Adoption of SaaS applications like Office 365 moves some combination of services and data outside the enterprise network. As SaaS applications gain in popularity and adoption, more and more end user traffic will end up split between private enterprise systems, and cloud-based service endpoints on the Internet. Optimizing SaaS traffic flows avoids degradation in quality of experience for your users.
Enabling O365 traffic optimization on your NetFoundry network will ensure that user traffic destined for Microsoft O365 is forwarded directly to the Microsoft cloud over the internet, avoiding latency introduced by packet inspection, network hairpins, etc.
See Office 365 Network Connectivity Principles for more information.
In this guide you will learn:
- How to configure O365 traffic optimization on your network;
- Set the next hop IP address for O365 traffic on a gateway;
How optimization works in a NetFoundry network
NetFoundry leverages the Microsoft endpoints web service to implement a checks and balances system whereby any NetFoundry services you create that overlap O365 address space are flagged with a warning in the NetFoundry Console.
NetFoundry will not remove a conflicting service from use automatically, which could inadvertently impact production traffic on your network. Instead, a warning will be shown in the console so that you may resolve it as you see fit. You can resolve overlapping services in one of two ways:
- Choose a non-conflicting address for the service host - If you're able, move the real IP address of the service host to non-conflicting address space. This isn't always possible for a variety of reasons.
- Define a service intercept address - If you're not able to move the service host to a new address, you can specify an intercept IP address in the service definition instead. Clients will use the intercept address to reach the service, rather than the real IP address. For example, if you edit the conflicting service, and add an intercept IP of 10.0.0.1, then clients will use this address rather than the real address to reach the service host. See Introduction to Services for more information about intercepts.
How to configure O365 traffic optimization on your network
In the NetFoundry console, you can enable policies via the Manage Organization -> Manage Networks page. Locate the network you want to modify in the list of networks, and choose O365 Optimize from the ellipsis menu. Here you can specify your preferred categories of O365 traffic for direct internet breakout:
- Optimize endpoints are required for connectivity to every Office 365 service and represent over 75% of Office 365 bandwidth, connections and volume of data;
- Allow endpoints are required for connectivity to specific Office 365 services and features, but are not as sensitive to network performance and latency as those in the Optimize category;
- Default endpoints represent Office 365 services and dependencies that do not require any optimization, and can be treated by customer networks as normal Internet bound traffic.
See Office 365 endpoint categories for additional O365 optimization setup information.
NetFoundry will leverage these policy settings when deciding what O365 traffic to optimize.
Set the next hop IP address for O365 traffic on a gateway
When O365 traffic optimization is enabled on your network, you have the ability to set the next hop IP for O365 traffic on a gateway by gateway basis.
To enable this feature, navigate to the Manage Gateways page in the console, and edit the desired gateway. Enter an IP address in the O365 Breakout Next Hop IP field to forward all O365 traffic to this address.
If you leave it blank, then the gateway's default route will be used as the next hop.