Cushman & Wakefield

Cushman & Wakefield boost global network performance and security with Aruba EdgeConnect SD-WAN edge platform and Zscaler cloud-delivered SASE

  • Customer Profile

    Cushman & Wakefield is among the world’s largest real estate services firms with approximately 50,000 employees in 400 offices and 60 countries. In 2020, the firm had revenue of $7.8 billion across core services of property, facilities and project management, leasing, capital markets, valuation and other services.
    • Vertical: Real Estate Services
    • Location: Chicago, Illinois, United States
    • Customer size: Approximately 50,000 employees across 400 offices worldwide

    Use Case

    Accelerate application performance and improve quality of experience for global end-users by eliminating backhauling branch office traffic across expensive MPLS circuits

    Requirements

    • Connect global branches securely and directly to the cloud
    • Deliver predictable and consistent application performance worldwide
    • Enable consistent security policy enforcement
    • Provide application-aware traffic prioritization based on business need

    Outcomes

    • Improved application performance by 35 percent on average
    • Produced OpEx savings of $1.5 million per year
    • Increased application usability by 25 percent, improving productivity and quality of end-user experience
    • Delivered consistent security policy enforcement across all global locations
    • Enabled local breakout at branches to cloud and SaaS applications

    Cushman & Wakefield has grown dramatically through mergers and acquisitions, which created complexity in its wide-area network (WAN). All application traffic was backhauled to regional data centers, making the WAN a huge bottleneck, which resulted in slow application performance and a poor end-user experience.

    The solution was a cloud-first strategy, led by SD-WAN. Chris Butcher, platform architect for global networks, cloud and perimeter security, explains, “SD-WAN could connect all our branch locations securely and directly to the cloud, with full resiliency and assurance of predictable and consistent application performance. It just made good business sense.”

    Enabling An Application-Aware Architecture

    Cushman & Wakefield considered a number of SD-WAN solutions, but the Aruba EdgeConnect SD-WAN edge platform stood out from the others by enabling a business-driven WAN architecture — a key strategic requirement.

    Butcher notes, “In a modern-day network, it’s not just about connectivity, it’s about providing prioritization and decision-making on where you send traffic based on specific application requirements. Having an application-aware SD-WAN platform at the edge allows us to tightly align our network with our business requirements.”

    Standardizing On EdgeConnect Globally

    The company deployed the EdgeConnect platform across 220 of its business locations—a total of 377 EdgeConnect appliances, with some sites configured for high availability—including all branch offices and eight data centers in four regions of the world. MPLS is being decommissioned and replaced with dual broadband links terminated on each EdgeConnect appliance.

    The EdgeConnect platform is now the standard WAN edge solution for Cushman & Wakefield, providing application-based routing, traffic filtering, and comprehensive SD-WAN capabilities such as path conditioning, quality of service (QoS), and dynamic path control. The company also takes advantage of the optional Aruba Boost WAN optimization performance pack to accelerate applications across continents.

    Cloud-delivered security for local internet breakout

    Cushman & Wakefield also built a secure access service edge (SASE), leveraging the automated integration between the EdgeConnect platform and Zscaler cloud-delivered security. This provides each location with local internet breakout while enforcing security controls over traffic flow.

    For example, applying QoS policies on EdgeConnect and security controls on Zscaler means that critical real-time applications, SaaS platforms, and data center-hosted applications have priority over other traffic, such as media streaming services, which could consume the bandwidth of the branch office circuits.

    Moreover, by consolidating on the EdgeConnect platform to enable a SASE architecture with Zscaler cloud-delivered security, Cushman & Wakefield expect OpEx savings of $1.5 million per year.

    Aligning Network Resources With Application Requirements

    Through the Aruba Orchestrator management console, Butcher and his team centrally configure and define business intent overlays for different classes of applications, each with a specific QoS policy to ensure each application class is afforded the network resources it needs to perform optimally.

    For example, Skype for Business and Microsoft Teams is classified as “real time” and given top priority for local internet breakout. Critical business applications such as SharePoint, Office 365, and other commonly used SaaS applications are classified as “SaaS,” which get the next highest priority. Less-critical applications fall into the business intent overlay classified as “default.”

