AU2006201359A1 - Branch Sites on a Wide Area Network - Google Patents

Branch Sites on a Wide Area Network Download PDF

Info

Publication number
AU2006201359A1
AU2006201359A1 AU2006201359A AU2006201359A AU2006201359A1 AU 2006201359 A1 AU2006201359 A1 AU 2006201359A1 AU 2006201359 A AU2006201359 A AU 2006201359A AU 2006201359 A AU2006201359 A AU 2006201359A AU 2006201359 A1 AU2006201359 A1 AU 2006201359A1
Authority
AU
Australia
Prior art keywords
network
central processing
wide area
branch
workstations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2006201359A
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Insurance Australia Ltd
Original Assignee
Insurance Australia Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2006901030A external-priority patent/AU2006901030A0/en
Application filed by Insurance Australia Ltd filed Critical Insurance Australia Ltd
Priority to AU2006201359A priority Critical patent/AU2006201359A1/en
Publication of AU2006201359A1 publication Critical patent/AU2006201359A1/en
Abandoned legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Description

IO
O-
AUSTRALIA
Patents Act 1990 Insurance Australia Limited COMPLETE SPECIFICATION Invention Title.
BRANCH SITES ON A WIDE AREA NETWORK The invention is described in the following statement: Title BRANCH SITES ON A WIDE AREA NETWORK Technical Field The invention concerns a wide area computer network comprised of a plurality of branch site networks each connected to a central processing network. For example, but not limited to, a remote branch office that is able to offer the business services of a company which-has a central site where all the business data processing is performed.
The invention also concerns a method of operating a central processing network and a method of operating a branch site network.
Background Art Large retail and service companies typically have a central business site and multiple geographically dispersed sites. For example, the main business site may be located in a major city, and branch sites are located in residential areas and in country areas. The computer system of the company is also dispersed to enable each site to offer the same services.
The typical computer system of such a company is shown in Fig. 1. This company has a central business site 10 and multiple branch sites 12. Only one branch office is shown here for simplicity. The Local Area Network (LAN) of the computer system of the central business site 10 includes a mainframe server 16, a Citrix Server 18 and Wide Area Network (WAN) Router 22. The mainframe 16 hosts the data and processes the applications that the users of the system require. The Citrix Server 18 stores the application software that allows user to log into the computer network and be presented with the systems through their desktop devices. The WAN router 22 is the computer system's connection to the branch sites 12..
Each branch site 12 is its own LAN that is connected to the central business site 10 by its own WAN Router 24. Each branch site 12 is comprised of workstations 24, a local printer 28 and a server 30 for approximately every 15 users. Server 30 is responsible for file services, print services, network services such as name resolution and other data processing requirements. The network 12 is a 10/100Mb shared access layer hub.
In this network design, authentication services are run both locally 12 and at the central business site This architecture is costly to support as management is decentralised. All security patching, distribution of software or updates to any server or workstation must be done onsite. For a company that has multiple branch sites this cost quickly escalates as technology progresses, giving the network design little flexibility without introducing significant cost overheads. For example, a network having fifty branch sites 12, each with its own server 30, would approximate to a yearly run cost of $15K each site. This includes maintenance of hardware, software, and facilities provisions such as a rack, power and air conditioning.
Branch sites 12 often run older versions of client operating systems due to the preventative costs of upgrading to keep up with changing technology. As a result branch sites 12 are often faced with the prospect of using technology that is no longer supported by the suppliers. For example, the popular Windows NT4 can no longer be 'patched' and effectively managed as it is no longer supported by Microsoft.
Summary of the Invention In a first aspect, the invention provides a wide area computer network comprised of a plurality of branch site networks each comprised of a plurality of workstations and an appliance device, and each workstation is connected to a central processing network by a wide area connection, wherein the central processing network operates to perform data processing requirements of the workstations and to communicate with the workstations using the wide area connection, wherein the wide area computer network further comprises a priority device which operates to give priority to time sensitive data processing communications transmitted on the wide area connection, and the central processing network operates on request to transmit a roaming user profile which is a light footprint to a workstation using the wide area connection, and the appliance device is operable to distribute software updates to the workstations under instruction from the central processing network, and the central processing network is comprised of one or more servers to perform the required data processing and to provide instruction to the appliance device.
