Optimize Office 365 deployments with a proven model
Punit Minocha VP Business and Corporate Development, Zscaler
1
This impacts your organization in several ways:
• Unplanned infrastructure upgrade costs
• Complexity with legacy networks, particularly when dealing with remote sites and mobile users
• Poor user experience, which can bring deployments to a screeching halt
Each Office 365 user generates between 12 and 20 persistent connections
©2017 Zscaler, Inc. All rights reserved
2
Office 365 deployment considerations
©2017 Zscaler, Inc. All rights reserved
• Increased backhaul traffic from branch sites, MPLS cost increase
• On-site firewall upgrades / reconfiguration
• Avg. 40% BW increase with O365
• Requirement: 100 msec RTT
Latency Bandwidth demands
MPLS Costs Network
3
Office 365 connectivity options
Direct Internet Connection Hub and Spoke Architecture Centralized Proxy Express Route
• Only recommended for small number of uses cases
• Highly complex to configure correctly
• For a mobile user to access Office 365 they need to VPN into the data center, travel over ExpressRoute and hairpin back
• Caution should be taken and avoid centralized proxies
• Struggle to deal with long-lived sessions and high-throughput connections
• Adds latency, which causes jitter – requires latency assessments at egress points
Ideal scenario but appliance-based approach is costly and risky: • Requires constant firewall
updates • Missing IP/URL updates
causes end-user connectivity problems
• Devices need to scale to handle the increased connection count
©2017 Zscaler, Inc. All rights reserved
4
Best approach: Direct Internet Connection without appliances!
Transform • Elastic scale of platform services -
Cloud Firewall can handle high session counts
• Bandwidth controls to prioritize Office 365 traffic over other Internet traffic - guaranteed bandwidth for Office 365 during periods of contention
Direct Internet Connection with Zscaler Cloud
Simplify • Single console for policy
management • Does not require VPN for mobile
users • Automates MSFT URL and IP
updates
Improve • Peering in most major
exchanges with 1-2 msec RTT • Fast DNS query times of <
1msec • Optimized TCP stack: Window
scaling for faster file downloads
5
The Zscaler Cloud Security platform
©2017 Zscaler, Inc. All rights reserved
CLOUD SECURITY PLATFORM 100+
data centers worldwide
25B+ transactions
processed every day
125M+ threats
blocked every day
120K+ security updates
every day
ACCESS CONTROL
Cloud Firewall
Cloud Apps
URL Filtering
Bandwidth Control
THREAT PREVENTION
Anti-virus Intrusion Prevention Advanced Protection Cloud Sandbox
DATA PROTECTION
DLP
File Type Controls
6
Zscaler for Office 365
©2017 Zscaler, Inc. All rights reserved
CLOUD SECURITY PLATFORM 100+
data centers worldwide
25B+ transactions
processed every day
125M+ threats
blocked every day
120K+ security updates
every day
ACCESS CONTROL
Cloud Firewall
Cloud Apps
URL Filtering
Bandwidth Control
THREAT PREVENTION
Anti-virus Intrusion Prevention Advanced Protection Cloud Sandbox
DATA PROTECTION
DLP
File Type Controls
7
Putting a perimeter around the Internet
©2017 Zscaler, Inc. All rights reserved
Real-time Visibility (Threats, Apps, Users)
Single Policy Definition Point
Exploits APT Malware Botnets
Mobile Employee HQ Remote Offices
Secure, Shortest Path
Off Network PAC / Mobile Agent
On Network GRE/IPSEC
8
Using Zscaler Cloud Firewall as a network connectivity option to deploy Office 365
©2017 Zscaler, Inc. All rights reserved
Broadband MPLS
• HOW IT WORKS – Internet and O365 traffic is routed locally to
Zscaler’s nearest data center
• BENEFITS – Better use experience via local breakouts
• TCP Optimizations, Peering at Major MS fiber hubs, Local DNS resolution
– Zscaler Cloud Firewall scales to handle the large number of long-lived sessions
– O365 prioritization with bandwidth control – Rapid One-click configuration
• IP address and auth/SSL bypass lists – Overcomes IP address limitations
• No network configuration changes Better User Experience and Cost-effective to Deploy and Manage
9
How well is Office 365 being adopted?
Low Office 365 traffic in NY
despite being one of the largest offices – user
issues?
