Key Trends in Branch Office Networks
A Major Industry Survey

Download the PDF

Executive Summary
IT professionals often mention branch office computing as one of the more challenging aspects of their overall mission. This survey was fielded in order to identify and better understand those challenges, what their companies’ business goals were for branch office computing, how well those goals are being met today, and their goals and xpectations for the future.

Distribution of applications to branch/remote offices is on the upswing as branch office computing becomes increasingly mission-critical. In the majority of cases, the applications are located on a central server, which raises the usual issues of security, performance, and cost.

Downtime leading to lost productivity and lost revenues is the foremost concern among IT professionals with branch office responsibility, followed very closely by security and cost. At the same time, reducing the number of servers and devices in branch offices is an ongoing concern.

The branch office router often carries additional burdens, such as firewalling and even antivirus functions, not necessarily because it is the best device for the task, but because it is there and the functions are often available from the router vendor.

While the majority of companies are satisfied with the level of branch IT security, the percentage of respondents who are dissatisfied indicates room for improvement or better tools.

Management of branch office IT infrastructure is also a major concern. Many companies use multiple management tools, and while half of the respondents profess “no concerns” about the number of branch office devices or the tools required to manage them, the rest of the companies want to limit or reduce their number. Cost is always a factor, as is getting the most performance and flexibility for the investment.

Taken together, the above concerns indicate an opportunity to reexamine branch office IT infrastructure and capabilities, with the goal of improving security, manageability, performance and capacity. Inherent in this reexamination is the opportunity to reduce cost, streamline operations, and reduce support staff levels.

But infrastructural changes often come slowly and may require significant investments. As companies weigh options, modular, multifunction devices become an attractive alternative to multi-box solutions or endless software add-ons to routers that were never intended to meet the multifaceted demands of modern branch office computing. The demands on the infrastructure can only grow as companies continue their quest to make branch office computing as transparent as possible, equivalent in every way to central office capabilities.

Survey Methodology and Profile of Respondents
To better understand the challenges of branch office computing faced by IT professionals today, Ziff Davis Media surveyed over 800 technology decision makers. The online survey was conducted in December 2005 by The Strategy Group (an independent research company located in Englewood, Florida), among representative readers of enterprise publications published by Ziff Davis Media. In total, 805 subscribers qualified for and completed the survey. Qualified subscribers had multiple remote office locations, ranging from under 10 up to several thousand.

Survey results contained in this report are accurate to within +/- 3.5 percent at a 95 percent confidence level.

Increasing Access to Applications: Why the Branch Network Is Critical
More than half of the respondents, 53 percent, indicated that access to corporate applications from branch offices is on the rise (see Figure 1). Nearly a quarter, 23 percent, typified the increase as “significantly more.” As more and more business processes are extended to the branch office, this trend is likely to continue.

A parallel current trend is red ucing the number of servers in branch offices and centralizing databases and applications. The motivations for centralization center around reduced costs, increased manageability, and lowered IT support costs in branch locations.

However, reducing the number of servers may actually spur adoption of specialized equipment in order to update infrastructure to optimally support higher-power servers, as well as to support needed bandwidth, provide security, and ensure manageability. As functions move to central servers, the WAN becomes more stressed, and more reliance is placed on gateway devices that access the WAN and provide security.

Indeed, many companies have already deployed specialized boxes for individual functions— gateway-level antivirus protection in one, traffic redirection in another, and so on. These boxes, however, typically come with their own management interfaces and consoles. While they may be controllable under a generalized management console system, the net effect of all these devices may be to actually decrease overall manageability.

So the onus is on IT management to make localized equipment more efficient and cost-effective. The cost of ownership of remote servers is almost always higher than centralized servers, maintenance often takes longer, and employee satisfaction is lower, as shown in many management studies, and as confirmed by respondents to this survey. The cost of managing point devices and gateway services likewise goes up with the number of devices in each branch.

