Fast track to file access

How to use wide-area file services to boost access to files across WANs

Agencies struggling to provide a geographically dispersed workforce with quick and secure access to files might want to consider deploying wide-area file services (WAFS) appliances to help them consolidate remote office files at a single, centrally managed location.

By using caching and protocol-optimization techniques, WAFS speed file access across wide-area network links while helping organizations maintain security and control over applications.

Files that use bandwidth-hungry protocols, such as Common Internet File System (CIFS) for Microsoft Windows-based servers and Network File System (NFS) for Unix- and Linux-based servers, are geared to operate efficiently on local-area networks rather than WANs.

When you open a file on a LAN-based server, your client machine on that network exchanges hundreds of messages with the server. When you use the LAN, you hardly notice the time it takes to open the file because of the available bandwidth.

But open that same file from a remote or branch office that has a decent connection to the central data center and you’ll likely have time to refill your coffee cup. If connectivity speeds are low, that file-opening operation will give you time to grab a sandwich, too. Network connectivity speeds affect office productivity.

To solve that issue, many agencies have installed servers at remote and branch offices, creating a distributed group of mini-LANs. Although that approach solves the file-access issue, it increases costs and the potential for security risks. Agency budgets must absorb the cost of the additional servers to support the remote locations. In many cases, technical employees must also be added to the payroll to manage the remote configurations.

Click here to enlarge "WAFS at work" chart (.pdf).


Maintaining security controls and accurate and timely backups of critical data is challenging in a distributed environment. Managers are often left wondering if nontechnical employees at remote offices will remember to back up the server each evening.

The drive to WAFS
There are two trends driving agencies toward WAFS and its related technologies. “Branch-office server-centralization projects and the move to Web browser-based applications continue to drive this market,” said Joe Skorupa, a research director at Gartner.

WAFS improve remote file-access speeds while eliminating the need for equipment and technical employees at remote locations. Centralizing equipment also allows information technology managers to more easily implement policies that will ensure compliance. In addition, deploying other strategies, such as data backups, also becomes easier in a centralized environment.

Centralization, consolidation, control and lower costs aren’t the only reasons to look at WAFS technology. In a recent report, IDC analysts said, “As WAN-optimization appliances are deployed across borders (continents, extranets, remote offices, etc.), these dedicated appliances are also becoming critical to detecting and preventing denial-of-service attacks, worms, intrusions, and other traffic and access irregularities.”

Using WAFS appliances for WAN optimization is worth considering, Skorupa said. Packeteer and Riverbed Technology, two leaders in the WAN-optimization area, offer WAFS support. However, the market for WAN optimization, which includes WAFS and other related technologies, is still emerging. It is likely that additional mergers and acquisitions will occur as the market matures.

In the meantime, it is a good idea to execute one or more WAFS-related proof-of-concept projects or conduct a small test with a limited number of remote offices.

How WAFS work
WAFS solutions come in pairs of appliances — one for the central data center and the other for the remote or branch office — and they are often used with virtual private networks. A centralized data-center WAFS appliance might serve one or more remote locations depending on its size and configuration.

Click here to enlarge "WAFS solutions" chart (.pdf).


Once in place, the central and remote WAFS appliances work together to speed WAN performance by using technologies such as compression, caching or acceleration. Some providers use all three methods and other proprietary tools.

The remote appliance decompresses and caches the traffic and, given a large enough cache, can make file access downright peppy at the remote office. On the return trip to the agency’s centralized data center, the remote appliance also compresses the outbound traffic.

Here are some necessary steps to properly deploy WAFS appliances.

Step 1: Determine your topology
One of the first things to consider is what type of topology you want to have. Providers of WAFS appliances might support an inline or non-inline topology, although several providers support both. In an inline topology, you route traffic through the WAFS appliances directly. That type of configuration allows you to speed all the traffic between the two locations.

Conversely, in a non-inline topology, the appliances sit on either end of the network, but all traffic does not flow between them. Instead, the appliance at the remote office is configured to act as a proxy for remote network shares, which give computer users on the same network a centralized place to share files. Staffers at the remote office map drives to shares on their local WAFS appliance.

Then, as remote office staffers access files, the local and remote appliances work together to ensure that the user works with the most recent version of a file. In this scenario, the most frequently used files are stored on the local cache and the two appliances work to keep files in sync while using techniques such as compression or acceleration to sustain LAN-like performance.

Step 2: Examine protocol support
Aside from considering topologies, examine what protocols the WAFS appliance supports. Some appliances are limited to CIFS while others support CIFS, NFS, and other file or message-related protocols, such as FTP and the Messaging Application Programming Interface. Your users may be running Windows-based desktop PCs, but if they share file across Windows, Unix and Linux servers, you’ll want CIFS and NFS protocol support.

As the WAN-optimization market matures, the lines between WAFS and wide-area data services (WDS) will begin to blur. WDS devices typically support protocols such as TCP/IP, HTTP and those supported by WAFS appliances.

WAFS providers are beginning to add support for nonfile-related protocols to their appliances. If your remote employees work with central files and access applications such as an agency Web portal, you’ll want WAFS and WDS protocols. Support varies among providers so check to make sure the protocols you need are included.

Step 3: Compare performance
Compare the performance of the WAFS appliances you are examining. All will use some combination of compression, caching, and acceleration, and each will usually state that they are the fastest or can deliver the best performance.

During your proof-of-concept or test project, execute the same tasks, such as opening large files. Record the performance statistics for all of your test appliances, your general impressions about the performances and any glitches you encountered along the way.

Step 4: Check security, reporting functions
Compare the security-related functions of each appliance. Can it be centrally secured? Can you comply with your agency’s security policy by using the appliance? What type of security alerting does it support? Can it send alerts to a centralized monitoring framework or an administrator’s e-mail account or pager?

If the budget permits, consider appliances that include proactive security measures, such as traffic analysis and intrusion prevention.

Good reporting is also essential. The appliance you select should include summary reports that are meaningful to agency managers. Detailed statistical reports on bandwidth usage and throughput are also critical. However, reporting on trends that affect cache usage is probably the most important. By monitoring cache usage you can accurately forecast when a given set of appliances may need to be upgraded or replaced.

Appliances deal with cache usage in different ways. Some feature cache storage but no other storage capability. Others include storage, but the amount varies widely among vendors — from 80G to 512G. A key portion of your WAFS evaluation will include accurately determining the amount of cache and disk storage needed at your remote locations.

WAFS and WDS appliances can enable agencies to cut costs through centralization and consolidation. Centrally controlled data-access methods and simplified backup strategies can further increase efficiency. For those reasons, agencies should evaluate WAFS and WDS devices.

Biggs, a regular Federal Computer Week contributor, is a senior engineer and freelance writer.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.


  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above