In operating legacy, or hybrid network architectures, many enterprises have experienced unexpected performance issues after migrating to Office 365 - latency and jitter - as well as significant increases in bandwidth usage, resulting in a troublesome deployment and poor user experience.
The underlying cause of the problem is the need to meet Microsoft’s network architecture & bandwidth requirements for Office 365. There is also the resultant increase in MPLS costs, as well as unexpected additional hardware appliances hardware costs.
So, what are the causes of network latency issues encountered with Office 365 migration?
In its report on Office 365, Gartner noted that “Existing internet connectivity to Office 365 will not be ‘good enough’ for most Office 365 usage scenarios.”
With user experience being the number one measure of a successful migration to Office 365, this places the need for LAN-like performance for all users – from the head office, to branches and remote/mobile workers.
Research has shown that, of the estimated 78% of organisations which have migrated to Office 365, more than 60% encounter weekly network issues – caused by an underestimation of traffic and bandwidth requirements.
Furthermore, the associated infrastructure costs are frequently misunderstood, requiring an increase in bandwidth usage and/or firewall capacity.
Office 365 network connectivity requirements
With Office 365, firewalls experience between 12 - 20 persistent connections per user. Microsoft also recommends no more than 2,000 users behind each public IP address. But importantly, they also recommend bypassing Office traffic through your proxies.
Which is why Microsoft came up with ExpressRoute – essentially, a private high-speed circuit with low latency. But as we dive deeper, we can see that this is not the answer – and why Microsoft themselves recommend a direct internet connection to Office 365.
ExpressRoute vs. direct internet connection
Typically, ExpressRoute will terminate in the primary Data Centre, delivering a first-class user experience for HQ, but what about Branch offices and remote workers?
Branch users will need to backhaul traffic over MPLS - introducing latency and congestion (or increasing MPLS costs), while remote workers will need to connect via VPN.
Challenges with ExpressRoute
- Good internet connectivity is still required and in fact, a good internet connection may give better, or similar performance.
- ExpressRoute often encourages a ‘hub and spoke’ model, which increases latency compared to a direct connection.
- Moreover, a highly skilled network team is required, with a higher cost of implementation, usage and maintenance – requiring up to 6-months of planning for implementation.
As a result, Microsoft offers the following guidance for connection routing to minimise latency:
- A well-configured, direct internet connection is the optimal method to connect to Office 365, both in terms of performance and cost.
- Avoid centralised proxies, which can increase latency.
- Ensure proxies are in the local region of the client.
Why not add additional appliances?
Rather than taking an indirect (and costly) route back to HQ, you could install more appliances at branch level. With users now directly accessing Office 365 via local internet breakouts, user experience will be quite good, assuming that bandwidth requirements are managed - and not impacted by the likes of YouTube.
However, traffic will only continue to increase over time, as Office 365 will not be the only cloud-based traffic - as well as working against the original reason why you moved your apps to the cloud in the first place!
Bandwidth requirements with Office 365 migration
With Office 365 migration, you should assume bandwidth consumption will increase 40%. You should also assume that existing firewalls/proxies will see some level of port exhaustion, and that users will quickly wipe out your bandwidth estimates.
Microsoft offers the following guidance when it comes to bandwidth planning for Office 365:
- Up to 25 users: Use Excel calculators.
- Over 25 users: Start with the calculators as an estimate, then run a pilot and measure the usage during that time.
What about proxy architecture?
Proxies often do not scale well - and were not designed with SaaS services in mind, resulting in poor performance with applications like Office 365.
If a proxy must be used, then ensure:
- Devices are scaled up to cope with SaaS services, both in terms of processing and NAT capability.
- Avoid centralised proxies (which can increase latency) and ensure proxies are in the local region of the client.
- Avoid using Skype for Business, even when optimised.
- Avoid unnecessary packet inspection.
So, what’s the answer?
As you might have guessed (or hoped), there is a remarkably simple solution, which addresses the need to directly (and securely) connect to Office 365 with low latency, as well as manage bandwidth – for all users, regardless of location.
With direct peering with Microsoft’s Azure network, Zscaler’s cloud security platform provides a low latency connection to Office 365 (or any internet location), regardless of location – to deliver a great user experience. There is simply nothing better than going direct. And with granular bandwidth control (to both cloud applications and general internet traffic), you can guarantee Office 365 bandwidth to all users.
The world’s biggest cloud security platform
As a Gartner magic quadrant leader for the 7th consecutive year, Zscaler moves your security stack to the cloud, providing fast, secure connections between users and applications - regardless of device, location, or network.
An incredibly simple solution which not only provides low latency Office 365 connectivity for all users, avoid increasing bandwidth costs, but also provides granular bandwidth visibility and control, as well as enabling enterprises to further unlock the promises of cloud and hybrid network infrastructures.
Which is why Zscaler is the default choice for enterprises of all sizes looking to migrate to Office 365 (or other large-scale apps, for that matter).
This is not to say that ExpressRoute will not be used at times, as it could be for larger HQ sites. But for branch and remote users who require a first-class user experience, the justification of backhauling traffic is going to be a hard sell.
How to avoid network latency & bandwidth issues
With Zscaler, Office 365-enablement is simple, provided, of course, that Microsoft’s guidelines have been followed. Enable Office 365 with one-click in Zscaler, then perhaps perform some routing optimisation and bandwidth management. That’s it, at least as far as the network is concerned!
Want to learn more? Download the full eBook
Read Comtact's Expert Guide to Office 365 Network Architecture for Enterprises (and other large-scale applications).
Deliver LAN-like performance, with full visibility and control of bandwidth usage - even across legacy network architectures. And avoid the common latency complaints with Office 365.
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24x7x365 from our ISO27001-accredited UK Network & Security Operations Centre (NOC/SOC).
And as the UK’s leading Zscaler partner, Comtact Ltd. has extensive expertise in network and security transformation, operating 24/7 from our high security UK NOC/SOC to transform and secure many of the UK’s leading organisations.
With a dedicated in-house team to Zscaler specialists providing 1st and 2nd-line support to clients, Comtact helps dramatically simplify the migration to Office 365.