandwidth allocation: Cisco recognizes the growing adoption of VoIP applications such as Skype, Microsoft OCS, and unified IP communication systems in small-office and mobile-worker applications, and Cisco WAAS Mobile can improve voice performance over a connection with significant packet loss or when transferring large files during a call. Cisco WAAS Mobile monitors for the presence of real-time traffic, dynamically allocates adequate bandwidth, and then reassigns the full bandwidth to data when the call is complete. All traffic is accelerated throughout, including the data, but depending on available bandwidth, the data may see a decrease in assigned bandwidth since it is being shared with the prioritized real-time data.
• Trusted acceleration tunnel for enterprise security: The end-to-end encryption used by SSL-enabled applications prevents optimization of the underlying data. Cisco WAAS Mobile creates a trusted acceleration tunnel to decrypt and optimize the data, transmit it securely, and then reencrypt it at the other end. This process enables applications such as Outlook Web Access to be accelerated across the WAN as if they were not encrypted.
Client Data Flow
The Cisco WAAS Mobile data flow architecture increases PC friendliness with other installed applications by using application-aware traffic interception techniques. The Cisco WAAS Mobile application-aware approach eliminates the need to specify ports, port ranges, and fine-grained IP address filters and aligns with the way administrators currently manage PC-based applications.
In the client device, traffic that is to be accelerated is intercepted and redirected to the Cisco WAAS Mobile client, which sends the traffic to the Cisco WAAS Mobile server, which in turn communicates with the application or file server.
Accelerated traffic is differenced and compressed, multiplexed with other application traffic, compressed again, encrypted, and then transported over a single, highly optimized ITP connection to the Cisco WAAS Mobile server. Note that ITP, which runs over UDP port 1182, does not create an open port on the client, so it is generally transparent to the firewall.
The Cisco WAAS Mobile server data flow mirrors the client data flow, similarly terminating the application and file connections on one side and communicating through ITP on the other.
Cisco WAAS Mobile Performance Advantage
Cisco WAAS Mobile offers the premier client-based acceleration on the market, built on a deep understanding of enterprise application behavior over public infrastructure, poor-quality networks, and secure VPN connections, as well as the application of several technology innovations to address the challenges faced by small-office and mobile workers.
The architecture`s robust combination of application accelerators, data reducers, transport optimizers, security handlers, and real-time decision-making intelligence delivers exceptional performance. Figure 4 shows first and subsequent download performance for several Microsoft Word (DOC) and PowerPoint (PPT) and Adobe Acrobat (PDF) files. Performance on higher-loss networks, such as 3G, would be even greater with the benefits of ITP.
Figure 4. Cisco WAAS Mobile CIFS Download Performance
In addition, Cisco WAAS Mobile outperforms all competitive products over poor-quality networks and is the only solution that accelerates HTTPS secure web applications.
Cisco WAAS Mobile is the only application acceleration solution designed specifically for the growing percentage of workers who are not permanently connected to the enterprise LAN: remote field forces, business travelers, teleworkers, small-office workers, and employees who work from home on evenings and weekends. Because single- and few-user locations are less likely to be accessing the same data repetitively, security considerations are not the same as in remote corporate offices, and the networks these users depend on are less reliable, porting acceleration software from appliance-based solutions is not the answer.
The combination of techniques that Cisco WAAS Mobile offers deliver superior performance for transfers of remote files, email attachments, web pages, and web-based enterprise applications over narrowband, high-latency, and problematic networks.