via eChannelLine USA – The hidden costs of virtual backups.

via Nutanix aims to ban the san from virtualized datacenters – Application Delivery and Virtualization News: Citrix, Microsoft Virtualization Resources, XenApp, XenDesktop, Remote Desktop Services and VMware News.

But there is a lot more to using virtualization in this way than meets the eye. Data management and system design challenges, financial constraints, and governmentwide policies about the future of data centers will all influence the options agencies have for using virtualization as a price-slashing business continuity tool. The opportunity is big, but IT executives are going to have to roll up their sleeves to make it happen.

via New options for never-say-die IT — Federal Computer Week.

In this first edition of ESG’s Behind the Findings program, Jon Oltsik, Principal Analyst and author of the ESG Research Report, U.S. Advanced Persistent Threat Analysis, offers his analysis based upon the results of his recent survey of 244 security professionals.

Advanced Persistent Threats (APTs) are defined as targeted multi-vector attacks usually initiated by a sophisticated and well-resourced adversary.   APTs are typically used as a means for discovering and stealing sensitive data. ESG is now in a position to better understand end-users’ familiarity with and opinions about APTs.

If you have any questions, Jon can be reached via e-mail at jon.oltsik@esg-global.com.

The show doesn’t start until 2/27 but you can feel the anticipation in the air across the whole security community. That’s a good thing since 2011 was an especially difficult year – some have even labeled it “the year of the breach.” Hmm, what happens if 2012 is even worse – which is not unlikely?

In any case, RSA is always chock-a-block with a number of common themes. Here’s what I am anticipating, as well as my editorial comment on each.

1. Threat/malware management. This is a very important topic as Advanced Persistent Threats (APTs) and other types of sophisticated malware demonstrate that our existing security defenses are inadequate. I’m hoping to hear some good intelligence about cyber adversaries, and discuss best practice modifications around security processes and defense-in-depth controls to address these increasingly dangerous threats. Interesting vendors in this space include Countertack, Damballa, and FireEye, as well as old guard companies like Sourcefire and Trend Micro but I’m interested in hearing from others as well.
2. Security intelligence. Security situational awareness is marginal at best at many enterprises. Why? Lots of firms don’t have the right skills or tools in place while others need visibility to more host systems, applications, and network behavior. As I’ve said many times, this makes security a big data problem (I’m on a panel focused on this topic) and I’m interested in learning how the industry plans to address this. I’ll seek out HP, IBM, LogRhythm, McAfee, and RSA on this topic.
3. Security services. With security skills in short supply, the security service providers must be seeing lots of activity. Good discussion for Symantec, Unisys, and Verizon.
4. Mobile security. Yeah, I know about the malware and poorly written applications and I do see a lot of interest in this space. That said, ESG has yet to see a lot of demand for mobile security technologies. I expect a lot of buzz over mobile security, even if no one is making any money.
5. Cloud security. A complex topic but all I anticipate seeing at RSA is simple and tactical solutions (unless I get an architectural overview from Amazon, Google, or Rackspace).
6. Data center network security. We’ve had firewalls, IDS/IPS, and gateway devices forever but network security is still a major area of investment for enterprises. Data center network security is particularly challenging these days as large organizations deal with massive data center scale, web-based applications, and server virtualization/cloud. Does anyone offer a highly-scalable physical/virtual data center network security architecture? Good question to bring up when I talk to Cisco, Check Point, and Juniper.
7. Enterprise security software architecture. In the client/server days, departmental applications were subsumed into enterprise ERP systems. This same type of integration/centralization has to happen with security technologies. Which vendors understand this and know how to build scalable software security architecture a la Oracle and SAP? My goal is to find out.

