Branch office IT is becoming an increasingly important area for consideration as enterprises become more decentralised and business takes place on a 24/7 basis. At the same time a shift in IT architecture is taking place as more and more business applications are distributed to the branch office, which in turn is having a significant impact on the networking requirements to support the business. As programs become more sophisticated and the number of applications needed by workers increases, so does the need for services to support workers such as security, networking, voice and access to information.

These changes mean that branch offices can no longer be left to design and implement their own network infrastructure and applications. Having evolved from relatively independent IT silos, branch offices now represent a fully integrated link in the IT infrastructure. In order to keep in touch with the rest of the business, branch office IT must therefore be standards-based, resilient as well as remotely manageable and configurable.

Branch network challenges and drivers for simplification
Organisations with branch offices have, on average, between six and seven devices at each branch office - the average is 6.1 according to Nemertes Research. This creates management complexities, multiple points of failure and a high operational cost. Instead of trying to manage and support these multiple boxes, enterprises are beginning to see the need to integrate many of these support services onto a single platform. The router manufacturers have spotted this trend and begun to layer on additional services to a single device: multifunction routers now offer integrated firewall security, as well as support for VPNs, which seems like an attractive proposition.

Having one device to manage instead of six represents an immediate saving just in terms of time and complexity. However, this approach does also present certain challenges to the branch office IT manager. As new services are bolted on to the router, the performance of the device can be affected and there is a significant risk of application conflicts and configuration errors leading to an increase of unplanned downtime. By combining security with routing functionality there is the chance of a denial of service attack or other threats bringing down business-critical applications. The resiliency of the device can also be a problem - relying on any one device can lead to a single point of failure within the network.

Definition of a services gateway
Services gateways have emerged as a new category of device designed specifically for the branch network to address these multiple challenges. Instead of simply combining legacy point products or bolting features on, services gateways have been designed and built from the ground up to unify the growing range of security and data networking services deployed in enterprise networks today. This approach also minimises the number of devices enterprise IT has to deploy and manage, leading to a reduction in IT overhead costs and operating expenses. The market for this kind of solution is already growing: according to US analyst firm In-Stat, it will grow from $1.2 billion in 2004 to an estimated $16.6 billion in 2008.

A services gateway offers the same benefits as a multifunction router - the consolidation of appliances and reducing power and space considerations - but also allows for remote control of the software modules. Additional software units can also be turned on as they become necessary to the branch office without impacting on the performance levels of the device - a key consideration when looking at the quality of service that devices have to deliver.

Business models and infrastructure
Branch office networks typically don't have dedicated IT staff working at them, as this would not be an efficient way of using someone's skills - but any problems with the devices that do occur will have a more serious impact on workers than a comparable event at the head office. For most organisations, sending out a member of the IT team to visit the site is the only way to solve the problem, even if it is a relatively simple one - such as restarting an appliance when the software falls over. This is due to the IT team being unable to manage an unavailable device remotely - as the appliance has fallen over, it can't be turned back on.

This problem is especially damaging when a multifunction router has its one of its software units fall over - it can affect the performance of the rest of the branch office, and potentially leave staff unable to work and stop revenue being generated. Given the rise in popularity of VoIP, this could leave the office without any telephone communications for example, even within the building itself. Large telecom routers have separated the data and control planes, but services gateways have taken this a step further by splitting the management plane from the control plane as well as the data plane - this separation allows for remote access and management, even when a software module has fallen over.

Services gateway benefits as applications grow
Applications are becoming more interlinked, and models such as web services and SOA mean that applications can sit within various parts of the organisation - or be completely hosted outside the company network. This reliance on the wider network means that the reliability of the devices that run this connection is paramount. Running this kind of model relies on the management of all the support services being possible from the head office.

Multifunction routers offer a number of benefits to the organisation, such as cost savings and space reduction. But for the unique requirements of the branch office, the ability of a services gateway to control devices remotely under a single interface can offer a more flexible and manageable infrastructure. And with the greater demands of the network, applications and business drivers, remote control is the biggest asset to bear in mind.

Gordon Young is VP EMEA for services gateway developer NetDevices.