How I “Peak”ed My Computer

For me, Silver Peak’s recent announcement over Accelerated IPSec validates what I’ve been saying to my customers for a while now: Silver Peak is a great solution for the remote office — the technology makes applications faster, more secure, and no additional hardware is needed for small offices. We’ve even run Silver Peak inside the secretary’s PC! (Watch for a post tomorrow where I’ll show you how I worked that bit of magic…) [Update: this how-to post is now live — check it out!]

Normally, when you secure branch office traffic with IPSec, you deploy a firewall or IPSec appliance in the headquarters and another in the branch office. That is what we were doing, but with IPSec’s overhead we found that application performance decreased by about 10 percent. Silver Peak, though, packages IPSec, WAN optimization, packet loss correction, QoS, and traffic shaping into one appliance. There’s no need for additional hardware so application performance improves, even with encryption.

A customer of ours connected its headquarters and branch office using a 1 Mbps SHDSL line. An IPSec tunnel ran between Juniper SSG20 firewalls at each location. Before deploying Silver Peak we could send 60 Kbps unencrypted. With regular IPSec, performance dropped by 35 percent, to about 39 Kbps. This was partially due to the overhead of IPSec, but also because we were seeing one percent packet loss on the line. With Silver Peak, though, we reached a maximum of 60 Mbps for file sharing, a 90x improvement. Retrieving an ERP report before implementing Silver Peak could take 40 minutes. After Silver Peak? Only 4 seconds.

And, with Silver Peak being virtual, we have all sorts of ways of deploying WAN optimization. One customer of ours needed to optimize a 50 Mbps connection between the branch office and the headquarters. Each location had a Fortigate firewall running IPSec between them, but they were having performance problems (largely unrelated to the firewalls). The branch office was also very small — only a handful of workers — and they needed to put the server out in the open.

So we needed a device that was powerful, quiet, and inexpensive. A NUC was the perfect choice. It’s all of the above, as well as being tiny, but runs an Intel i5 with 8 GB of memory and 120 GB SSD.  So we ran a VX-5000 on the NUC and stuck it on the admin’s desk! Before the NUC, the customer had an IPSec connection between a Fortigate at each location, and we saw about 50 Mbps unencrypted and 44 Mbps with IPSec encryption. But with Accelerated IPSec from Silver Peak that increased, resulting in up to 1 Gbps of throughput:

Accelerated IPSec results

Sometimes a customer doesn’t even have the budget for a NUC (~$300). Instead, we deploy Silver Peak for them on one of the employee’s PCs using VirtualBox. They just power on the PC and everything is ready; Silver Peak runs as a service on the background. It’s the best fit for an office of two or three people!

This is a guest blog post. Views expressed in this post are original thoughts posted by Behreng Nami, Sr. System Engineer with Vitel A.S. , a leading distributor in the Turkish IT market specializing in the development and deployment of network and communication solutions.