Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Yogi Chandiramani, Blue Coat: Application Visibility and Understanding, The Key to Network Cost Containment and Optimization

September 2009 by Yogi Chandiramani, Technical Director, Blue Coat

Ask any IT executive how many applications are running on the company network, and the answer is typically off by at least 50 percent. Sometimes, the truth is that there are ten times as many applications vying for network resources than the off-handed guess of an IT executive. The reality of knowing leads directly to the ability to reign in runaway networking costs and ensure quality of applications, communications and business processes.

None of this should come as much of a surprise. Over the past five years the number and variety of applications using network or Internet resources has exploded to a level beyond what anyone could accurately count or even estimate. Take the Apple iPhone, for example. Since its introduction in early 2007, more than 65,000 applications have been created for this single platform. CNET’s has more than 3,350 applications available for download in the category of digital photography alone.

The Web has made it possible for anyone to be their own IT department, loading on applications as they see fit, creating their own applications from scratch or using ones that aggregate existing applications and data sources. Often times, these individuals are unaware of the performance implications that these applications might have on the company’s Internet gateway or the Wide Area Network (WAN) link that connects their branch office location to a corporate datacenter or centralized Internet access point.

Take something as innocuous as Adobe Acrobat Reader. In a typical configuration, the application is constantly checking to see if updates are available, and, often, will download these automatically as a service for the user.

In the case of Apple iTunes, most users expect that it only consumes network or Internet capacity when it connects with the iTunes store to browse or download content. In reality, iTunes uses network and Internet capacity in ways that most users or IT departments would not normally consider. Besides seeking new updates to the application software itself, iTunes may try to download artwork for songs already in the music library or automatically download podcasts for which users have a subscription. In addition, iTunes may automatically share content with other users on the network—this aspect of the application can potentially consume considerable resources.

In actuality, there are very few fully standalone applications these days. Perhaps you could say that no application is an island. As applications have become more advanced, they have also become more collaborative. Applications are designed to share information, seek updates, provide heartbeat data, connect with other applications and data or interact with other users.

On a network with only one or two users, application proliferation and connectedness may not be much of an issue, but multiply these realities by ten, twenty, 100 or even 1000 users, and the effect compounds itself to significant levels. Even several users in a branch office connected to a remote datacenter and Internet access gateway have the potential to fully consume the bandwidth resources of its WAN lifeline.

Frankly, 12 months ago, most IT executives would have not given this topic a second look. To the question, “Do you know how many applications are running on your network,” most IT executives would answer, “Who cares.” Today, that is rarely the case.

Now, with IT budgets being cut, networking groups and IT executives do care what is running on the network. To see 30-50 percent of the Internet gateway or WAN capacity being utilized for non-business use is something that no one can ignore. Companies can no longer afford to simply “throw bandwidth” at the problem when they run out of capacity.

At the same time, the issue may not be purely one of bandwidth. Unmanaged applications may contend with other enterprise-critical applications or real-time voice and video traffic, creating serious quality issues or interrupting key processes.

The key to solving these problems is the ability to have true application visibility. Unlike network assessment tools, high-level network managers, packet capture solutions and network flow type solutions, an application visibility solution can determine what the network traffic is in terms of the real application and how it is being used. Rather than seeing ports, IP addresses, sources, destinations and general protocols, the company can know exactly what packets represent which applications running on the network.

Solutions such as PacketShaper appliances from Blue Coat Systems use deep packet inspection and dozens of measurements to not only precisely identify the application but also monitor or assess its quality and behavior.

Once an enterprise or organization can understand the applications on the network, it can control them. If the application is mission-critical, an enterprise can accelerate it with WAN optimization technologies and assign a high priority or even bandwidth guarantees. If the application traffic is malicious, it can be blocked or stripped of its dangerous payload with appropriate security technology. If the application traffic falls into the large gray area between “good” and “bad,” it can be assessed and categorized as purely recreational or moderately beneficial. Rules can then be applied to manage, shape or mitigate the application consistent with the company’s IT and networking policy.

It is only through actually seeing and understanding the application traffic that IT and network managers can make productive decisions and manage traffic effectively. At the same time, application understanding provides the means to contain network costs and better manage its usage. Rather than throw as much as half the network resources away on non-productive or malicious traffic, companies can manage this down to an acceptable amount. In addition, the IT department can ensure that non-essential application traffic does not interfere with crucial business operations.

See previous articles


See next articles