tag line

moving school IT to the cloud with service not servers

Thursday, 1 January 2015

Designing a Network for SaaS - Part 3

The design objectives for a local network that supports SaaS are quite simple.
  • Resolve DNS as fast as possible. 
  • Get the data packet to the edge firewall as efficiently as possible.
 The requirements for DNS are covered in Part Two of this blog.

Network Design.
The speed of the data traffic to the firewall is maximized by employing fast enterprise switches and reducing the number of hops that a packets makes, which means keeping the network design as flat as possible.

The traditional core/distribution/access switch model was designed to provide an efficient method of moving data between peer segments without going through the core. A SaaS network cannot benefit from a tiered mode because there is no peer to peer traffic. Every packet takes the same path - from the client to the default gateway. There are some exceptions - the Wireless Access Points (WAP), peer-peer management traffic and internal media streaming are examples. Ideally a smaller school would employ dual redundant switches on a stacked configuration to serve as both the core and distribution layer.

In a SaaS network the role of the edge switch is taken by the Wireless Access Point, each controlling a number of mobile devices in the same way access switch connected to desktop devices. If possible all WAP’s should ‘star’ back to the core which also provides PoE. Resiliency can be provided in two ways. In a stacked configuration the core will survive the loss of one switch but 50% of the wireless coverage will be lost. A staggered deployment for the AP’s would allow the wireless network to function but with reduced coverage and throughput.

The passive infrastructure required to support SaaS is far simpler than the traditional approach which ‘flood’ patches whole areas with RJ45 outlets in order to allow for future expansion,contingency and resiliency. This leads to the number of access switches being over estimated which in turn requires core switches being specified with 10Gbs interfaces to allow for the concentration of traffic, all of which is unnecessary.

In the future network expansion will be through wireless clients. Most of the RJ45 outlets and access switches installed in the last decade years in schools, academies and colleges will never be used.

For a school that is attempting to upgrade an aging passive infrastructure to support modern teaching methods the SaaS approach has a number of advantages.

The school simply overlays the existing cable network with a new passive infrastructure designed to support wireless. The cost is reduced by the fact that there is no ‘server room’ so the core switch can be located close to the optimum location for cabling and not the other way round. Existing cabling can be reused but only where appropriate.

In most cases schools are upgrading because they require wireless - not because they have run out of RJ45 outlets or they are installing more ICT suites. In this situation there is no value in investing capital maintaining live RJ45 network points unless there is a clear requirement at that location. Active areas are likely to be administration, reception and possibly a reprographics room.

As schools move to 1:1 deployments the future of the fixed ICT suites is debatable although there will always be specialized teaching requirements that benefit from a fixed desktops.