SaaS delivery has changed the world. Now it’s time to change your network strategy
Use of the cloud and access to SaaS applications from anywhere in the world are forcing enterprises to profoundly change the ways they organize their networks and security.
Remote workers used to connect to the enterprise data center via VPN to access applications; this is not a viable solution with the cloud in play.
An MPLS network connecting branch offices to the headquarters to access SaaS applications is no longer practical because of performance issues.
Providing a quality end-user experience has become the key challenge for every company using SaaS applications such as Office 365.
That is why Microsoft and Gartner have completed numerous studies on this topic.
For example, Gartner has published:
- How to Manage SaaS Performance When SLAs Remain Immature
- Use Monitoring for SaaS Despite Its Limitations
- Implementing Microsoft Office 365: Gartner Survey Results and Analysis, 2019
- How to React to the Impact of the Cloud on IT Operations Monitoring
These describe the changes in IT caused by the cloud, where end-user experience is key. This is ensured through the fusion of applications, networks and devices.
The best practices described by Microsoft result from the analysis of thousands of deployments and the performance issues involved.
You can easily read about the details of end-user connectivity in the document.
You can also read an interesting series of article about modern service management here.
We at GSX have assisted hundreds of customers in resolving their performance issues.
The key point is that even if your company’s IT has its own special features, even if your network or your business is special, in the end nobody is special enough to violate the connectivity principles established by Microsoft. Many of your peers have tried… and failed. That is what we have seen every single time because it is just a matter of time.
Office 365 Connectivity Principles: Because trust matters
In order to introduce the topic of connectivity, here is the latest summary chart from the Microsoft documentation:
Credit: MS Ignite, Optimal network connectivity for Office 365 performance: What is it and how to get there
In this series of blogs, we will go back to each of these principles in order to provide more details and use cases. You will see from the statistics that these principles are critical, no matter the size or the complexity of your infrastructure.
I have to say that we have been surprised during our discussions by the number of companies and Office 365 project managers that didn’t really pay close enough attention to these four principles.
Let’s have a quick overview.
The first principle is traffic optimization.
As we will see in the next blog post, Microsoft has made a considerable effort to reduce the number of FQDNs that must be prioritized (from thousands to fewer than 10!).
So now you have a very limited number of ports and URLs to deal with in order to dramatically enhance the Office 365 experience.
And this first point is key because it allows you to abide by the other three principles.
Read the post about Principle #1 Differentiate your traffic
The second principle is to enable local egress.
As discussed, this is sometimes in contradiction with the old way of determining access to an enterprise’s network applications (VPN, MPLS, backhauling, etc.)
But again, you now just have to do this for a few URLs. Your differentiated traffic should be able to exit to the internet as soon as possible.
The third principle tells you that this traffic should connect directly to the nearest Office 365 front door. As we will see, there are now front doors everywhere.
It doesn’t matter if your user is in Singapore and your tenant in the USA. Your user should enter the Microsoft network through the Singapore front door and travel on the Microsoft network to the tenant because this network will always be faster and more secure than yours.
And finally, the fourth principle is to update your security for SaaS. You should review the way you secure the traffic to Office 365.
This is a major point that needs deep coordination among your Office 365 team, the network team and the security team in order to avoid duplicating security processes that already exist in Office 365. Built-in security tools and processes in the Microsoft network should allow you to trust the FQDNs you are permitting to connect directly.
As you know, trust, overhead and performance are related in all applications you provide to your business lines. The key is to find the best proportion among these elements. To match security and end-user experience at the best point while lowering your overhead, you need to differentiate connections as close to the user as possible. And that will be the topic of our next blog post. Subscribe to our blog to be notified when we’ll publish the next article!
GSX Solutions provides the only Office 365 digital experience monitoring tool that truly measures the quality of the service delivered to all enterprises’ sites, enabling their IT to take power of the Office 365 performance.
Get started today with Office 365 monitoring and see how you can keep your employees on the path to optimal productivity.