Solution Briefs

Umbrella: O365 Performance Use Case

Issue link: https://learn-umbrella.cisco.com/i/1104331

Contents of this Issue

Navigation

Page 0 of 3

Use case Cisco Umbrella © 2019 Cisco and/or its affiliates. All rights reserved. Umbrella Improves O365 Deployment Success and On-going Performance Current Situation The combination of two key trends is driving a high rate of conversion to Microsoft O365. The move to the cloud for key applications has picked up momentum and progressed from an early adopter status to a mainstream concept, plus Microsoft has become increasingly aggressive with programs that promote the transition to O365 for all Office renewals. While O365 is a strong offering and has many productivity and cost advantages, there are some significant network and security issues that are causing problems as organizations migrate. In many cases, trials or small initial deployments work well but when the entire organization is turned on, issues arise. The activity generated by a SaaS office suite is different than other applications. There tends to be a high volume of traffic from multiple locations, with many open threads and extended session times. Large organizations have users connecting from all over the globe. This scenario doesn't typically perform well in organizations that are backhauling traffic to a data center and Secure Web Gateway (SWG) or using a cloud proxy to intercept and decrypt all of the traffic. These performance issues can stall O365 adoption, frustrate users, and result in a higher number of shadow IT solutions. Microsoft's response to these issues is to recommend not using a proxy for the core O365 traffic and in some cases purchasing their "ExpressRoute" offering to improve performance. They say "Don't proxy O365 traffic" and recommend allowing O365 traffic to be sent directly to their cloud service, whitelisting it from a SWG/proxy (both on-prem, and cloud-based) as can be seen in this recent MS KB article. To date customers have had trouble adopting this advice with the frequent IP changes from Microsoft and even when they do, performance issues still linger in many cases. Microsoft is trying to help by implementing a new API-based model whereby the list of domains is split into categories, designating three types of traffic: • Optimize: These are the core MS destinations (roughly 75% of the traffic) that should not be inspected, decrypted, or authenticated by a proxy. MS hosts these IPs and URLs and claims that security is included. MS is reducing this to ~8 URLs to further simplify. • Allow: Non-critical destinations, where MS recommends applying the organization's default security policy, but still advises not to decrypt. Some network latency is not expected to cause major performance issues. • Default: These are other destinations that may not necessarily be hosted by MS, and proxy inspection policies can be applied as these are just like standard web browsing. Key challenges • It is a well-known fact that SWGs and proxies do not play nicely with Microsoft O365. Long-lived connections get broken by a proxy in the middle, and the multiple connections that the O365 apps generate add heavy load to a proxy (and to any other appliances or other infrastructure at a customer's edge). • While recommending to whitelist traffic from a proxy to their cloud-based O365 service, Microsoft also frequently updates the list of their cloud URLs and IPs used by the service. • These frequent updates and new domains also make it challenging for vendors to accurately categorize them under their content categorization engines, often leading to O365 domains being classified under a number of different content categories, causing inconsistent enforcement of policies. • Poor performance impedes adoption and causes backlash from unhappy end users. • Slow response times lead to increased shadow IT activities for core functionality like collaboration and file storage/ sharing which expands the threat surface. • Organizations see an increase in email related security incidents when using Microsoft email security and need better protection. • There is a need for data loss prevention for email, and data in SharePoint and OneDrive.

Articles in this issue

Links on this page

view archives of Solution Briefs - Umbrella: O365 Performance Use Case