Last updated on June 21, 2021.
From Salesforce to Microsoft Office 365 to Zendesk, reliance on SaaS has become ubiquitous. By eliminating hardware and software, SaaS is inexpensive, fast to deploy, easily scalable, and makes compatibility problems disappear.
But it presents its own challenge: How to effectively connect users to those services without having to route all of their DNS and application traffic back to a centralized location.
The inability to deliver SaaS-based services in an optimal way degrades end-user experience and impacts the bottom line. To attempt to optimize performance, local internet breakout is frequently used as a workaround. Only, it’s hard to do well and often causes more complications for network teams.
This post will explore the impacts to users of sub-optimal SaaS delivery paths. Further, it will look at how internet breakout has been used as a less-than-ideal workaround. Lastly, it will examine how BlueCat’s tools can optimize the SaaS user experience and give admins full visibility and control over all routing activity in the process.
This post is part of a blog series exploring some of the challenges network teams experience in the face of enterprise cloud adoption—and how BlueCat can help solve them.
The impacts of sub-optimal SaaS delivery paths
Traditional wide-area network (WAN) technologies are not cloud friendly. They tend to use a hub-and-spoke model for routing traffic to the cloud. Queries are sent from branch offices through the network core. That extra transporting—called backhauling—degrades network performance and results in poor user experience. Plus, it usually involves costly leased MPLS (Multi-Protocol Label Switching) lines.
Key problems caused by sub-par SaaS routing
The inability to consume SaaS-based services across the most optimized path can result in numerous challenges.
- Latency: Inefficient backhauling of packets from all around the world to a central data center and back again makes the internet slow for end users.
- Other performance problems: Sub-par DNS routing can also lead to further balance and performance problems for other applications hosted on-premises or in the cloud, not just SaaS. (A related problem when managing DNS in hybrid cloud environments is too many conditional forwarding rules, creating a DNS traffic jam.)
- Degraded usability: When routing DNS traffic to centralized data centers, it points all end-users to resources that are local to that data center. Not to where they are actually located. As a result, a user in, say, Germany trying to access a SaaS-based solution may end up accessing it from servers across the globe in Canada. And in the wrong language to boot.
- Shadow IT: Frustrated by latency and performance issues, users can resort to their own IT solutions. Shadow IT and unknown or unnecessary IT expenses apart from network teams’ purview can crop up and become the norm.
- Lost revenue: Customers, not just enterprise users, can feel the effects of suboptimal routing. A 2017 Akamai study found that a 100-millisecond delay in website load time hurt conversion rates by 7%.
Local internet breakout as a SaaS workaround: not so simple
Some organizations access SaaS services using local internet links. This can ensure higher performance, a localized end-user experience, and reduced operating costs.
Sometimes referred to as internet breakout, it’s an access point to the internet located as geographically close as possible to the user. Local breakouts avoid sending SaaS traffic to branches, remote offices, or a data center. Instead, a user’s connection is routed directly to the internet via a local internet service provider (ISP).
It sounds like a simple workaround. But intelligent routing of DNS traffic to services that may exist in the data center, a company-controlled hybrid cloud, or out on the public internet is actually a massive challenge for network administrators.
BlueCat optimizes SaaS performance and user experience
Overcoming DNS routing challenges doesn’t just apply to internal and private cloud environments. An enterprise’s users around the globe need to be able to consume appropriately localized and authorized SaaS-based services as well.
BlueCat’s Intelligent Forwarding allows network teams to keep internet breakout and leverage local ISP links from in-country DNS providers to ensure the best user experience.
Furthermore, it does so while giving network teams the ability to consistently and centrally manage core network services, like DNS, DHCP, and IP address management (together known as DDI), across the enterprise. Admins have visibility and control regardless of whether DNS resides on-premises or in the cloud. Some enterprises might opt for cloud DNS services, but those don’t allow for centralized control and management of enterprise-wide DNS.
Learn more about Intelligent Forwarding in this video:
Centralized DNS management makes SaaS a breeze for network admins. With single-pane-of-glass visibility into DNS, they can allow direct consumption of some SaaS services while others might be restricted to specifically authorized locations or networks.
Furthermore, whatever the requirement, it captures the usage of these services. This gives network admins the visibility they need to ensure appropriate and secure utilization of services.
When users access SaaS-based services using optimal DNS and network routes regardless of their location, the result is better for everyone. In the end, users get the most optimized route and experience for all cloud services. It does not matter whether they are SaaS or other types of private or public cloud applications. And the enterprise gets speed, performance, control, and more revenue earned.
Upcoming blog posts will explore the biggest hybrid cloud challenges for DDI. And they will highlight the solutions that BlueCat offers to alleviate them. In the meantime, read the Using BlueCat Adaptive DNS in the Cloud whitepaper.
With a multi-service architecture, BlueCat Edge SPv4 now supports simultaneous add-on modules for security, networking, cloud, and branch offices.
Unveiled at Cisco Live, Zero Trust DNS from BlueCat offers continuous verification, least-privilege access, and context and response to secure networks.
Learn how you can use BlueCat Cloud Resolver to tame cloud DNS by simplifying zone discovery and conditional forwarding rule management.
Our illuminating infographic shows how an integrated DDI platform can tame network complexity, including poor visibility, zone conflicts, and outages.