    Centralized orchestration simplifies traffic control

    The centralized orchestration provided by Orchestrator also enables Butcher to dynamically steer traffic and apply consistent security policies by class of application.

    For example, IPsec tunnels are automatically configured to route internet and trusted SaaS applications out for inspection through the secure access service edge to the Zscaler Enforcement Zone (ZEN) that is closest to each branch location for security inspection. Similarly, Microsoft Office 365, Skype for Business, Microsoft Teams and SharePoint traffic is broken out directly from the branches to the nearest Microsoft application instance.

    Butcher says, “We can centrally define application classes and security policies, allowing the EdgeConnect appliances to intelligently make decisions on how to ideally route traffic. This allows us to get into the provider backbone networks at the nearest point of entry for each location, improving application performance and quality of the end-user experience.”

    In fact, this carefully orchestrated control over traffic flow and application prioritization, combined with SD-WAN network optimization, has improved application performance on average by 35 percent.

    Driving Higher Productivity and Customer Satisfaction

    With a single click within Orchestrator, Butcher and his team can also selectively apply Boost WAN optimization, whether to specific application classes or to locations where latency is an issue due to long distance.

    Butcher remarks, “With Aruba Boost, we’ve overcome latency challenges for accessing applications across continents with a 25 percent improvement in application usability. This enables us to deliver the best possible user experience.”

    Assured network resilience keeps the business up and running

    Butcher adds that the link redundancy and sub-millisecond failover between links ensures that applications remain up and running even if one of the links experiences congestion, a brownout, or complete outage.

    “EdgeConnect has done an amazing job of keeping our applications running and making sure the business doesn’t see any of the technical issues on the underlying transport services,” he says. “But I’m not just worried about the network connection staying up; I’m also worried about how the applications are performing. That’s why we’ve focused so much on application delivery.”

    The reason is that application performance directly affects end-user quality of experience and productivity, which ultimately has an impact on customer satisfaction.

    Butcher concludes, “By leveraging the EdgeConnect SD-WAN edge platform, we enable Cushman & Wakefield to collaborate effectively and efficiently between regions to service our multinational customers in a truly global way.”

    Read more

    We can centrally define application classes and security policies, allowing the EdgeConnect appliances to intelligently make decisions on how to ideally route traffic. This allows us to get into the provider backbone networks at the nearest point of entry for each location, improving application performance and quality.
    Chris Butcher, Platform Architect for Global Networks, Cloud and Perimeter Security, Cushman & Wakefield
  • Customer Profile

    Cushman & Wakefield is among the world’s largest real estate services firms with approximately 50,000 employees in 400 offices and 60 countries. In 2020, the firm had revenue of $7.8 billion across core services of property, facilities and project management, leasing, capital markets, valuation and other services.
    • Vertical: Real Estate Services
    • Location: Chicago, Illinois, United States
    • Customer size: Approximately 50,000 employees across 400 offices worldwide

    Use Case

    Accelerate application performance and improve quality of experience for global end-users by eliminating backhauling branch office traffic across expensive MPLS circuits

    Requirements

    • Connect global branches securely and directly to the cloud
    • Deliver predictable and consistent application performance worldwide
    • Enable consistent security policy enforcement
    • Provide application-aware traffic prioritization based on business need

    Outcomes

    • Improved application performance by 35 percent on average
    • Produced OpEx savings of $1.5 million per year
    • Increased application usability by 25 percent, improving productivity and quality of end-user experience
    • Delivered consistent security policy enforcement across all global locations
    • Enabled local breakout at branches to cloud and SaaS applications

    Cushman & Wakefield has grown dramatically through mergers and acquisitions, which created complexity in its wide-area network (WAN). All application traffic was backhauled to regional data centers, making the WAN a huge bottleneck, which resulted in slow application performance and a poor end-user experience.

    The solution was a cloud-first strategy, led by SD-WAN. Chris Butcher, platform architect for global networks, cloud and perimeter security, explains, “SD-WAN could connect all our branch locations securely and directly to the cloud, with full resiliency and assurance of predictable and consistent application performance. It just made good business sense.”

    Enabling An Application-Aware Architecture

    Cushman & Wakefield considered a number of SD-WAN solutions, but the Aruba EdgeConnect SD-WAN edge platform stood out from the others by enabling a business-driven WAN architecture — a key strategic requirement.

