Network Integration: Keeping Traffic in the Fast Lane
There's not a lot of glory to be had in network integration, just grief from the lack of it.
When Inergy Automotive Systems began a series of network improvements, it measured success in terms of performance enhancements and cost reductions. But David Stephens, Inergy's vice president of information systems and services, measures success just as much in the reduction of the complaints he hears at management meetings about slow or unresponsive applications.
Among other problems, network congestion was slowing access to the firm's core SAP business applications at the end of the month, when the finance department was closing the books.
"As our CEO says, 'The best thing I hear about our I.T. networks is nothing,'" Stephens points out. So, when chief executive Pierre Lecocq took a few minutes during a planning meeting earlier this year to note that he hadn't heard any complaints lately, Stephens took that as high praise.
What changed? Part of the reason for the inefficiency of Inergy's network was fragmentation. The Paris-based company, one of the world's biggest manufacturers of plastic motor-vehicle fuel tanks with 2005 revenue of 1.3 billion euros (about $1.6 billion), was formed in 2000 as a joint venture of Plastic Omnium and Solvay SA. The new organization inherited systems and networks from both companies that had never been intended to work with each other-a common dilemma not only for joint ventures but also for companies that grow through mergers and acquisitions. In addition, Inergy found itself with 40 sites in 13 countries, each with its own local networks and user directories and locally installed applications.
"I don't want to say it was a mess, but it was very complex," says Arun DeSouza, Inergy's manager of systems engineering and information security.
When the joint venture was formed, Inergy limited itself to fairly superficial integration efforts, such as getting everyone on one e-mail system. But as management pushed the organization toward greater centralization, enabled by standardizing on systems such as SAP for financial management, Inergy needed to move to a more unified and efficient network.
DeSouza identified two major changes that needed to be made to improve network performance. First, he wanted to upgrade from the outdated version of the Microsoft network operating system, based on Windows NT, that Inergy was still running on. By upgrading to Windows 2003, Inergy would be able to unify its corporate network into a single, distributed database of users, passwords, privileges and network devices, stored in Active Directory, the more scalable network repository first introduced with Windows 2000.
One limitation of Windows NT is that it forces large, multi-site networks to be divided into many small network domains. Making them function like a single network means establishing a complex web of "trusts" between domains. Besides being less efficient, this arrangement requires more network administrationmore people at more locations performing redundant work such as user account changes on separate domains.
With Active Directory, the entire network could be treated as one logical domain, with information entered into any one Active Directory server replicated to the servers at other locations. Inergy also outsourced management of its Microsoft Exchange e-mail servers to Verizon Business Services.
Once that was accomplished, the second phase of the network integration project would focus on improving the actual transmission of business data. As Inergy implemented more centralized computer systems, employees at remote offices around the world were being made increasingly dependent on the performance of the corporate wide-area network (WAN). In addition to annoying SAP users, data transmission delays on the network hampered the use of internal Web sites hosted on SharePoint, Microsoft's Web portal server.
Rather than simply adding bandwidth to alleviate network congestion, DeSouza planned to take advantage of Quality of Service (QOS) technology that gives higher priority to the most important traffic and uses techniques such as data compression to squeeze higher performance out of the available bandwidth. In a traditional network based on Internet protocols, packets of data are routed across the network in essentially a first-come, first-served manner. QOS technology makes it possible to distinguish packets associated with a high-priority application, such as posting financial data to SAP, and let them cut in line ahead of less critical transmissions, such as traffic associated with casual Web browsing.
With a WAN optimization device at either end of the network link, verbose data formats such as Web pages encoded as long strings of text can also be compressed for transmission and de-compressed at their destination, lowering the amount of bandwidth they consume.
"These were all pieces of the puzzle, but the whole thing came together because of QOS," DeSouza says. Specifically, he used WAN optimization devices from Packeteer to ensure that the most important applications would be given priority treatment. Packeteer is one of several vendors in the niche market for devices that can distinguish between Internet Protocol network packets associated with different applications, and apply QOS rules that determine how quickly they are routed to their destination.
For example, on his network SAP traffic is assigned a high priority (meaning that it will be transmitted across the wide-area network ahead of most other traffic that is using the network at the same time), along with guaranteed access to bandwidth. On the other hand, recreational Internet access such as music downloads is low-priority traffic and may not consume any more than 8% of the available bandwidth.
"It's a global company, and people work lateif someone wants to listen to some music, I don't mind," DeSouza says. But at the same time, such non-essential traffic can't be allowed to get in the way of the monthly financials, he says.
Such considerations are particularly important for global organizations that run centralized applications, which puts more stress on the network and elevates the effects of latencythe delay in transmissions caused by the distance a signal must travel and also by network bottlenecks. "Arun [DeSouza] was clearly the champion within Inergy of saying we've got to do a better job, we can't just keep buying bigger circuits, we've got to build expressways for the high-priority traffic," says Jeff Sahr, operations manager with the managed services division of CH2M Hill, a consulting firm based in Englewood, Colo., that helped with the QOS deployment and provides ongoing network management services to Inergy.