It is an advantage of the invention that users of workstations are able to roam between sites and maintain configuration without experiencing long log in delays as the user profile has a light footprint. It is a further advantage to be able to perform all data processing performed at the central processing site and at the same time prioritise time sensitive communications to ensure only suitable delays are experienced by the workstation when using time sensitive applications. Using the invention, the branch site networks can more economically support change as upgrades to the software on the workstations can be controlled and managed from a server within the central processing network but executed locally from the appliance device, and thus avoiding the necessity for a physical presence at the branch office site. Further, since business critical data processing is performed on the central processing network where infrastructure availability is generally higher rather than at a server at each branch network the computer network is more resilient as the productivity of the branch site is not dependent on a local server. As there is npo local server, the costs associated with maintaining a server, such as air-conditioning and racking, is avoided. All these advantages help to reduce the costs of ownership of all the branch networks.
The connection between the central processing network and the branch site network may be a high bandwidth connection that is proportional to the number of workstations at the branch network. For example, for a branch site with twenty workstations the bandwidth may be a 512Kbs sized link.
The central processing network may include a server to store all the data that may be accessed by the workstation. The central processing site may include multiple servers that are responsible for the delivery of business applications and data services that constitute the core business services to any workstation of the branch site.
The branch appliance may be a workstation, and does not require a server licence for the purposes of software distribution and updates. The branch appliance offers managed operating environment capability through Microsoft's System Management Server.
The user profile may be substantially smaller that the conventional Microsoft user profile, for example, the light footprint may be 120KB. The user profiles may be managed using a software application called Flex Kit Profile.
All communications between the branch site and the central processing site may traverse the priority device. The communications may be prioritised based on a number of criteria such as the source of the communications' subnet address and communication direction. Prioritisation may be based on partitions that involve reserving a certain amount of bandwidth for a class. The partitions may be either fixed or burstable. A fixed partition will prevent traffic within the partition from exceeding the fixed amount. A burstable partition has a guaranteed amount of traffic, however if that class is not active at any one point in time, the reserved bandwidth is never wasted, and instead is allocated to another class. The priority device may be a PacketShaper product.
The branch site may be located in a rural area of Australia, and the central processing site may be located in a metropolitan area of Australia.
The central processing site may be connected to the branch sites using a public telecommunications network. The central processing site may be connected to the public telecommunications network by multiple routers for redundancy.
In a second aspect the invention provides a method of operating a central processing network that communicates with workstations of a branch site network using a wide area connection, the method comprising the steps of: performing the data processing requirements of the workstations at the central processing network; receiving and transmitting prioritised data processing communications to the workstations, wherein time sensitive data processing communications are given priority; on request, transmitting a roaming user profile which is a light footprint to a workstation; and transmitting instructions to a branch appliance of the branch site network to distribute software updates to the workstations.
In a third aspect the invention provides a method of operating a branch site network comprised of workstations which communicate with a central processing site using a wide area connection, the method comprising the steps of: transmitting requests for data processing by the workstations to the central processing network, and receiving prioritised data processing communications from the central processing network, wherein time sensitive data processing communications are given priority; transmitting requests for a user profile by a workstation to the central processing network, and receiving the user profile from the central processing network, wherein the roaming user profile is a light footprint; and a branch appliance of the branch site receiving instructions from the central processing network to distribute software updates to the workstations.
Brief Description of the Drawings Fig. 1 is a schematic diagram showing a computer network having site and a branch site (prior art).
An example of the invention will now be described, with accompanying drawings in which: Fig. 2 is a schematic diagram showing a computer network having site and a branch site in accordance with the invention; Fig. 3 schematically shows a high-level overview of the network; Fig. 4 is flow diagram showing the flex profile user logon process; a central business reference to the a central business Fig. 5 is a flow diagram showing the flex profile user logoff process; and Fig. 6 schematically shows the type of data that is stored in a user profile.
Best Mode of the Invention The following is a description of the central business site and branch sites of a computer network suitable for use by a company having approximately fifty separate branch sites, including branch sites in rural areas. The branch sites offer retail sale and services of the company.
The computer system of such a company is shown schematically in Fig. 2. This company has a central business site 40 and multiple branch sites 42. Only one branch site 42 is shown here for simplicity.
