With over 10,000 users and 900 locations across 22 countries, Kelly Services exemplifies the diversified multinational organization. But as Kelly Services looked to standardize on Office 365, it became apparent that full application support across the Office 365 suite would require a complete network transformation, from a legacy hub-and-spoke network to a modern direct-to-cloud architecture.
Join this session to hear first-hand how Kelly Services was able to drive down MPLS and networking costs, deliver a fast Office 365 application experience to users around the globe, and fundamentally transform its network infrastructure.
1. Kelly Services: Lessons learned from
deploying a global network to support O365
WEBCASTS
Robb Wilber
Director Global Networks & Telecom | Kelly Services
Dan Shelton
Director Product Management | Zscaler
2. Want to ask a question?
We’ll answer questions live,
or follow up afterwards
Please take survey and let us
know how we did
Contact us if you have any
other questions or comments
3. GLOBAL LEADER IN
WORKFORCE SOLUTIONS
At our core, we connect great
companies with great people
Established 1946
$5.5B USD in revenue
10,000 employees
600 locations in
22 countries
Serving nearly all of
Fortune 100 companies
4. Fail-Over
EMEA DC
Fail-Over
NA DC
App
App
App
App
App
App
App
App
App
• Growth through
acquisitions
• Increased complexity
• Collaboration tools varied
by business units
• Disparate security controls
Challenges of a Large Enterprise Network
9 data centers
8 internet egress points
managed by 6 different teams
8 email systems
managed by 6 different teams
17 MPLS providers with
various configurations
5 VPN solutions
Our Architecture
Complexity
5. Cloud Transformation Strategy to Support O365
Cloud First
SaaS enables a fast
user experience
and IT agility
Drives network
simplicity and
cost reduction
Internet First
Enables and
maximizes a
productive
workforce
Mobile First Global Collaboration
Delivers a
competitive
advantage
6. Identify and differentiate Office 365 traffic1
Egress network connections locally2
Assess Bypassing Proxies3
Avoid network hairpins4
Microsoft’s Guidance for Office 365 is Direct Internet
Identify the O365 apps you plan to use.
These need to be isolated from your other traffic.
Don’t backhaul O365 traffic.
Send straight to internet for lowest latency.
Don’t run O365 through
security appliances.
This adds latency and kills
app performance.
Send remote users directly to Microsoft.
VPN hairpins kill the user experience.
7. Network simplification: A journey from old to new
MPLS
Consolidated 17
MPLS providers
down to one
SD-WAN
Reduced MPLS
footprint from 900
locations to down to 30
Internet Cloud and Apps
Internet and SaaS
8. Simplify application
access (No VPNs)
Deliver same fast
experience on or
off network
Embrace all apps to
maximize productivity
Enable collaboration
and video conferencing
that performs
Standardize on one email and business productivity suite
Network simplification was only part of the equation
9. MPLS
Provider
Open Internet
Initiatives –
• Consolidation, SD-WAN, and
Exchange / SharePoint
• Local Internet Breakouts
• Simplified Administration
• Global Collaboration Tools (S4B,
OneDrive, Teams, etc.)
870 Branch Locations
Leveraging SD-WAN
30 Country &
Regional HQs
Benefits –
• Consistent End-User
Experience for O365
• Aggressive Adoption
that Led to Business
Process
Improvements
1
4
2
3
CLOUD TRANSFORMATION
TO FULLY SUPPORT O365
10. Direct-to-Cloud Architecture
Internet Cloud and AppsInternet and SaaS
Secure local
breakouts
across 900 locations
for all users
Enhanced
Capabilities
SSL Inspection,
Sandbox, DLP,
and Threat protection
Lesson Learned – Local Internet Breakouts For All Locations
11. Lesson Learned – Support all Ports/Protocols with Cloud Firewall
Office 365 (All ports and protocols)
Port: 443
Protocol: HTTPS
User: Jen
APP: Outlook Online
Location: All
APP: Outlook Online
Port: 3478, 3479, 3480, 3481
Protocol: UDP
User: Chris
APP: Skype for Business Online
Location: All
APP: Skype for Business Online
Port: Any
Protocol: UDP
User: Steve
Location: All
APP: BitTorrent
Internet
Branch User
Checking Email
HQ User
Sharing Desktop
Mobile User
Downloading Movies
APP: BitTorrent
Easily scale NGFW control across all locations to Support
O365 without the appliance cost and complexity.
Application visibility and control
• Adv. DPI engine - stateful packet inspection
• ID Apps regardless of port, protocol, or evasion
• Intrusion Prevention w/ protocol anomaly and
signature-based detection.
User identity awareness
ID Users & Groups regardless of IP address
Unified Policy and Administration
• Single console for policy management
and real-time log visibility
• Removed 700 rules from perimeter
devices
Zscaler
Cloud
Firewall
Direct Internet Traffic
12. • Policies are defined in a single
console and immediately
enforced globally
• Policies are enforced in the
cloud,
before the last mile bottleneck
• Window shaping and
bandwidth throttling deliver a
smooth user experience
Prioritize Office 365 Over Other Apps on Local Internet ConnectionsIdentify & Differentiate
Lesson Learned – Use Bandwidth Control to Prioritize O365 Traffic
13. Low Office 365
traffic in NY
despite one of the
largest offices
– user issues?
Easily identify
the top
Office 365 users
OneDrive
traffic is low –
is Box still
being used?
Real-time
traffic volume
trending
Lesson Learned – Visibility Into Traffic Flows Per Location is Crucial
Actionable Data to Validate Deployment Assumptions
14. Zscaler for Office 365 ✔
1. Fully Compliant Microsoft Connection Method (700+ customers)
2. Best possible user experience (fast response times)
3. Rapid deployment (no upgrades, configuration changes)
4. Investment protection and cost avoidance (no hardware or backhaul)
5. Visibility into all Internet traffic within seconds (single console)
Zscaler for O365 – 5 Reasons Why