Supporting a network in transition: Q&A blog post series with David Lef

In a series of blog posts, this being the first, David Lef, principal network architect at Microsoft IT, chats with us about supporting a network as it transitions from a traditional infrastructure to a fully wireless cloud computing platform. Microsoft IT is responsible for supporting 900 locations and 220,000 users around the world. David is helping to define the evolution of the network topology to a cloud-based model in Azure that supports changing customer demands and modern application designs.

David Lef explains the key factors and strategies involved with implementing and supporting a network infrastructure that enables modern work styles such as constant connectivity and mobile productivity.

Q: Can you explain your role and the environment you support?

A: My role at Microsoft is principal network architect with Microsoft IT. My team supports almost 900 sites around the world and the networking components that connect those sites, which are used by a combination of over 220,000 Microsoft employees and vendors that work on our behalf. Our network supports over 2,500 individual applications and business processes. We are responsible for providing wired, wireless, and remote network access for the organization, implementing network security across our network (including our network edges), and we ensure that the nuts and bolts of network functionality work as they should: IP addressing, name resolution, traffic management, switching, routing and so on.

Q: What are the major changes in work styles right now? How has that trend been occurring and how is it changing?

A: Right now it’s about being connected. Connecting from anywhere at any time, to whatever resource I need to be productive. The change started five to eight years ago, but the change is ongoing as new technology emerges. It really started with the constant connectivity that personal mobile devices provide.

Smart phones and tablets have given people Internet access everywhere they go, whenever they want, and that expectation naturally extends to their work environment. It started small, with email being the biggest request a while back—but it has expanded into all aspects of being technically connected to work resources. Microsoft has become a company where work/life balance is important to our corporate culture, and Microsoft employees use the modern work style to make that work with their responsibilities. They are being productive outside of the office, and outside of traditional office hours. The primary ways we’re changing today are with the constant addition and migration of apps to the “available anywhere, anytime” ecosystem, and the expansion of a “wireless-first” network. It’s ongoing, and it changes daily.

For example, our customer relationship management (CRM) solution is now hosted in the cloud, so our sales people can be productive without having to connect to our corporate network. The whole organization is following the same strategy: internal apps and business functions have moved or are moving to the cloud, improving access and productivity for the entire organization.

Q: What strategies are you using to stay ahead of these changes? How do you catch up if work styles have already changed?

A: There are two main strategies that have been ongoing for about as long as we’ve had demand for 24×7 connectivity. The first one is moving apps and portals to be Internet facing. For most of them, that means moving to the cloud on Microsoft Azure and other services, such as Office 365. For others, we are implementing hybrid solutions where some of the app moves to the cloud while some of it stays on-premises in our datacenters. But the cloud is the ultimate goal for all our apps and processes.

The second strategy is wireless-first. This means that for our user/employee connections, we want wireless to be the first and best solution for them. Almost all of the smart devices (phones, tablets, etc.) in the marketplace are wireless-only, so we need to have appropriate wireless coverage and bandwidth to ensure that our employees can work in the way that best suits them. We support multiple methods of access across many platforms and devices, so employees can use whatever device allows them to be most productive. We’re providing a lot of our corporate network connectivity through wireless—it’s the connectivity method used by the majority of our user devices.

We did play catch-up at the beginning. The influx of mobile devices that users wanted to connect to our network and the huge number of different devices caught us a little by surprise. Different devices have different methods of access, and we had to make sure our network design provided appropriate protection for and from these devices.

For example, there is significant variety in the operating system version across Android devices in our environment, and we had to account for how we would manage that. We caught up primarily through intentional communication: we went out and got to understand what users wanted and how we could best implement it. We communicated the capabilities of our network and the restrictions. When users are aware of what can and can’t be done, it reduces the number of requests that are simply impossible for us to do.

Q: What are the key factors and considerations for your role in this space?

A: With change happening so quickly, it’s really important for us to communicate. This means keeping in contact with groups that depend on us, making sure we’re aware of how the network is being used, and anticipating changes in users and technology. In this field, a five-year plan for implementation just doesn’t make sense, because everything changes so quickly.

Now, that doesn’t mean that we’re looking down, simply putting one foot in front of the other. We can't afford to do that; there's too much change, too many reasons to keep our eyes on the horizon. Our practical focus is 18 months out. We have an 18-month roadmap that’s separated into 6six-month cycles. That's how far ahead we look when we're thinking about technology changes and implementation. We revisit this roadmap at least every two months. We do have a long-term strategy, though, that is supported by a three- to five-year vision. These longer term plans are at a much higher level, and it allows for things to change, technology-wise.

Q: How do you manage resistance to adoption of new technology or processes you implement in this space?

A: Communication and education. Microsoft has its hands on the user experience almost everywhere. We have a User Experiences group that’s dedicated to the relationship with our internal users, who ultimately are our customers. We provide opportunities to get one-on-one with members of our IT teams, and we try to proactively mitigate situations before they become a problem. We publish user tutorials called Worksmart Guides that provide education and step-by-step instructions for interacting with most of our IT touch points, and we ensure that our users know where and how to get them.

For cloud computing, it’s been a lot of education and assurance. There are a lot of misconceptions about cloud computing out there, and we want to make sure that we can show our users that their data and apps are just as safe, or safer, within the Microsoft Azure environment or any other cloud technology that we’re using.

Q: What is the biggest impact on traditional network architecture from this shift and how are you addressing it?

A: The move to wireless-first has had a big impact on us and our users. In many cases, the transition to wireless is fairly straightforward, and users embrace it. However, there is the perception (and reality, to a certain degree) that a wireless connection isn't as reliable as one that's wired, so we've had to ensure that the build-out of our wireless network is as reliable and robust as possible. We also make sure that users are making the transition with us. For instance, if a PC at a user's desk isn't natively wireless-capable, we make sure that we get a tested wireless adapter to that user and into their machine.

Many of our physical sites were wired when they were built or, in some cases, were retrofitted. In most locations, there are several wired network drops at each workstation. Compared to the network infrastructure required to implement wireless, it's way more expensive. If we want to expand or renovate in a physical location, wireless-first means we don't have to provide the same level of wired infrastructure in the location that we used to. It's a huge cost savings, and it makes further changes and upgrades much simpler.

Another big impact has been to our edge network. We have a lot more bandwidth at the edge than before, because so much more traffic goes in and out of our corporate network with the move to Internet-facing access points for apps and portals. Our available bandwidth has increased almost five hundred percent in the last five years. We've also increased security measures at the edge of our network with the increase and change in traffic, building strong firewall rules and implementing information security for incoming and outgoing traffic to prevent data loss.

Q: What do you see 18 months from now in network architecture?

A: In 18 months, most of our physical locations, with the exception of datacenters, will be wireless-first. We want one hundred percent conversion of our information worker clients to be wireless-first. Our app portfolio is constantly moving to the public side, on Microsoft Azure or software as a service (SaaS) solutions, such as Office 365. In 18 months, we expect to have ninety percent of our productivity apps (email, instant messaging, Office) public-facing, and seventy percent of our business apps public-facing.

Learn more about how Microsoft IT is optimizing its network here.