Like all other similar events, RSA has its share of cocktail parties, tradeshow gimmicks, and give-aways. Entertainment is certainly a big part of the event, but RSA is really about cybersecurity – a very serious topic. Before imbibing their fourth Mai Tai at a Hawaiian-themed party at the W Hotel, I hope that RSA participants think about recent security breaches at New York State Electric & Gas (800k customer records exposed), Zappos.com (24 million customer records exposed), and our security colleagues at Stratfor ,and then consider the real objective of this event.

You can read Jon’s other blog entries at Insecure About Security.

It was a privilege to work with two ESG Lab Engineers, Tony Palmer and Ajen Johan, to do some hands-on with the new Riverbed technologies.

To me, the really cool part of Granite is how it changes some presumptions for branch offices.  Traditionally, I still see large customers doing things in two very different ways:

• For their large data center facilities, SAN-based manageable and consolidated storage.
• For their remote offices, standalone servers with direct-attached disk.

The reason for this is that most presume that managing a SAN at each branch office is non-viable.  So, even though managed storage may be more effective for many scenarios, it only seems to happen in the data centers of many companies.   If only there was a way to do it for the branches?

The Granite technology effectively extends an iSCSI scenario from your data center SAN to a branch office server.   Technically, there are two iSCSI scenarios in play:

• Within the data center (diagram-left), the Granite “core” device has an iSCSI initiator to mount LUNs from your existing iSCSI SAN provider.
• At the branch office (diagram-right), the Granite “edge” device caches a copy of that LUN and becomes an iSCSI target, whereby any machine in your branch with an iSCSI initiator can mount it.

The result is that managed storage blocks that appear local are in fact replicated from a centralized data center copy.  This leads to some really interesting (and presumption-twisting) changes from a Data Protection perspective.  Maybe you still run your backups at the branch?  Maybe you want to finally adopt NDMP and back up directly from the SAN at the data center?  There are some options worth looking at, without ripping out whatever backup solution is currently in play.

There is more to the Steelhead EX + Granite solution than just the iSCSI capabilities, including a built-in VMware hypervisor inside the new Riverbed device – enabling further server consolidation to VMs within the edge device, using iSCSI LUNs that are actually from the corporate data center.

Check out the ESG Lab Validation on Riverbed Steelhead EX + Granite for more.

As always, thanks for reading.

Background

While IT priorities and challenges are often considered with data centers and other centralized corporate resources in mind, it is important to remember that organizations often have distributed locations that have significant and complex computing requirements. In fact, typical IT challenges are often exacerbated in these remote/branch offices due to distance and lack of onsite IT staff. ESG research found that companies face significant challenges when it comes to delivering applications over the WAN from a central location to employees at branch office locations. According to a recent ESG survey,^[1] nearly half of respondents identified improving application performance for end-users as a key initiative (see Figure 1). Improvements to application accessibility and better collaboration capabilities were also high on the list.

Riverbed Steelhead EX + Granite Overview

Riverbed Technology’s Steelhead product family is designed to provide increased application performance and data transfer speeds over the WAN. Steelhead products address four main solution areas.

• Application Acceleration—Steelhead optimizes both TCP and UDP traffic, addresses application-specific latency, delivers LAN-like performance and availability over the WAN, and enables improved collaboration, file sharing, and productivity for distributed enterprises.
• Bandwidth Optimization—enables network managers to achieve better utilization of existing WAN bandwidth by eliminating redundant WAN traffic.
• IT Infrastructure Consolidation—enables consolidation of IT infrastructure from remote offices to a centrally located facility, maintaining performance, availability, and security, as well as reducing capital expenditure and management costs.
• Backup & Replication Acceleration—enables quick and secure backup and replication from branch locations.

The Riverbed Steelhead family of products is designed to optimize WAN traffic between distributed remote and branch office locations and a central data center. Steelhead appliances run the Riverbed Optimization System (RiOS), which is the software platform that enables data-, protocol-, and application-level WAN optimization and allows a central office to consolidate the majority of its remote office server infrastructure, taking the first step toward true infrastructure consolidation. Riverbed Steelhead EX combines WAN optimization capabilities with VMware on the appliance, enabling a branch to virtualize local servers and minimize the bandwidth required by users and applications.