In the first phase of Inergy's network integration project, which lasted from June to December 2004, DeSouza and his team eliminated redundant network servers and services. One of the advantages of the Active Directory architecture is scalability. Whereas the Windows NT generation of Microsoft's network operating system essentially requires each location to be treated as a separate network domain, Active Directory made it possible to operate the entire network as a single domain with a smaller number of servers acting as domain controllers. In Microsoft's network architecture, a domain controller is the server that controls log-in requests and network access permissions. Most Inergy branch locations now have a single domain controller, and that server often doubles as a file and print server if it's not too heavily loaded.
Instead of installing a Microsoft Systems Management Server (SMS) at each location, Inergy moved to a central installation of SMS and the Microsoft Operations Manager for network control. Inergy also upgraded to a single backup system, which replaced the mishmash of backup systems that had previously been deployed, and it outsourced its e-mail servers. For its backup software, Inergy chose Veritas, which was acquired by Symantec last year.
All told, Inergy was able to cut the number of servers on the network from 220 to 160, DeSouza says. Having fewer servers also lowered the manpower required for network administration, particularly after Inergy added Quest Software's ActiveRoles Server for simplified Active Directory account creation and management in 2003. In all, the number of full-time equivalent employees required for domain administration dropped from 15 to three, he says.
Phase two of the network revamp began with a pilot project in early 2005; it used seven QOS appliances that DeSouza convinced Packeteer to lend him to demonstrate the value of the technology in practice. David Willis, a Gartner analyst, recommends this approach, saying most WAN acceleration vendors will lend equipment for a proof-of-concept project, which also helps enterprises measure the load on their networks.
QOS classification and enforcement capabilities have become commoditized recently as they've been absorbed into Internet routers from companies like Cisco. But Willis says there's still room in the market for vendors like Packeteer that have augmented QOS with data compression and protocol acceleration techniques to make WANs operate more efficiently.
"We still see about an 18-month gap in the functionality available through these WAN acceleration appliances and what you get with a router," Willis explains. Where Cisco has made inroads is by simplifying the process of classifying network traffic with an AutoQOS feature that, for example, is useful for automatically determining the right network settings for voice-over-Internet Protocol traffic, he says.
One obstacle to implementing QOS has been the complex and potentially political task of deciding which applications from which departments get the highest priority, Willis says.
According to DeSouza, Packeteer offered the more sophisticated level of QOS technology he wanted. For example, instead of assigning one flat priority to the Web's HyperText Transport Protocol, he wanted to give HTTP requests to the Inergy corporate portal a priority four times higher than Web access.
So far, Inergy has installed 36 of the Packeteer PacketShaper devices at locations in North America, Europe and Asia.
The QOS-enhanced network went live in the U.S. and Asia in the third quarter of 2005, and in Europe in early 2006. While it might sound like this was "just a box" to be plugged into the network, DeSouza says, "Nothing is as easy as it sounds." He traveled 22 weeks out of the year, working to keep the project on track, and some former colleagues burned out and left the company because of the aggressive schedule, he says.
Still, DeSouza is proud of the way the QOS project exceeded its objectives, coming in 30% under budget at a cost of 250,000 euros (about $315,000) as opposed to the estimate of 360,000 euros (about $450,000). At that rate, it paid for itself in about 18 months through tangible benefits such as avoiding the expense of buying additional WAN bandwidth from Inergy's telecommunications carriers. If intangibles such as the estimated benefit of improved employee productivity are included, the payback is only six months, DeSouza says.
Meanwhile, the effective bandwidth available on the network increased by about 300%, compared to the 200% improvement projected in DeSouza's original business case. The average transmission delay dropped by 75% (compared to a projected 50% improvement), and Web applications performed 50% faster (the projection was 33%). Bad transactions, such as failed postings to SAP, dropped by 20%; the goal was 10%.
DeSouza also sees another potential benefit for network security, since Packeteer bandwidth controls can be used to choke off network access to Internet viruses and worms that work by flooding a network with spurious requests.
Taken as a whole, the entire network integration project cost about $2 million, coming in about 15% under budget, with a 2.25-year payback based solely on the tangible savings.
The result is much different than what Inergy started with, taking a network from one corporate parent and a network from the other and mashing them together. Compared with that "administrative nightmare," says information systems VP Stephens, "Today, we have a first-class network that we're able to operate at a very low cost."
Even now, though he's happy when his CEO notices that there have been fewer complaints, Stephens is reluctant to boast. "When things go wrong, they tend to get noticed," he says. "When you start tooting your own horn, and then something does go wrong, that magnifies the issue." But for the moment, he can be happy that some things are going right.
Inergy Base Case
U.S. Headquarters: 2710 Bellingham Drive, Troy, MI 48083
Phone: (248) 743-5700
Business: Manufactures plastic automobile fuel tanks and related systems for Toyota, DaimlerChrysler, General Motors and others.
Chief Information Officer: David Stephens, vice president, information systems and services
Financials in 2005: Revenue of about 1.3 billion euros (about $1.6 billion).
Challenge: Formed in 2000 as a joint venture of European plastics companies, Inergy has had to integrate previously separate networks, centralize information services to save costs, and boost network performance to ensure those newly centralized services would function properly.