The Local Area Network (LAN) of the computer system of the central business site is usually located in a metropolitan area, such as Melbourne, Victoria. It includes a mainframe server 44, a Citrix Server 46, a file server 50, a domain controller 54 and a Wide Area Network (WAN) Router 52. The business site 40 is connected to a telecommunications companies' network by two Ethernet links which are sized accordingly.
Fig. 3 schematically shows a high-level overview of the computer network. The connection to the telecommunications companies network 41 at the business site 40 has two separate Permanent Virtual Circuits (PVCs) 57 connecting outwards to the branch sites 42 via two separate routers 52 for redundancy. The control of routing data and information is handled by the telecommunications network protocol configuration and in the business site 40 by protocols compatible with the network carrier. Two prioritisation appliances 47 are placed inline between the business site's core switch 43 and the carriers routers 52. Each branch site 42 is connected by a PVC 57 to the carriers network 41. In addition to data traffic, some branch sites 42 have a telephony voice requirements for the Voice over IP (VOIP) deployments and may have additional bandwidth provisioned on their PVC on top of the standard user provision standard provision of 56Kbs per user).
The mainframe 44 hosts the business systems and applications and processes printing workload to the local print device 60 at the branch site 40 for business applications.
The Citrix Server 46 handles all the terminal server Independent Computing Architecture (ICA) traffic and business application delivery to the branch site 42. The file server 50 handles all the data services such as personal and department data that is accessed by any workstation 58 on behalf of the user. The domain controller 54 is responsible for all domain authentication services such as logging into the computer system from a branch site 42 as well as providing network services (DHCP, DNS, WINS) 42. The WAN router 52 is the business site's 40 connection to the branch site 42.
Each branch site 42 is also a local area network (LAN) that is connected to the central business site 40 by a WAN Router 56. Each branch site 42 is comprised of workstations 58, a local printer 60 and a branch office appliance 62. The branch office appliance 62 is also a workstation running Microsoft Windows 2003/SMS and provides 'managed operating environment' capability through Microsoft SMS (hardware/software inventory, software package distribution and client workstation rebuilds). The branch appliance 62 is non-business critical to service delivery by the workstations 58 and provisions, for example the branch appliance 62 is responsible for office print services but not for running business applications made available on the workstations 58.
Unlike the network shown in Fig. 1, the branch site 42 of Fig. 2 is a 100Mb switched access layer environment that is able to support VoIP. The client/server .of Fig. 2 is a Microsoft Windows XP/Windows Server2003. It is a single domain which reduces complexity and easier operational management. Microsoft Office 2003, Microsoft SMS 2003 and Microsoft Operations Manager clients are also installed. The branch site 42 incorporates increased bandwidth in comparison to the bandwidth required to support the network shown in Fig. 1 in order to deliver services that were once local to the branch office 42. The amount of bandwidth provisioned to each branch site 42 is determined by the number of workstations 58 multiplied by the 'user bandwidth profile'. This bandwidth profile is determined by the average work performed by a user on a workstation 58 (logins, business processing, e-mail, printing etc). The bandwidth provision also takes account each workstation's 58 underlying connectivity to the active directory at the central site 40. For example, the profile could be 25Kbs per workstation. A site with twenty workstations would require a 512Kbs sized link and this should also accommodate for any bandwidth required by the workstations for VoIP. The cost of site bandwidth upgrades is offset against the opportunity cost of not needing a server 30 at each branch site 42.
The branch site 42 does not include a server 30 that is responsible for the delivery of all core business services. In this embodiment, business services are provided to the branch site 42 by the central business site 40 over the wide area network through routers 56 and 52). However, in providing these services over the WAN from the central business site 40, the amount of traffic that traverses the link through routers 56 and 52 increases significantly.
Having authentication 50 being processed at the central site 40 allows employees of the company to "roam" between local sites 42 and be as productive without technology being the productivity constraint. Many component services of Microsoft technology is configured to operate at LAN like speeds, however in this embodiment business services are now being delivered to the branch sites 42 over the WAN. At WAN speeds the ability to roam efficiently between sites and maintain configurations are not practically possible. Microsoft's default roaming profile capability has not changed much since it was first introduced in Windows NT4 and user profile that is communicated when logging in to the computer network can be very large.
A user profile is a collection of settings that contain the user preference and configuration settings. These preferences and setting help shape the user desktop, applications and available resources. User profiles allow customisation of the user's environment (look and feel, application settings, resource availability, etc) delivering different environments to users, even if they are connected to the same sever 50 at the same time.
In its most basic configuration, a footprint of a user profile is approximately 3meg.
This needs to traverse the WAN each time a user logs in and subsequently logs off since the hosting of this data is on the domain controller 50 that is now located at the central site 40. 3meg footprint per user multiplied by the number of users at a branch site 42 multiplied by the number of branch sites causes a considerable increase to the network traffic and a potential degradation in performance over small WAN links as this data gets loaded and unloaded.