Granite was developed by Riverbed to deliver edge virtual server infrastructure that extends an enterprise storage area network (SAN) out to remote offices. It enables organizations to centralize and consolidate branch office storage at a primary data center. Steelhead EX + Granite combines Riverbed Steelhead and Granite software capabilities with the goal of serving write-intensive and custom applications in the branch with a global storage infrastructure projected from the data center, eliminating storage at remote branch offices previously considered too difficult to consolidate.

ESG Lab Validation

ESG Lab performed hands-on evaluation and testing of the Riverbed Steelhead EX + Granite WAN optimization and storage consolidation appliance at a Riverbed facility in San Francisco, California. Testing was designed to demonstrate how Steelhead EX + Granite improves application performance and availability, as well as delivers infrastructure consolidation and data security for branch locations in a distributed enterprise.

Getting Started with WAN Optimization

Steelhead appliances at remote locations, along with Steelhead Mobile software on remote user laptops, work together with one or more Steelhead appliances in the corporate data center to optimize traffic flowing over the WAN. Riverbed addresses three areas that affect WAN efficiency: application chattiness, data redundancy, and transport protocol inefficiency.

To speed application performance, application-specific optimizations complete transactions locally in the branch on behalf of servers in the data center, eliminating the need to wait for application responses over a WAN connection. To reduce the amount of data sent over a WAN, Steelhead appliances and software intercept and inspect WAN data to determine whether the data or a portion of it has been seen before. When a user attempts to access data already encountered by the local Steelhead datastore, the data is served locally, eliminating the delay of pulling data over the WAN. With this capability, Steelhead appliances allow users and applications to read and manipulate data, while only requesting or sending unique blocks across the WAN. To overcome transport protocol limitations, Steelhead appliances more intelligently scale and pack TCP payloads, significantly reducing round trips and more efficiently transmitting data across the WAN.

Figure 4 shows the test bed used by ESG Lab, which consisted of a simulated data center and remote office. A Network Nightmare WAN simulation device was used to limit bandwidth and inject latency, simulating a transcontinental T1 link. The data center was configured with one NetApp FAS 2050 connected to both Steelhead and Granite core appliances. The remote office had a Steelhead EX + Granite appliance running Steelhead WAN optimization software, Granite block-storage acceleration, and the Riverbed VSP. The connection between the two environments was limited to 1.5 Mbps (T1 equivalent) and had 100 milliseconds of round-trip latency injected to simulate a remote office connecting to a data center up to 3,000 miles away.

ESG Lab Testing

For the first round of tests, Steelhead WAN optimization was used to optimize typical knowledge worker operating tasks. Data reduction and optimization-related metrics were captured using the Steelhead management console as well as wall-clock timing of certain operations. As shown in Figure 5, simple file transfers, Microsoft Exchange messages with attachments, and Microsoft SharePoint transaction performance were measured with and without Riverbed Steelhead WAN optimization enabled. The corresponding results show performance improvements of anywhere from 5X to 50X, depending on the type of transaction.

The data in Table 1 includes the sizes of the objects used in performance testing and the number of seconds to completely execute each operation. The largest time reduction was seen with the transfer of a 65.3 MB file from a remote client to the corporate file server.

Consolidation of Branch Services

Organizations are using server virtualization to simplify their IT infrastructures while reducing costs in their data centers through consolidation. For services required in branch offices, consolidation (minimizing infrastructure in the branches) is also a key goal. However, organizations are faced with a challenge in that certain applications require local compute and storage resources to meet performance requirements for end-users. Steelhead EX features the Riverbed Virtual Services Platform (VSP) that incorporates VMware virtualization technology to consolidate branch servers and applications onto the Steelhead EX appliance.

