I love Trombones… in marching bands. Some trombones, however, generate a totally different sound: sighs of angst across networking teams around the world.
Why “The Trombone Effect” Is So Detrimental to IT Teams and End Users
The “Trombone Effect” occurs in a network architecture that forces a distributed organization to use a single secure exit point to the Internet. Simply put, network traffic from remote locations and mobile users is being backhauled to the corporate datacenter where it exits to the Internet through the corporate’s security appliances stack. Network responses then flow back through the same stack and travel from the data center to the remote user.
This twisted path, resembling the bent pipes of a trombone, has a negative impact on latency and therefore on the user experience. Why does this compromise exist? If you are in a remote office, your organization may not be able to afford a stack of security appliances (firewall, secure web gateway or SWG, etc.) in your office. Affordability is not just a matter of money. Distributed appliances have policies that need to be managed and if the appliance fails or requires maintenance – someone has to take care of it at that remote location. Mobile users are left unprotected because they are not “behind” the corporate network security stack.Cato SSE 360: Finally, SSE with Total Visibility and Control | Whitepaper
Do Regional Hubs Mitigate the Impact of “Trombone Effect?”
The most recent answer to the Trombone Effect is the use of “regional hubs”. These “mini” data centers host the security stack and shorten the distance between remote locations and security exit points to the internet. This approach reduces the end user performance impact, by backhauling to the nearest hub. However, the fundamental issue of managing multiple instances of the security stack remains as well as the need to set up distributed datacenters and address performance and availability requirements.
Solving the “Trombone Effect” with Cato SSE 360
Cato Networks solves the “Trombone Effect” with Cato’s Security Service Edge 360 (SSE 360), which ensures that security is available everywhere that users, applications, and data reside. Rather than making security available in just a few places,
Threat prevention and data protection are uniformly enforced via our private backbone spanning over 75+ PoPs supporting customers in 150+ countries. Because the PoPs reside within 25 ms of all users and locations, companies don’t need to set up regional hubs to secure the traffic, alleviating the cost, complexity and responsibility for capacity planning and management, while ensuring optimal security posture without compromising the user experience.