This invention identifies that there are only a small number of user profile configuration settings that are needed to be maintained (preferred printer, Outlook signatures and Custom office settings). If these settings roamed with the users as they moved between branch sites 42 then their requirements would be satisfied. Through the use of Flex Profiles, the user profile footprint size can be reduced on average to 120KB a factor of 24 times. The result is that a user of a workstation 58 will be able to logon and logoff from the central business site 40 much faster than they would with a larger user profile footprint. The size of the footprint of the user profile is controlled so as to remain as small as possible.
User profiles can be managed using a Flex Kit Profile which is a 3rd party tool that can be implemented without the need of introducing any additional infrastructure to the computer network. The Flex framework is assigned to each workstation 58 delivered by SMS. VBscript code is added to the user logon logoff script that calls the Flex profile wizard to either load or unload the user registry configuration settings, respectively. The Office Profile setting file (OPS) is stored in a hidden directory on the user's home drive. Figs. 4 and Figs. 5 detail the work flow of a Flex profile user logon and logoff process that occurs on the workstation 58. The data stored in the user profile is schematically shown in Fig. 6. The Flex user profiles configuration does not save the contents of folders and files during the user logoff process. Therefore some essential profile folders (like My Documents, Favourites, Printer Neighbourhood and Internet Cookies) are redirected by Microsoft group policy to the user's home drive. Any personal files previously located in the user's profile are then stored directly in the user's homedrive on the network file share. Since the files are no longer a part of the client profile, loading times during logon and logoff will decrease significantly as opposed to standard roaming profiles.
The invention also identifies that ensuring Quality of Service (QoS) to the branch site 42 needs to be provided for. The idea is to allow time sensitive applications to be given precedence across the WAN 56 and 52 over other non-time sensitive applications. This will reduce the impact on time sensitive applications by other applications like office and e-mail.
The PacketShaper 47 is a dedicated application prioritisation appliance. Packeteer provides the capability to granularly profile and optimise each of the branch sites 42 and guarantee applications and users with an amount of bandwidth to sustain their activities. Sensitive applications will be assigned a specific queue to be placed in.
These queues are given a priority and an amount of bandwidth.
The PacketShaper 47 changes the Managed Operating Environment (MOE) that is a hybrid design of both fat and thin client elements. Clients log into the network authenticating over the WAN 52 and are allowed to map drives to centralised servers 48 at the central business site 40. All traffic from the business centre 40 to the WAN 52 traverses the PacketShaper 47. Accordingly, the PacketShaper 47 is able to make forwarding decisions on all the traffic. It can be configured using a GUI interface and it has a number of methods of prioritising packets.
Classes A traffic class in a PacketShaper 47 is a means of identifying and grouping traffic. A class of traffic might be simply designated as all traffic to a branch site 42, or identified by remote subnet address range(s). A class of traffic might also be more specific, such as a specific application using a set of protocols e.g. HTTP, SSL, Netbios etc.
The PacketShaper has the flexibility to combine any number of different criteria to define a class. The criteria that can be used to define a class are: Inbound/Outbound (travel direction) Inside/Outside (location of the relevant server) Protocol family Service (very diverse, see online list) Port(s) Service Proxy IP Address, MAC Address, host name, or host list Subnet Mask URL (including wildcards) IP Precedence, COS/TOS or DSCP values VLAN number Criteria for HTTP. Citrix, RTP or Oracle Partitions Partitions are a method of reserving a certain amount of bandwidth for a traffic class or group of classes. They can either be fixed or burstable. A fixed partition will prevent traffic within the partition from exceeding the fixed limit amount of bandwidth.
A burstable partition has a guaranteed amount of bandwidth and is allowed to burst above that limit, up to an optional limit or to the maximum available bandwidth.
Any traffic in a partition is always guaranteed that amount of traffic, however if that class is not active at any point in time, the reserved bandwidth is never wasted, instead it is allocated to other traffic classes.
Partitions can also be nested. An example of this would be to create a partition for a remote site with a fixed amount of bandwidth 512kbps) and then create a nested partition for a specific type of traffic within that partition 128kbps for Citrix traffic). If the Citrix traffic was allowed to burst, and no specific limit is specified, it can only burst up to the size of the parent partition.
A partition can be used to either reserve bandwidth for a class of traffic, or to restrict a class of traffic to the bandwidth it can access. An example of such a restriction might be to restrict Kazza to a maximum of 2kbps bandwidth.
Rate Policies Rate policies are the PacketShaper 47 most powerful feature. They are primarily a method to guarantee bandwidth to a connection. The difference with a partition is that a rate policy can reserve bandwidth per connection/flow of traffic whereas a partition reserves traffic for an entire class of traffic.