ESG Lab Testing

ESG Lab began testing the ease of consolidating branch office services and applications using Riverbed Steelhead + Granite technology by simulating the user experience of moving from a traditional branch office with dedicated servers, applications, and local storage to a virtualized Riverbed WAN-optimized and consolidated model, as illustrated in Figure 6.

ESG Lab first virtualized a Microsoft Windows Server 2008 system in the remote location by installing the VM onto the Riverbed VSP. This is accomplished via the Steelhead management interface. The Steelhead EX + Granite appliance can host up to five end-user virtual machines. ESG Lab connected to the Steelhead EX + Granite appliance through the Riverbed Steelhead Management Console to install the virtual server as shown in Figure 7.

Once the virtual machine was loaded and running, ESG Lab simulated a Microsoft SQL server workload using the Iometer load generation utility. SQL Server is an application that, due to the response-time sensitivity of transactional databases, is often hosted on physical servers with local storage in a branch office. In this test, a 4 KB block size was used with a 67% read, 100% random access pattern.

Figure 8 shows the Iometer results displayed during the test. The most important metric to note here is “Average I/O Response Time (ms).” While the back-end connection to the storage array was over a simulated T1 connection with 100 ms of round-trip latency, Iometer reports only 31 milliseconds of latency to disk because data is being written to the local Steelhead blockstore.

It’s important to note here that without Steelhead EX + Granite, ESG Lab was unable to obtain a usable result due to the restricted bandwidth and high latency of the WAN link. In fact, the connection to the LUN in the data center timed out, and the mount failed.

Consolidating Branch Office Storage

Riverbed Granite extends iSCSI block storage from the data center to the remote site in a way that is transparent to users and applications, and that takes advantage of Riverbed Steelhead WAN optimization technology. Granite enables organizations to maintain local servers at branch offices while actually storing and protecting their data within their data centers. Riverbed VSP provides the ability to host those servers directly on the Steelhead EX appliance.

ESG Lab Testing

ESG Lab tested Granite by mounting iSCSI LUNs from the data center on physical branch server nodes as well as within the virtual machines hosted in the Steelhead EX + Granite appliance. To verify the challenge of accessing “unoptimized” iSCSI storage over the WAN, ESG Lab first attempted to mount an iSCSI LUN directly from a traditional branch server to a data center SAN without Granite, and observed that the connection timed out and the mount failed.

Next, ESG Lab tested whether Riverbed Granite could allow the use of iSCSI over the WAN by configuring Granite appliances in both a data center and a remote office location. Figure 9 shows the basic functional design of storage extended with Granite. In effect, there are two iSCSI connections (working from right to left):

• Within the data center (right), between the actual iSCSI SAN target to the Granite core iSCSI initiator.
• Within the remote site (left), between the production server iSCSI initiator to the Steelhead EX + Granite iSCSI target.

Using the same branch server, ESG Lab was able to successfully mount with no errors or timeouts the same iSCSI LUN that had previously failed to mount in the “unoptimized” test.

The combination of Granite with Steelhead WAN optimization makes it possible for a data center LUN to be successfully mounted by a remote office production server—either a physical server located in the branch or one that is virtually hosted within the Riverbed VSP hypervisor.

Next, ESG Lab examined performance and usability. For this test, ESG Lab (working right to left in Figure 9):

1. Configured multiple LUNs within the data center SAN, which is completely unaware of the Steelhead EX + Granite extended storage scenario.
2. Configured the Granite core iSCSI initiator to mount the LUNs that are to be extended.
3. Assigned a specific Steelhead EX + Granite edge device from the Granite core at the data center to extend each LUN. By doing so, the Steelhead EX + Granite device became an iSCSI target and offered the LUN to devices within the remote site.
4. Connected the LUN to the production Windows server using its iSCSI initiator, with the server being completely unaware that the LUN is not within the remote site but actually extended from the data center.

