January 23, 2018
In operating legacy, or hybrid network architectures, many enterprises have experienced unexpected performance issues after migrating to Microsoft 365 – latency and jitter – as well as significant increases in bandwidth usage, resulting in a troublesome deployment and poor user experience.
The underlying cause of the problem is the need to meet Microsoft’s network architecture & bandwidth requirements for Microsoft 365. There is also the resultant increase in MPLS costs, as well as unexpected additional hardware appliances hardware costs.
So, what are the causes of network latency issues encountered with Microsoft 365 migration?
In its report on Microsoft 365, Gartner noted that “Existing internet connectivity to Microsoft 365 will not be ‘good enough’ for most Microsoft 365 usage scenarios.”
With user experience being the number one measure of a successful migration to Microsoft 365, this places the need for LAN-like performance for all users – from the head office, to branches and remote/mobile workers.
Research has shown that, of the estimated 78% of organisations which have migrated to Microsoft 365, more than 60% encounter weekly network issues – caused by an underestimation of traffic and bandwidth requirements.
Furthermore, the associated infrastructure costs are frequently misunderstood, requiring an increase in bandwidth usage and/or firewall capacity.
Microsoft 365 Network Connectivity Requirements
With Office 365, firewalls experience between 12 – 20 persistent connections per user. Microsoft also recommends no more than 2,000 users behind each public IP address. But importantly, they also recommend bypassing Office traffic through your proxies.
Which is why Microsoft came up with ExpressRoute – essentially, a private high-speed circuit with low latency. But as we dive deeper, we can see that this is not the answer – and why Microsoft themselves recommend a direct internet connection to Microsoft 365.
ExpressRoute vs. Direct Internet Connection
Typically, ExpressRoute will terminate in the primary Data Centre, delivering a first-class user experience for HQ, but what about Branch offices and remote workers?
Branch users will need to backhaul traffic over MPLS – introducing latency and congestion (or increasing MPLS costs), while remote workers will need to connect via VPN.
Challenges with ExpressRoute
- Good internet connectivity is still required and in fact, a good internet connection may give better, or similar performance.
- ExpressRoute often encourages a ‘hub and spoke’ model, which increases latency compared to a direct connection.
- Moreover, a highly skilled network team is required, with a higher cost of implementation, usage and maintenance – requiring up to 6-months of planning for implementation.
As a result, Microsoft offers the following guidance for connection routing to minimise latency:
- A well-configured, direct internet connection is the optimal method to connect to Microsoft 365, both in terms of performance and cost.
- Avoid centralised proxies, which can increase latency.
- Ensure proxies are in the local region of the client.
Why Not Add Additional Appliances?
Rather than taking an indirect (and costly) route back to HQ, you could install more appliances at the branch level. With users now directly accessing Microsoft 365 via local internet breakouts, user experience will be quite good, assuming that bandwidth requirements are managed – and not impacted by the likes of YouTube.
However, traffic will only continue to increase over time, as Microsoft 365 will not be the only cloud-based traffic – as well as working against the original reason why you moved your apps to the cloud in the first place!
Bandwidth Requirements With Microsoft 365 Migration
With Microsoft 365 migration, you should assume bandwidth consumption will increase 40%. You should also assume that existing firewalls/proxies will see some level of port exhaustion, and that users will quickly wipe out your bandwidth estimates.
Microsoft offers the following guidance when it comes to bandwidth planning for Microsoft 365:
- Up to 25 users: Use Excel calculators.
- Over 25 users: Start with the calculators as an estimate, then run a pilot and measure the usage during that time.
What About Proxy Architecture?
Proxies often do not scale well – and were not designed with SaaS services in mind, resulting in poor performance with applications like Microsoft 365.
If a proxy must be used, then ensure:
- Devices are scaled up to cope with SaaS services, both in terms of processing and NAT capability.
- Avoid centralised proxies (which can increase latency) and ensure proxies are in the local region of the client.
- Avoid using Skype for Business, even when optimised.
- Avoid unnecessary packet inspection.
So, What’s The Answer?
As you might have guessed (or hoped), there is a remarkably simple solution, which addresses the need to directly (and securely) connect to Microsoft 365 with low latency, as well as manage bandwidth – for all users, regardless of location.
With direct peering with Microsoft’s Azure network, Zscaler’s cloud security platform provides a low latency connection to Microsoft 365 (or any internet location), regardless of location – to deliver a great user experience. There is simply nothing better than going direct. And with granular bandwidth control (to both cloud applications and general internet traffic), you can guarantee Microsoft 365 bandwidth to all users.
The World’s Biggest Cloud Security Platform
As a Gartner magic quadrant leader for the 7th consecutive year, Zscaler moves your security stack to the cloud, providing fast, secure connections between users and applications – regardless of device, location, or network.
An incredibly simple solution which not only provides low latency Microsoft 365 connectivity for all users, avoid increasing bandwidth costs, but also provides granular bandwidth visibility and control, as well as enabling enterprises to further unlock the promises of cloud and hybrid network infrastructures.
Which is why Zscaler is the default choice for enterprises of all sizes looking to migrate to Microsoft 365 (or other large-scale apps, for that matter).
This is not to say that ExpressRoute will not be used at times, as it could be for larger HQ sites. But for branch and remote users who require a first-class user experience, the justification of backhauling traffic is going to be a hard sell.
How To Avoid Network Latency & Bandwidth Issues
With Zscaler, Microsoft 365-enablement is simple, provided, of course, that Microsoft’s guidelines have been followed. Enable Microsoft 365 with one-click in Zscaler, then perhaps perform some routing optimisation and bandwidth management. That’s it, at least as far as the network is concerned!
Further Reading:
- [Case study] IT infrastructure monitoring service helps 45,000+ University students
- [eBook] The 5 key principles of effective network monitoring
- [Article] 10 signs you’re not using the best network monitoring tools
- [Article] 6 big reasons why you should outsource your SolarWinds management
- [Article] Benefits of an outsourced Network Operations Centre (NOC)