Because the PacketShaper can "rate control" individual flows intelligently using TCP windowing and TCP delayed ACKs to control the TCP flow throughput, rather than a simple drop mechanism, high TCP efficiency can be achieved on a per TCP flow basis.
This dynamic window sizing and delay creates a very consistent user experience for drop and delay sensitive interactive applications. The PacketShaper 47 uses statistics such as the allocated bandwidth and round-trip-time to calculate the optimal window size to ensure a smooth continuous flow of traffic. In other words the connection is smoothed out, avoiding the bursting/back-off nature of a TCP connection, thereby reducing dropped packets and retransmissions.
One method of using rate policies is to allocate 0kbps of guaranteed bandwidth and to allow the traffic to burst. Using this method, the benefits of rate control can be gained as the PacketShaper 47 uses the available bandwidth to determine the windows sizes.
This is a good policy to use in conjunction with a partition.
Priority Policies Priority policies simply prioritise traffic from 0 (lowest) to 7 (highest). When traffic is contending for excess (non-guaranteed) bandwidth, the PacketShaper 47 uses the assigned priority to determine which packets get access to bandwidth first. Priorities can be assigned in conjunction with rate policies so that any burst above the guaranteed rate is serviced on a priority basis.
Priority policies in the PacketShaper 47 act in a very similar manner to priority policies in a router. Priority policies are typically suitable to control traffic that has short burst nature, e.g. telnet traffic.
Allocation of a high priority to a class of traffic is only suitable for traffic that is delay sensitive, but not bandwidth hungry. An example of this would be DNS queries, LDAP lookups and Telnet traffic.
There are also some design considerations.
Asynchronous Transfer Mode (ATM) PVCs ATM PVCs are used in a number of places throughout the network. One of the key considerations for an ATM PVC is the amount of overhead introduced by the nature of ATM cells.
ATM cells are a fixed 53-byte size and 5 bytes of those 53-bytes is purely ATM header.
This header is on top of any existing overhead in the packet e.g. TCP/IP headers, IPSEC headers etc. As a result of this, traffic that is placed onto the ATM network experiences approximately 9.5% overhead for every cell.
A 1500-byte packet in ATM has a approximately 12.5% overhead on the ATM and a 250 byte packet has approximately 27% overhead on ATM.
The PacketShaper 47 does not use the data-link header in its calculation (it is not aware of all the intermediate network links and the amount of overhead introduced by each one) it only works on the TCP/IP header and payload. As a result, some manual adjustment needs to be configured into the Packeteer to compensate for this overhead.
Due to the nature of cell padding in ATM, it is impossible to estimate the exact amount of overhead as the packets on the network are of differing sizes. A rule of thumb would be to configure the partition size at least 10% less than the carrier link speed. For example a 12Mbps link would be configured as a 10.8Mbps link.
Reporting One of the key considerations with reporting is that for basic reporting on the PacketShaper and via ReportCentre to occur, the PacketShaper must have configured classes to report on. Packeteer ReportCenter offers a centralized and historical reporting platform to monitor and manage multiple PacketShaper devices. Reports can be distributed throughout the organization via the Web portal or email. Flow Detail Records will be activated on the PacketShaper and ReportCenter providing the ability to do application reporting per site without the need to configure classes under each site on the PacketShaper This consideration is in contrast to the requirement to have a simple traffic tree to allow ease of management and to avoid the physical limitations of the PacketShapers. In order to have a balanced approach, three different methods are suggested: The first option is to configure the majority of the PacketShaper with a simple configuration whilst a few key sites can be configured with specific classes that require reporting. Samples sites might be comprised of large branches, small branches, corporate office, admin offices etc. This would allow reporting on traffic to a "typical" site, however would not provide granularity for other specific sites.
Use of branch PacketShapers in specific remote sites to provide a great deal of granularity. This method would allow the remote PacketShapers to be configured with a large number of classes for identification and reporting on a large number of classes whilst maintaining the integrity of the core PacketShaper configurations.
Use of a Packeteer feature named Flow Detail Records. Flow detail records can be enabled on the PacketShaper and allow the PacketShaper to capture key details on each flow of traffic through the PacketShaper without having to configure specific classes.
The data is then transmitted to a data collector such as ReportCentre v3 which can allow collection and analysis of the records. This feature does require a licence on the Report Centre and is currently only in version System Settings The Packeteer is to be configured with the following system settings.
Traffic Shaping On Global Traffic Discovery On Class Traffic Discovery Off (Until required) DNS Servers central business site 9 WAN Settings 1G Inbound Outbound e LAN Settings auto-negotiate Inside Outside Security The Packeteer is to be configured to limit management access by using Remote Authentication Dial In User Service (RADIUS) authentication to the Cisco ACS Server. RADIUS Accounting is also to be used to perform reporting of illegal attempts to gain access to the management interface.
Remote access to the Management Interface of the Packeteers is via HTTPS inside a Virtual Private Network (VPN) Tunnel.
Monitoring The existing.Network Monitoring tool can be used to monitor the PacketShapers by configuring the PacketShaper devices to send Simple Network Management Protocol (SNMP) traps to the respective monitoring tool destination. Such information as how much data is going in and out of the Packetshapers and also provide information as to when the devices are not responding can be reported through.