From there, the LUN behaved like any other iSCSI-attached device and could be mounted and utilized. A common concern about remote storage is that the latency associated with initial use or access requests will have an impact on the end-user experience. To observe the behavior, ESG Lab configured an extended LUN within Steelhead EX + Granite that contained a known data set and requested various randomly selected files.

Figure 10 shows the Steelhead EX + Granite Blockstore Metrics report, which measures the amount of “hits” (requested blocks that were already available at the branch) and “misses” (blocks that needed to be sent from the data center) in megabytes. This, in effect, measures the effectiveness of the Granite technology to pre-fetch and/or quickly transmit the necessary blocks, such that the branch server experiences the storage as though it is local.

ESG Lab used AutoCAD software to open a 33.5 MB file (cifs.dwg). The first time the file was accessed across the WAN, the file-open process took 27.7 seconds. The file was closed and the workstation was rebooted to clear client cache. When the workstation was restarted, the same file was opened using AutoCAD, and the file opened in 5 seconds, the same as baseline testing over the LAN.

While Figure 10 shows the Granite technology’s effectiveness in pulling data from the data center to the branch, Figure 11 shows the behavior of data written at the branch being committed to the data center.

• The dark blue line tracks the amount of data being written to the Granite blockstore.
• The light blue areas show data received but not yet written back to the data center storage array, implying minimal latency in transmitting those blocks to the data center.
• The grey areas show data that has been committed to the data center.

Overall, ESG Lab found the Riverbed Granite extended storage solution to be surprisingly easy to configure and utilize. Neither the production server at the remote site nor the data center SAN felt any impact from the extended distance. The iSCSI implementation was intuitive and performed well over a simulated 3,000-mile WAN connection. The combination of Granite with Steelhead technology dramatically accelerated data transfers over low-bandwidth, high-latency connections.

Remote Office Scenarios and Implications

After the servers were virtualized and the SAN storage was extended from the central data center, ESG Lab was ready to explore the performance and resilience of a Riverbed-enhanced remote office when a WAN link goes down and is restored.

ESG Lab Testing

First, ESG Lab set a baseline by opening several large files that resided on an extended iSCSI SAN volume shared on the remote office LAN by a virtual server hosted in the Steelhead EX + Granite appliance without Granite acceleration. ESG Lab opened a 39.4 MB AutoCAD file named “http.dwg” using a client on the remote office LAN. Without Steelhead and Granite optimization, the file opened in 721 seconds, or just over 12 minutes. The AutoCAD application was completely unresponsive while the file was pulled across the WAN.

Next, the same file-open test was performed with Steelhead WAN optimization and Granite active. The first time the file was accessed, the operation completed in 39.1 seconds. After closing the file and opening it a second time, the file opened in 5.0 seconds. As expected, the second open was much faster, being serviced by the blockstore cache on the Steelhead EX + Granite appliance. Saving the file to a new name took 3.1 seconds.

As seen in Figure 12, at 18:07, ESG Lab disconnected the simulated WAN between the remote office and data center, and attempted to open the same file. The file opened successfully, in 5.6 seconds. Next, the file was saved to a new name, which completed in 3.1 seconds. This is comparable to the performance observed when the WAN was connected.

ESG Lab repeated these procedures multiple times, opening files and saving them to new names. Performance was consistent. Figure 12 shows the data writes/commits report from the Steelhead EX appliance.

As shown in Figure 12, as data was written to the network share, the uncommitted bytes that had been accepted by the Steelhead appliance but not yet transmitted to the data center increased. Note that the entire time that the volume was disconnected, the client and server at the remote site remained connected, and the volume remained online.

After approximately 30 minutes, more than 40 MB had been written to the shared volume. ESG Lab then reconnected the WAN and monitored the data writes/commits report. As can be seen in Figure 13, the Steelhead appliance committed the 43.6 MB of data to the NetApp FAS in the data center in about 45 seconds.