John in IT and Kyle in Marketing are the top users
OneDrive traffic is low – is Box still
being used?
Real-time traffic volume trending
10
Latency to Washington DC with and without Zscaler
©2017 Zscaler, Inc. All rights reserved
11
Zscaler provides an optimal O365 connectivity option
©2017 Zscaler, Inc. All rights reserved
Optimized TCP Stack
Window Scaling
Disabled Nagle Algorith
m
Peering with O365
DCs
Most Major
Exchanges
Router to
Router RTT < 2 msec
Fast DNS Queries
Local DNS in
every DC
DNS query < 1 msec
No Payload
Inspection
Does not inspect O365
payload
Eliminates
latency
Network Manageme
nt Significant
reduction in on-
site firewall manage
ment
Single console
Bandwidth Controls
Ability to prioritize
O365 traffic
Set BW usage
caps on traffic
12
Zscaler/Microsoft O365 Peering around the world (1-2 MSec across the globe)
©2017 Zscaler, Inc. All rights reserved ©2016 Zscaler, Inc. All rights reserved
Atlanta, Chennai, Chicago, Dallas, Denver, Frankfurt, Hong Kong, London,
Los Angeles, Miami, Paris, Toronto, Washington and Zurich.
Zscaler-MSFT peered site RTT
13
Helping customers successfully deploy Office 365
©2017 Zscaler, Inc. All rights reserved
700+ customers using Office
365 through Zscaler
515 TB Office 365 traffic handled in a month and growing
107+ Customers generating
more than 500GB/month
27 TB Traffic from largest
deployment of Office 365
<1 m sec Avg. latency for Office
365 traffic
February 2016 Stats
14
• Rapid deployment • Working side by side with Skyhigh to address Office 365 traffic • No network configuration changes (Firewall policies) • One-click O365 deployment handles IP ranges and bypass lists transparently for customers • Zscaler App solves proxy-interoperability issues with Outlook and Skype/Lync for road warriors
• Best possible user experience (fast response times) • Shortest path (local breakouts) • Application prioritization (bandwidth control & TCP optimization) • Consistent experience for all users – globally (local breakouts & global datacenter footprint)
• Investment protection and cost avoidance • Capex savings: VPN is not needed for mobile traffic • Opex savings: Routing traffic locally eliminates the need for MPLS backhaul capacity increase • Employee productivity: Faster response time equals less time waiting
• Increased visibility into all Internet traffic within seconds (including mobile) • View all Internet traffic usage, including Office 365, by location and user
Why Zscaler for Office 365
©2017 Zscaler, Inc. All rights reserved
15
Proven deployment strategy combining CASB + SWG
©2017 Zscaler, Inc. All rights reserved
16
Securely enable the usage of all cloud applications
16
MOBILE HQ / IoT BRANCH SD-WAN
VISIBILITY Real-time visibility into all users across all locations
THREAT PREVENTION Full inline content inspection
APP RISK SCORING Third-party integrations with Skyhigh, CloudLock, and CipherCloud
DATA LOSS PREVENTION Inline protection for all users
ACCESS CONTROL View / post, download / upload by file type, browser, and plugins
API Integration
(In development)
17
The combined partnership: Zscaler + Skyhigh
Extend existing DLP,
threat, access, and
collaboration controls to Office 365
Optimize user
experience and
guarantee bandwidth
Deploy a proven
model of CASB + SWG
©2017 Zscaler, Inc. All rights reserved
18
Skyhigh + Zscaler = the most comprehensive solution
©2017 Zscaler, Inc. All rights reserved
Securing Corporate Data
Proven at 600+ enterprises across 30+ million users
Market-leading DLP with pre-built templates, remediation workflow and reporting
Robust threat protection leveraging user behavior analytics
Multimode CASB with full support for proxy and API deployments
No additional endpoint agents or PAC files
Optimizing & Securing User Experience
Proven deployment model with 700+ customers Best possible user experience (fast response times) Rapid deployment (no upgrades, config changes) Investment protection and cost avoidance (no hardware or backhaul) Visibility into all Internet traffic within seconds (single console)
19
Visit www.zscaler.com to get the Catchpoint test report
(and read why Zscaler delivers 40% faster download speeds)
©2017 Zscaler, Inc. All rights reserved
20
Thank you!
©2017 Zscaler, Inc. All rights reserved
Top Related