News

WAN Optimisation coming to Windows

Andrew R. Hickey

WAN optimization technologies embedded in Microsoft Windows Vista and Longhorn Server feature significant improvements over older versions such as XP and Server 2003. And as they become more widely available and are deployed in greater numbers, those abilities could make separate WAN optimization boxes unnecessary in many situations.

According to Eric Siegel, Burton Group's senior analyst, the WAN performance and optimization technologies embedded in Vista and Longhorn "will be the equivalent of many of today's external WAN performance-optimization devices."

That availability, Siegel said, will prompt enterprises to reconsider their WAN optimization designs once the new Windows technologies are deployed.

Siegel said Vista and Longhorn contain redesigned TCP/IP stacks, quality of service (QoS) facilities, file systems, security systems, and WAN-friendly presentation layers for applications.

"People went out and bought acceleration devices, but the new stack is nice and it fixes a lot of the problems [those devices addressed]," he said.

TCP flow control and error recovery have been improved while remaining compatible with other TCP implementations.

Elsewhere, Microsoft has enhanced management control over QoS, meaning that network administrators might be willing to trust QoS markings from Windows machines. In addition, the native Windows file-system access protocol, CIFS, has been improved and will work with most existing applications

Requires Free Membership to View

without requiring program changes. Also, remote application delivery systems, like Windows Server Terminal Services or Citrix Presentation Server, will probably have their performance enhanced when applications are rewritten to use Vista's Windows Presentation Foundation component.

Although Vista and Longhorn will optimize and accelerate traffic in some areas, Siegel cautioned that other areas will either be untouched or suffer deterioration. For example, Vista's security improvements interfere with some VPN clients, and certain security options could interfere with existing WAN performance or optimization products unless they're disabled. Data-reduction compression done by external WAN optimization tools may still be very useful in some situations.

"For most applications, it's not really going to replace a WAN optimization box," Siegel said. Still, he warned, "When Windows Vista and Windows Server Longhorn are widely deployed in the enterprise, probably starting in 2008, serious consideration should be given to whether external WAN performance-optimization solutions are still necessary."

Other issues that may gum up the use of WAN optimization techniques include Windows' use of server domain isolation (SDI), which requires both ends of a TCP connection to use IPsec authentication. SDI makes every packet header unique, and in many cases WAN optimization boxes can't optimize the packets.

"If every packet has a unique header, it negates most acceleration techniques," said Garreth Taub, vice president of marketing for WAN optimization vendor Certeon.

Using SDI for end-to-end authentication may not work with many WAN optimization controllers, according to Taub. It eliminates pattern-matching engines, meaning that traffic would just pass through without being optimized. In some cases, if a WAN optimization device does not recognize the SDI headers, packets could be lost.

"It takes the standard way WAN optimization is done and takes the punch out of it," Taub said.

Siegel agreed, noting that using SDI could cause a WAN optimization appliance to be perceived as a "man in the middle." In turn, packets could be lost.

Gartner Inc., in a recent research paper, also warned enterprises to be wary of SDI, which has been part of the Windows stack for a while but to date has been used quite rarely.

"Microsoft does provide guidance for services engagements to integrate non-Windows servers and PCs into SDI," Gartner wrote. "However, end-to-end authentication used by SDI means that bigger enterprises that have large Unix and Linux environments and use applications delivery controllers, WOCs and other 'man in the middle' devices will likely find that SDI will not work in conjunction with those devices. Microsoft is aware of these limitations and is investigating ways to improve interoperability. Before investigating SDI, enterprises should determine how their network management and application optimization strategies will be affected by the use of IPsec authentication."

Along with SDI, Microsoft Windows Office 2007, which runs on top of Vista, tags most documents as XML files. That means Word, Excel and PowerPoint documents, when sent over the WAN, are transmitted in pre-compressed zipped form. WAN optimization tools, which typically look for duplicate data streams, will have to unzip and rezip files while searching for duplicate streams in order to accelerate traffic.

"XML can negate the ability to accelerate," Taub said.

Ken Klapproth, vice president of marketing for network management vendor Entuity, said XML also boosts the amount of sharing end users can do, meaning that more traffic will be traversing the pipes. Those added transactions could clog the WAN.

"If you're sharing that last mile or it's a wireless mile," Klapproth said, "you're trying to transact more and more data over a limited pipe."

Proper planning can, however, prepare enterprises for what's to come, he said.

"It's not a Y2K-like doomsday," he said, "but technologically, Vista offers some challenges to networks."

Despite potential hang-ups on the WAN and with optimization techniques and strategy, Burton Group's Siegel said enterprises should not ignore WAN optimization tools now. Instead, he said, they should look at what they need and compare that to how Windows Vista and Longhorn could affect their environments.

"These boxes pay for themselves in almost no time at all," Siegel said. "You're not going to have Vista and Longhorn out for a few years, anyway. Get something in now. I wouldn't advise anyone to say, 'We're not going to do anything with WAN optimization until Vista is deployed in three years.' Go out there with a tactical solution."

Siegel added that the enhanced user experience and productivity WAN optimization tools often provide are well worth the investment, even if they do become unnecessary once Vista and Longhorn are widely deployed. He said, however, that "cases requiring them will be somewhat scarcer in a few years, after the new Windows technologies are widely deployed."

Enterprises should use caution and examine how compatible Microsoft's technologies will be within their networks, according to Gartner.

"Windows Vista and Longhorn offer the promise of improved networking performance and security," Gartner stated. "However, the scope and scale of the changes present significant security and compatibility risks. Most enterprises will delay large-scale deployments until after application compatibility has been verified, which Gartner expects to take 12 to 18 months. This will give networking components time to mature. As a result, the benefits of the new Windows communications stack will not be broadly realized before 2009."