The resynchronization was automatic and completely transparent. Users and applications saw no change in connectivity or access when the WAN link was down, nor when it came back up. Figure 14 shows a network traffic summary report for the time period that the resynchronization was executing.

The port number indicates the type of traffic: Port 7951 is traffic flowing between the Steelhead EX + Granite edge device and Steelhead and Granite core devices in the data center. The actual data transmitted across the WAN link was highly optimized, and, of the 43.9 MB of iSCSI data transmitted by the virtual server, only 3 MB was actually transmitted across the WAN, a reduction of 93%.

Data Protection Scenarios and Implications

When extending storage from the data center to the remote office, data protection becomes multifaceted, incorporating not only backup and recovery of production data, but also protection of remote office data from loss or theft.

Securing Data in the Appliance

Riverbed appliances utilize integrated storage to hold cached data in remote locations, designed to enhance the remote user’s experience by providing local access to frequently used data. The Riverbed Steelhead + Granite appliance offers AES encryption (up to and including AES-256) to securely encrypt the data on disk. The AES key for the Granite blockstore is kept in a secure vault area, which is also encrypted using AES-256.

The default key to each appliance vault is unique, derived from a unique identifier of each appliance. The vault key can be changed by organizations to comply with their own security standards. When an appliance boots, the vault key must be provided, or the contents of the blockstore are not accessible. A visual representation of Riverbed encryption is shown in Figure 15.

Backup and Recovery

When considering backup and recovery, multiple data protection scenarios are either enabled or enhanced, including:

• File/application-based protection of the remote data, from the data center
• Block-based protection of the LUNs used by the branch platforms, from the data center

In principle, because server-centric storage utilized at the branch is in fact extended from the data center via Granite (and user-centric data from the branch is stored locally on Granite-extended volumes), Riverbed suggests that data protection can be done entirely from the data center instance of the data.

ESG Lab audited the operating methods that Riverbed uses for storing its data to understand the viability for customers to use their current data-protection methods within a Steelhead EX + Granite deployed configuration.

Traditional File/Application Backups from Guest-VM Branch Servers

For production servers running at the branch, presumably as virtual machines within the Steelhead EX + Granite (VMware Virtual Server) host environment, traditional file- and/or application-centric backups are still achievable.

ESG Lab looked at how a typical backup agent can be installed within a virtualized production OS to send backup data to the requesting backup server located at the data center, as shown in Figure 16. In this configuration, as files are queued to be sent from the production VM to the backup server, Steelhead WAN optimization is designed to recognize the data that already exists at the data center from previous synchronizations. In this case, while both the remote backup agent and the data center backup server believe that the data is being sent across the WAN, only truly unique data segments and reference “pointers” to previously encountered data actually traverse the network.

Based on how ESG Lab tested file transfers with Steelhead EX + Granite, file-centric data movement during backups should be nearly eliminated. Similarly, application-centric backups that generate storage IO as part of the backup process (such as SQL Server log files) will benefit. In those cases, as the data files are prepared for backup, their corresponding blocks within Granite will be committed to the data center and therefore may not need to traverse the WAN during the actual backup.

SAN-based Backup of the Branch from the Data Center

Perhaps the most intuitive and yet subtle method ESG Lab observed was the ability to back up the extended LUN from within the data center. Because the SAN is unaware of the Steelhead/Granite solution, LUNs can be backed up directly using storage-based snapshots and clones—traditional “serverless” backup solutions.

As seen in Figure 17, ESG Lab observed that by backing up the original LUNs from the SAN, all of the production data could be protected in the data center, including virtualized server-centric data and client-specific data that are Granite-extended.

As shown in Figure 17, ESG Lab found serverless backups of remote office volumes to be potentially ideal choices for those customers who already utilize them within their data centers. The IO burden is removed not only from the production resources, but also from the Steelhead and Granite appliances, freeing them up for production IO exclusively. Like any serverless backup, an understanding of the applications in use and the need for consistency and post-backup processing are keys to success.