Trend: Application Centralization
Among the survey respondents, every major service or application category was found more often in centralized locations than in branches, and by a healthy margin (see Table 1). Backup and storage was the only area in which local deployment occurred even half as often as centralized deployment. Other areas covered in the study included custom applications, e-mail, CRM, sales force automation, supply chain management, and ERP, as well as infrastructural services such as Voice over IP (VoIP) and video. This trend will doubtless continue, with concomitantly increased demands on bandwidth, WAN security, and manageability.

Servers in Branch Offices
Among the survey respondents, the average number of servers currently housed in branch offices was commendably low, at 4.3 (see Figure 2). It would appear that server consolidation is essentially complete among the participants, since the projected number of servers in 12 months decreases only slightly, to 4.2.

So attention will likely turn to the profusion of point devices as communication with centralized databases and servers increases the load—and the reliance—on the network.

Existing IT Components/Functions in Branch Offices
Provisioning a branch office requires both hardware and software, and the degree to which various components and functions are found within branches among respondent companies is interesting.

Not surprisingly, routers topped the list, located in 82 percent of the participants’ branch offices (see Figure 3). Antivirus and wired LANs followed closely, at 79 and 78 percent, with firewalls in 68 percent of the offices. All of the other components and functions were found in less than 50 percent of the branches, but they are more notable for their diversity than their frequency of occurrence.

While antivirus is right up at the top of the list, the vast majority is running on client machines, not at the gateway level. Virtually all other functions—DHCP, DNS, content filtering, NAT, layer 2 and layer 3 switches, intrusion detection/protection, etc.—run in the IT space. Application proxies were found in nearly a quarter, 23 percent, of the branches, and many diverse functions can fit within that loose description, including high-level function caching and compression.

The diversity of functions suggests complexity, multiple vendors, additional hardware, and more remote management tools and protocols. While specialized edge devices are intended to simplify and speed network operations, the profusion of management interfaces can make the job more difficult.

Given the incessant drive to reduce the number of branch network devices, some of these functions will doubtless be candidates for consolidation, perhaps into devices with a modular, open architecture. Emerging services gateway products consolidate formerly specialized tasks into a modular device with a single management interface.

Router Functions in Branch Offices
The router’s proper role is an ongoing issue in distributed organizations, especially as router manufacturers add faster embedded processors, memory, and APIs.
A shade more than half of the survey respondents, 51 percent, say that the routers in their branch offices provide a significant amount of security functionality (beyond normal NAT and similar functions), such as intrusion detection, intrusion prevention, and denial-of-service protection (see Figure 4).

Of the 51 percent answering in the affirmative, 56 percent believe that the router is the appropriate device for the job. But 50 percent (respondents could give multiple responses) also admit that they use the router simply because it is there. Eleven percent consider this to be a temporary situation while they explore other options, and 7 percent don’t have the budget for any other solution.

While it is beyond the scope of this paper to pass judgment on the suitability of the branch office router to these tasks, it is clear that nothing should encumber the router’s basic mission of providing throughput for the organization’s increasingly performance-critical communications. Of respondents, 49 percent don’t try to accomplish other tasks with their routers, and the mere existence of specialized alternatives—services gateway products—is a strong indication that “because it is there” may not be the best approach.

The participants agreed that security was the single most important design criterion for their branch offices going forward, followed closely by maximized performance. However, it can be difficult to achieve both with multi-service edge devices that are not designed modularly or with tight integration in mind. Packet identification and classification are critical for any high-performance, high-security system, and the traditional router-first design with added-on firewall and intrusion detection/prevention can spend too much time handling intrusion and DoS packets.

Satisfaction with level of Security
Nearly two-fifths of the respondents, 37 percent, are only marginally or moderately satisfied with branch office security. This level of discomfort in something as critical as security goes beyond merely taking notice—it’s a cause for management attention, if not outright alarm.

Given the increase in number and type of threats, and the essentially unknowable nature of some threats—coupled with the 49 percent of respondents who believe that the branch office router is not the right platform for security applications—it’s safe to say that alternate platforms should be investigated.