Classes The basic configuration of the PacketShaper is achieved by way of a class tree, much like a directory structure. The first level of the tree will be the individual remote sites, which will be identified by their remote subndts. Each branch site will be named by its unique three letter identifier e.g. BUR.
The second level of the tree will be the applications within the sites. Due to the number of applications and sites, the second level classes will only be added to specific sites that need reporting performed. For the purposes of application control, and shaping of application traffic, each of the applications will be identified individually at the bottom of the tree and have individual policies applied to them.
Other Sites A special class has can be configured for all non-controlled sites. These can be configured with a simple rule that matches any IP traffic to any destination. As this site is configured after the specific sites that are being controlled e.g. BUR, any traffic that does not match a controlled site will match this site and not be subject to a site specific shaping policy. This is effective for sites that are to be transitioned from the old solution across to the new.
Partitions Partitions will be applied to each of the sites at the first level of the tree to allow the PacketShaper to identify available bandwidth to each individual remote site. The Partition sizes that will be applied will be that of the remote site PVC and Access Speed e.g. 384k Guaranteed/S 12k burst.
At this stage, there is no requirement for further partitions to be applied within the sites.
The control of traffic will be primarily applied by use of policies.
Policies Policies will be applied to the applications and protocols according to best practices.
The primary application of policies will be via a special PacketShaper facility known as inheritable policies. Inheritable policies can be applied at the root of the tree and will apply to all traffic that matches and does not have its own inherent policy applied. This is a key method of simplification of the traffic tree and use of policies without sacrificing control of traffic.
It should be noted though that if a need arises to apply a different policy for a particular class of traffic in a particular site, an individual class and policy will have to be created under the site to avoid use of the global inheritable policy.
Citrix Traffic Citrix traffic will be identified as any Citrix-ICA traffic. Inbound Citrix traffic is only the mouse and keystroke traffic and hence will only have a priority policy applied with a priority of 6.
Outbound Citrix traffic, whether it is the desktop or a specific published application, will have a rate policy applied with a priority. For example, the rate policy will guarantee a minimum of 25kbps to each session and the ability to burst above that based on a priority of 6.
Webmail Webmail traffic will be identified as any HTTP traffic from the specific mail front end business site servers. For example, webmail traffic may have an inbound priority policy applied with a priority of 4 as only small HTTP requests are expected inbound and outbound traffic may have a rate policy applied with a guaranteed rate of 5kbps and a burst priority of 4.
Login Traffic Login traffic will be identified as the set of protocols Microsoft-ds, DCOM, LDAP, SSL, Netbios, Kerberos lockd. As there are many protocols that are used by the Login process and many of them are bandwidth hungry, a rate policy should be applied to both inbound and outbound traffic. For example, a guaranteed rate policy of applied with a burst priority of Receipt Printing The list of servers has been configured into a host list in the PacketShaper permitting centralised administration of the list of servers for all sites. If receipt printing on average generates 1 lkbps of traffic for each print a rate policy can be applied to both inbound and outbound traffic of a guaranteed rate policy of 15kbps applied with a burst priority of 7.
AllNonControlledSites Class The class configured to match all IP traffic to any sites that are not to be controlled by PacketShaper can be assigned an Ignore policy. This policy ensures the PacketShaper simply switches the packet without shaping in any way.
Domain Name System (DNS) In keeping with best practices, DNS traffic has been configured with an inheritable priority policy with a priority of 6. This can be applied to both inbound and outbound traffic.
In many applications the DNS query requires resolution first before the application can proceed. As DNS packets are small they are typically given a high priority to ensure that application initialization is not delayed by DNS queries.
To maintain a capability to manage the workstations on the sites, an branch office appliance 62 is introduced. This device 62 provides IT Services with the ability to build and rebuild workstations, distribute and refresh applications and patch the workstation fleet to maintain the security integrity of those devices. These are implemented on standard workstation hardware on the site and therefore do not have the overheads of a server. That is, software upgrades can easily be handled without having to physically be present at the branch site 42.
The use of a branch appliance 62 rather than a server 30 means that communication room fit outs to support a server structure, such as UPS, air conditioning, and rack, are no longer required. Unlike the branch site 22 of Fig. 1, if the server 30 fails, business 18 could not continue at that branch site 22, as failover alternate are practically too expensive to have in place at every branch site42. Further, unlike the network of Fig.
1, if the branch office appliance 62 fails, the branch site 42 is still able to function and offer services to clients.
It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.