Riverbed SAN Hardware Snapshot Integration

Along with extending and potentially enhancing customers’ existing backup methodologies, Riverbed has also developed a Riverbed Hardware Snapshot Provider (RHSP) mechanism to directly integrate its storage-extending capabilities with both the Microsoft Volume Shadow Copy Service (VSS) and SAN arrays from EMC, Dell EqualLogic, and NetApp.

Although RHSP was not tested by ESG Lab, a discussion with Riverbed highlighted RHSP capabilities that directly address the need for application consistency with backup. RHSP installs as a plug-in on Windows clients in the branch office. It is used within the VSS process to place a point-in-time marker into the Granite blockstore. This enables a backup agent to quiesce an application to indicate an application-consistent restore point. In turn, this indicator triggers a snapshot on the data center SAN storage array that can then be used for any required restores or subsequent secondary backups to disk or tape in the data center.

ESG Lab Validation Highlights

• ESG Lab used Steelhead appliances to optimize WAN performance and reduced data by up to 50 times, enabling more productive collaboration between remote and central offices.
• When running an OLTP database workload in a Riverbed appliance-hosted virtual machine, ESG Lab observed latency to storage over the WAN decreased by more than 67%, enabling a remote server to mount an iSCSI volume hosted in a distant data center, and making it possible to consolidate business-critical branch services over the WAN.
• ESG Lab found Granite-extended block-storage performance over a simulated transcontinental WAN link to be remarkably viable, rivaling local-attached storage in both throughput and latency.
• ESG Lab validated that Riverbed improved performance by a factor of 18 to 26 times when opening and editing large CAD files across a high-latency, low-bandwidth T1 link, providing WAN access to centralized project files at LAN-like speeds.
• ESG found that customers’ existing backup methodologies were all potentially viable options for remote offices—in ways not achievable without the combination of WAN optimization and storage extension. Without changing their backup mechanisms, customers may find their solutions enhanced because of how Steelhead optimizes the data streams that Granite has already synchronized between sites.

Issues to Consider

• It should be noted that one key to the performance of the extended storage is the built-in blockstore within the Steelhead EX + Granite appliance itself. When designing the storage to be used at the branch, customers should be aware that the Granite solution does not change normal design considerations around capacity or IO performance. Those aspects should still be considered when determining the size of the Granite edge device to place at a particular branch location.
• While many data-protection scenarios are enhanced through this configuration, for SAN-based backup of the branch from the data center, a minimal amount of effort is still required to ensure the boot volumes of the virtualized VMs on VSP within each branch appliance are protected and recoverable. ESG Lab hopes that Riverbed will address this in future releases, so that even in the VSP scenario, an entire VM can be protected at the data center.
• While many backup processes may potentially gain benefit from a Riverbed Steelhead solution with Granite technology, they do so without any awareness of Riverbed’s changes to infrastructure or topology.

The Bigger Truth

Riverbed provides comprehensive WAN optimization solutions, helping organizations share applications and data across global wide-area networks. Riverbed WAN optimization solutions have been proven in the field to give businesses order-of-magnitude increases in the performance and value of their existing IT infrastructure and mission-critical applications, including file sharing, e-mail, backup, document management systems, IT tools, and ERP and CRM solutions.

Riverbed has applied its field-proven WAN optimization technology to provide similar performance gains for SAN-based block data extended to remote offices. Achieving a data reduction of more than 26 to 1 in ESG Lab testing, Steelhead Granite technology not only reduces the amount of bandwidth needed to connect to data center SAN storage, but also provides access to remote users at local speeds, maximizing the productivity of those remote workers. Steelhead EX + Granite also enables organizations to utilize existing investments in data protection hardware and software and secures that data in the data center.

