Many companies make the move to Office 365 because - as Microsoft says - you can access your office remotely every day of the year. No longer are you tied to hardware and software in a physical building. Office 365 also shifts the burden of storing vast amounts of information, data, software, and other components onto Microsoft’s servers, allowing your business to securely access everything from the cloud - from anywhere.
However, the migration to Office 365 is not without its challenges. Companies are experiencing technical difficulties with performance complaints from end users, reflecting badly on the IT organisation responsible for deployment.
Here are the critical steps to get your network ready when you're moving to Office 365.
Is your network ready?
- Microsoft's recommendation for accessing Office 365 is via a direct Internet connection, to get users onto Microsoft’s CDN quickly for a fast user experience.
- Network utilisation will increase by up to 40% with Office 365.
- 'Hub-and-spoke' architectures with centralised security control require branch and local traffic to be backhauled over MPLS or VPN, introducing latency and jitter, as well as excess network traffic.
Preparing your firewalls & security hardware
- Similarly, 'hub-and-spoke' architectures require firewall appliances to be deployed locally to maintain security for local Internet connections, as well as all the security appliances sitting in the current gateway.
- Office 365 requires constant firewall updates; missing an IP or URL update will cause user connectivity issues. This places an excessive workload on IT departments.
Let's get into some more details...
Many organisations have started to move their applications to the cloud. But as business and IT transforms, this throws up connectivity, latency and security challenges.
When deploying Office 365, if you run a traditional 'hub-and-spoke' architecture, then your challenge will be providing a direct Internet connection, with the appropriate local security controls.
What about ExpressRoute for Office 365?
ExpressRoute permits a direct VPN connection between your internal network and the Microsoft cloud. However, this is not the recommended connection method, as traffic still needs to be backhauled over MPLS or VPN to a centralised gateway. ExpressRoute is highly complex to configure correctly and is only recommended for a small number of use cases.
Firewall expansion & upgrades
Additional appliances will be required to keep up with the increase in traffic flow. This could include extra security controls - next-generation firewalls, data loss prevention, SSL inspection, bandwidth management, and outbound proxies.
The additional firewall appliances required for local Internet breakouts also need to be supersized to handle the high number of long-lived connections and to accommodate the growth of SSL traffic over the next 3 - 5 years (or over the life of the appliance).
Additionally, DNS needs to be handled locally, otherwise the user will be connected to Microsoft’s network in the location nearest the DNS provided - not necessarily nearest to the user - introducing unnecessary latency.
Explainer: Office 365 creates a high number of long-lived connections that can overwhelm existing firewalls and drive unplanned network upgrades. Each user will generate between 12 and 20 persistent connections across different ports, not just 80/443.
This results in an average increase in network utilisation of 40 percent (increasing MPLS costs). Microsoft also recommends no more than 2,000 users behind each public IP address.
The preferred connection method
Office 365 was built to be accessed securely and reliably via a direct Internet connection. Direct Internet connections to Microsoft's CDN minimises latency, providing a fast user experience, while avoiding the backhaul traffic over MPLS or VPN. Caution should be taken to avoid centralised proxies (decentralised if required). Proxies struggle to deal with long-lived sessions and high-throughput connections. Internet gateway appliances, including proxies, add latency and cause jitter. Office 365 requires NGFW capacity and WAN latency assessments.
So what's the solution?
Leader in the Gartner Magic Quadrant, Zscaler's Cloud Security Platform allows organisations to breakout Office 365 and Internet traffic locally without any hardware or software to deploy, for a fast user experience.
By moving your security appliances to the cloud, Zscaler dramatically simplifies your IT transformation strategy, as well as your Office 365 deployment. Zscaler instantly configures Office 365 connectivity policies across the Zscaler cloud with 'one-click' configuration. Automated IP and URL updates further simplifies operational management.
Fast Office 365 user experience
Zscaler's global cloud platform peers directly with Microsoft data centres for a fast user experience, with bandwidth controls to prioritise Office 365 over YouTube (or other) Internet traffic.
With Zscaler, Office 365 users now connect locally, reducing MPLS spend, while avoiding hardware upgrades with elastic cloud services.
How can Comtact Ltd. help?
Firstly, you should read our blog on Solving network latency issues with Office 365 migration.
Then get the BIG read and learn how to avoid common latency complaints with Office 365 with our comprehensive 20-page Guide to Office 365 Network Connectivity.
Expert Zscaler deployment & support
Operating 24/7 from our UK NOC/SOC, Comtact Ltd. is the leading Zscaler partner in the UK, with the largest in-house Zscaler support team, providing 1st line and 2nd-line support to clients.
Comtact's dedicated Zscaler team is highly experienced in deploying Zscaler across complex IT infrastructures, working with many of the UK's leading organisations.