Claims (19)

1. A wide area computer network comprised of a plurality of branch site networks each comprised of a plurality of workstations and an appliance device, and each workstation is connected to a central processing network by a wide area connection, wherein the central processing network operates to perform data processing requirements of the workstations and to communicate with the workstations using the wide area connection, wherein the wide area computer network further comprises a priority device which operates to give priority to time sensitive data processing communications transmitted on the wide area connection, and the central processing network operates on request to transmit a roaming user profile which is a light footprint to a workstation using the wide area connection, and the appliance device is operable to distribute software updates to the workstations under instruction from the central processing network, and the central processing network is comprised of one or more servers to perform the required data processing and to provide instruction to the appliance device.
2. A wide area computer network according to claim 1, wherein the wide area connection of a workstation is common to all workstations of a branch site network and the wide area connection of the branch site network has a bandwidth that is proportional to the number of workstations that comprise the branch site network.
3. A wide area computer network according to claim 1 or 2, wherein the central processing network includes a server to store all the data which can be accessed by the workstation.
4. A wide area computer network according to claim 1, 2 or 3, wherein the central processing network includes multiple servers to perform the data processing requirements which includes the delivery of business applications and data services that constitute the core business services of the branch site network.
5. A wide area computer network according to any one of the preceding claims, wherein the branch appliance is a workstation and does not require a server licence for the purposes of software distribution and updates.
6. A wide area computer, network according to any one of the preceding claims, where the roaming user profile is substantially smaller than the conventional Microsoft user profile.
7. A wide area computer network according to any one of the preceding claims, wherein the branch site network is located in a rural area of Australia, and the central processing site is located in a metropolitan area of Australia.
8. A wide area computer network according to any one of the preceding claims, wherein the priority device is a PacketShaper product.
9. A method of operating a central processing network that communicates with workstations of a branch site network using a wide area connection, the method comprising the steps of: performing the data processing requirements of the workstations at the central processing network; receiving and transmitting prioritised data processing communications to the workstations, wherein time sensitive data processing communications are given priority; on request, transmitting a roaming user profile which is a light footprint to a workstation; and transmitting instructions to a branch appliance of the branch site network to distribute software updates to the workstations.
10. A method of operating a central processing network according to claim 9, wherein the method further comprises storing all data that can be accessed by the workstation on a server at the central processing network.
11. A method of operating a central processing network according to claim 9 or wherein the step of performing the data processing requirements is performed by multiple servers and the data processing requirements includes the delivery of business applications and data services that constitute the core business services of the branch site network.
12. A method of operating a central processing network according to claim 9,10 or 11, wherein the roaming user profile is substantially smaller than the conventional Microsoft user profile.
13. A method of operating a central processing network according to anyone of claims 9 to 12, wherein the data is prioritised based on a number of criteria, such as the source of the communications' subnet address and communication direction.
14. A method of operating a central processing network according to any one of claims 9 to 13, wherein prioritising is based on partitions that involve reserving a certain amount of bandwidth for a class of data processing communications. A method of operating a branch site network comprised of workstations which communicate with a central processing site using a wide area connection, the method comprising the steps of: transmitting requests for data processing by the workstations to the central processing network, and receiving prioritised data processing communications from the central processing network, wherein time sensitive data processing communications are given priority; transmitting a request for a user profile by a workstation to the central processing network, and receiving the user profile from the central processing network, wherein the roaming user profile is a light footprint; and a branch appliance of the branch site receiving instructions from the central processing network to distribute software updates to the workstations.
16. A method of operating a branch site network according to claim 15, wherein the transmitting steps are performed using the wide area connection of the branch site network of the workstation, wherein the wide area connection of the branch site has a bandwidth that is proportional to the number of workstations that comprise the branch site network.
17. A method of operating a branch site network according to claim 15 or 16, wherein the data processing requirements include the delivery of business applications and data services that constitute the core business services of the branch site network. 22
18. A method of operating a branch site according to claim 15, 16 or 17, wherein the roaming user profile is substantially smaller than the conventional Microsoft user profile.
19. A wide area computer network as substantially herein described with reference to Figs. 2 to 6. A method of operating a central processing network as substantially herein described with reference to Figs. 2 to 6.
21. A method of operating a branch site network as substantially herein described with reference to Figs. 2 to 6. Dated this twenty-ninth day of March 2006 Insurance Australia Limited Patent Attorneys for the Applicant: F B RICE CO
AU2006201359A 2006-03-01 2006-03-31 Branch Sites on a Wide Area Network Abandoned AU2006201359A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2006201359A AU2006201359A1 (en) 2006-03-01 2006-03-31 Branch Sites on a Wide Area Network