In a truly fluid enterprise, all data and storage resources will be centralized in the data center. When that occurs, organizations will gain the ability to provide desired performance in the branch and the ability to quickly provision systems and storage wherever or whenever they wish. In addition, data protection becomes much easier and more secure for remote offices—it is executed centrally along with all valuable corporate data in the data center.

ESG Lab confirmed, through hands-on testing, that Riverbed’s Steelhead EX + Granite solution is able to reduce remote office network traffic while extending data center SANs with little impact on remote office servers and clients. The solution integrated well with Microsoft Exchange and SharePoint business applications as well as basic file system services and iSCSI block storage, long considered all but impossible to extend over long-distance, low-bandwidth WAN links. Organizations interested in improving the remote user experience while bringing data-center-class performance and protection to their remote offices should seriously consider Riverbed Steelhead EX + Granite.

Appendix

[2] Source: ESG Research Report, 2011 IT Spending Intentions Survey, January 2011.

[3] Source: ESG Research Report, 2011 Remote Office/Branch Office Technology Trends, July 2011.

[4] ESG Research Report, Remote Office/Branch Office Technology Trends, July 2011.

[5] Source: ESG Research Report, 2011 Remote Office/Branch Office Technology Trends, July 2011.

[6] ESG Research Report, Remote Office/Branch Office Technology Trends, July 2011.

Of course, others took notice and wanted their own piece of the pie. Cisco came out with its ASA 5580 a few years back. Network security guru Sourcefire introduced a high-end hardware architecture and a firewall in 2011. Finally, Check Point jumped in with its own high-end hardware as well.

As if this space wasn’t crowded enough, F5 Networks threw its hat in the ring this week with the announcement that its Big-IP 11.1 software passed the ISCA Labs test for network firewalls.

This may seem like just another feature for Big-IP but it’s not. F5 has a unique position amongst its competitors because:

1. F5 is already in the right accounts. Big-IP is a staple product at large enterprises, wired/wireless carriers, and cloud service providers. F5 should be able to leverage these relationships to get a CISO introduction.
2. Everyone knows that F5 can build a high-end network hardware box. Like Juniper, F5 built its reputation on building high performance boxes that can scale. This status may get F5 on the evaluation short list right away.
3. F5 offers a consolidation play for the network. F5 sits behind the firewall but in front of a boatload of critical web applications. With a few network architecture tweaks, you can configure a Big-IP to perform firewall and ADC functions from the same box. This could simplify network architecture and operations.
4. F5 brings a new recipe for network/application security integration. With all the industry talk about next-generation or application-aware firewalls, F5 goes a step further. Big-IP can be configured for security and customized with iRules to offer extremely strong network/application security integration.

F5 has a lot of potential to alter the high-end firewall market but there is still work ahead. Remember that many people still perceive F5 as the load balancer company, so for F5 to succeed it must first demonstrate its network security chops. This means convincing its customers that it is committed to network security and that its product is as strong on security protection as it is on performance.

Finally, the introduction of a high-end firewall just made F5 an even more attractive acquisition target. With a current market cap of $9.5 billion, the list of potential suitors is small, but F5 would certainly add value to HP’s networking and security portfolio. IBM may be tempted to make a play since F5 makes sense from a security, data center, cloud computing, services, and WebSphere perspective. You could even make a case for Cisco to buy F5 but that’s the longest shot of all.

You can read Jon’s other blog entries at Insecure About Security.

“All those things start adding up, so the more they can bring back, the more they can consolidate, the more they can take advantage of those economies of scale back in the data center,” Laliberte said.

At Paul Hastings, consolidation over the next three to five years should cut down on big spending for storage gear at the company’s 20 offices, according to Tate. “It would really be nice to leverage our SAN resources and those assets just in the hub locations, and kind of get off that train,” he said.

via Riverbed’s Granite Speeds up WAN Storage to Drive Consolidation | PCWorld Business Center.

via Unified Edge Fabric enhances enterprise mobility, BYOD support., Enterasys Networks.