Consistent with other IT initiatives to reduce device “head count” and simplify manageability,
such platforms should be inherently built for security, with an architecture that weeds out threatening packets before everything else, unlike the traditional overextended router.
Additionally, it should be expandable for the future through a modular design that supports customized handling of special packet types, such as video and VoIP, as well as services that haven’t even been implemented yet. In the same vein, they should be centrally manageable, capable of supporting multiple security functions, and have alternate remote management capabilities to reduce the number and occasions for expensive employee dispatches to troubleshoot.

Attitude/Functionality of Central Management, Branch Office devices
While the companies represented here have not uniformly adopted centralized management, those who are centralized expressed a degree of satisfaction more than twice as high as companies who were still managing at the local/branch level (see Figure 5). This is to be expected, since centralization confers significant benefits, including higher productivity, deeper training on management tools, uniformity in hardware setup and policy management, and concentration of expertise.
[[stacked bar; color-code satisfied vs. dissatisfied]]

Yet a large percentage of IT staff among surveyed companies is located in branch offices.
There is doubtless an irreducible minimum, especially for large offices, but a combination of better management tools and more easily managed devices can enable staff cost reductions.

Twelve percent of the companies represented still have to dispatch an employee to a remote location in order to upgrade a system or handle a hardware or software failure. While that’s a decided improvement on the recent past, in many cases it indicates that the means of communication with remote equipment are too limited. Some state-of-the-art designs leverage equipment with a “management backplane,” a dedicated data path within the equipment that can instantly communicate at all times (short of the device being unplugged).
Reliability features such as these are necessary to reduce the number and occasions for expensive employee dispatches.

As more applications become centralized, this always-available, carrier-level reliability for branch-office network equipment is essential. Coupled with modular services gateway platforms and streamlined management software, the number of truck rolls and airplane flights—and their concomitant high cost—can be significantly reduced.

Top Branch Office Concerns
When asked to cite their companies’ biggest source of concern with branch offices, 49 percent of respondents cited downtime leading to lost productivity and lost revenue as their chief concern (see Figure 6). Two-fifths, 39 percent, cited security concerns, and a third, 32 percent, cited cost issues. In two final categories, 22 percent of survey participants named the productivity of remote and central IT staff and 12 percent cited the effect of downtime on employee morale.

Cost, of course, is always a factor, whether measured in IT productivity or overall organization productivity. The respondents were all over the map when asked to estimate the amount of time they spent on branch office issues, but the average was 25 percent of overall IT staff time spent.

The average doesn’t tell the entire story, however: 19 percent of the respondents spend between 31 and 50 percent of their time on branch office issues, while 12 percent spend over 50 percent of their time there. The distribution of the respondents’ estimates, however, suggests that they don’t have good metrics for the time spent, and simply can’t monitor it effectively. Likewise, they may also underestimate the effect of downtime on the organization’s morale and productivity.

Role of Services gateway devices
Efficient, cost-effective, secure branch office computing is vital to companies, and this survey indicates that there is room for improvement in all three areas.

Generic routers provide basic functions, but may have inherent limitations such as performance, security and manageability. Various add-ons from router vendors (for example, “integrated routers”) address some of these issues, while other vendors have chosen to build services gateway devices, sometimes referred to as “branch-in-a-box,” from the ground up. A purpose-built services gateway device design can have significant advantages over plumpedup routers, both in acquisition cost and TCO.

An open, modular design, with a consistent management interface and an alternate communication backplane is an inherently reliable design, one that approaches carrier reliability levels. The expandability positions the services gateway device to precisely meet a corporation’s needs, even as the organization changes and expands, and as new requirements emerge in the areas of WAN management, incremental security, threat detection, new applications and more. Furthermore, it dovetails with corporate needs to reduce the number of devices and associated management time and cost.

As this survey has shown, high-performance branch office computing is a basic requirement for the modern corporation, and highly modular services gateway devices precisely address their needs. Security, performance, and cost savings utterly dominate the concerns of the decision-makers who participated in this survey. They need branch office technology that will save them time and effort, improve the performance and reliability of branch office computing, and ensure security against existing and future threats.

Services gateway devices—with modular designs, inherent reliability, easy manageability, high performance, and lower cost than a multiplicity of point devices—address these issues directly and deserve serious study and consideration by IT management.