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
AU2006901030 2006-03-01
AU2006901030A AU2006901030A0 (en) 2006-03-01 Cornerstone
AU2006201359A AU2006201359A1 (en) 2006-03-01 2006-03-31 Branch Sites on a Wide Area Network

Publications (1)

Publication Number Publication Date
AU2006201359A1 true AU2006201359A1 (en) 2007-09-20

Family

ID=38529513

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2006201359A Abandoned AU2006201359A1 (en) 2006-03-01 2006-03-31 Branch Sites on a Wide Area Network

Country Status (1)

Country Link
AU (1) AU2006201359A1 (en)

Similar Documents

Publication Publication Date Title
US9832170B2 (en) Application acceleration as a service system and method
US7751409B1 (en) Logical service domains for enabling network mobility
US7421487B1 (en) Centralized management of quality of service (QoS) information for data flows
US6728748B1 (en) Method and apparatus for policy based class of service and adaptive service level management within the context of an internet and intranet
US9386085B2 (en) Techniques for providing scalable application delivery controller services
US7389358B1 (en) Distributed virtual system to support managed, network-based services
US8977726B2 (en) Logical networks
US7305464B2 (en) Systems and methods for broadband network optimization
US7159031B1 (en) Remote customer management of virtual routers allocated to the customer
US20040066782A1 (en) System, method and apparatus for sharing and optimizing packet services nodes
US20080089347A1 (en) Systems and methods for broadband network optimization
US20100192213A1 (en) System and method for dynamic bandwidth provisioning
US20040039803A1 (en) Unified policy-based management system
US20110119390A1 (en) Selectively re-mapping a network topology
US20070078955A1 (en) Service quality management in packet networks
US20170163537A1 (en) Methods, systems, and computer readable media for implementing load balancer traffic policies
US9210223B2 (en) Providing differentiated network services and priorities to VPN routers/clients
EP3758294B1 (en) Link configuration method and controller
US20030005147A1 (en) IP/HDLC addressing system for replacing frame relay based systems and method therefor
US20030179775A1 (en) Service delivery network system and method
US6959006B1 (en) Service delivery unit for an enterprise network
EP3843334A1 (en) Scalable and robust network management for cloud-based nat environments
WO2017004693A1 (en) System, apparatus and method for providing a virtual network edge and overlay
CN110300073A (en) Cascade target selecting method, polyplant and the storage medium of port
AU2006201359A1 (en) Branch Sites on a Wide Area Network

Legal Events

Date Code Title Description
MK1 Application lapsed section 142(2)(a) - no request for examination in relevant period