    Butcher notes, “In a modern-day network, it’s not just about connectivity, it’s about providing prioritization and decision-making on where you send traffic based on specific application requirements. Having an application-aware SD-WAN platform at the edge allows us to tightly align our network with our business requirements.”

    Standardizing On EdgeConnect Globally

    The company deployed the EdgeConnect platform across 220 of its business locations—a total of 377 EdgeConnect appliances, with some sites configured for high availability—including all branch offices and eight data centers in four regions of the world. MPLS is being decommissioned and replaced with dual broadband links terminated on each EdgeConnect appliance.

    The EdgeConnect platform is now the standard WAN edge solution for Cushman & Wakefield, providing application-based routing, traffic filtering, and comprehensive SD-WAN capabilities such as path conditioning, quality of service (QoS), and dynamic path control. The company also takes advantage of the optional Aruba Boost WAN optimization performance pack to accelerate applications across continents.

    Cloud-delivered security for local internet breakout

    Cushman & Wakefield also built a secure access service edge (SASE), leveraging the automated integration between the EdgeConnect platform and Zscaler cloud-delivered security. This provides each location with local internet breakout while enforcing security controls over traffic flow.

    For example, applying QoS policies on EdgeConnect and security controls on Zscaler means that critical real-time applications, SaaS platforms, and data center-hosted applications have priority over other traffic, such as media streaming services, which could consume the bandwidth of the branch office circuits.

    Moreover, by consolidating on the EdgeConnect platform to enable a SASE architecture with Zscaler cloud-delivered security, Cushman & Wakefield expect OpEx savings of $1.5 million per year.

    Aligning Network Resources With Application Requirements

    Through the Aruba Orchestrator management console, Butcher and his team centrally configure and define business intent overlays for different classes of applications, each with a specific QoS policy to ensure each application class is afforded the network resources it needs to perform optimally.

    For example, Skype for Business and Microsoft Teams is classified as “real time” and given top priority for local internet breakout. Critical business applications such as SharePoint, Office 365, and other commonly used SaaS applications are classified as “SaaS,” which get the next highest priority. Less-critical applications fall into the business intent overlay classified as “default.”

    Centralized orchestration simplifies traffic control

    The centralized orchestration provided by Orchestrator also enables Butcher to dynamically steer traffic and apply consistent security policies by class of application.

    For example, IPsec tunnels are automatically configured to route internet and trusted SaaS applications out for inspection through the secure access service edge to the Zscaler Enforcement Zone (ZEN) that is closest to each branch location for security inspection. Similarly, Microsoft Office 365, Skype for Business, Microsoft Teams and SharePoint traffic is broken out directly from the branches to the nearest Microsoft application instance.

    Butcher says, “We can centrally define application classes and security policies, allowing the EdgeConnect appliances to intelligently make decisions on how to ideally route traffic. This allows us to get into the provider backbone networks at the nearest point of entry for each location, improving application performance and quality of the end-user experience.”

    In fact, this carefully orchestrated control over traffic flow and application prioritization, combined with SD-WAN network optimization, has improved application performance on average by 35 percent.

    Driving Higher Productivity and Customer Satisfaction

    With a single click within Orchestrator, Butcher and his team can also selectively apply Boost WAN optimization, whether to specific application classes or to locations where latency is an issue due to long distance.

    Butcher remarks, “With Aruba Boost, we’ve overcome latency challenges for accessing applications across continents with a 25 percent improvement in application usability. This enables us to deliver the best possible user experience.”

    Assured network resilience keeps the business up and running

    Butcher adds that the link redundancy and sub-millisecond failover between links ensures that applications remain up and running even if one of the links experiences congestion, a brownout, or complete outage.

    “EdgeConnect has done an amazing job of keeping our applications running and making sure the business doesn’t see any of the technical issues on the underlying transport services,” he says. “But I’m not just worried about the network connection staying up; I’m also worried about how the applications are performing. That’s why we’ve focused so much on application delivery.”

    The reason is that application performance directly affects end-user quality of experience and productivity, which ultimately has an impact on customer satisfaction.

    Butcher concludes, “By leveraging the EdgeConnect SD-WAN edge platform, we enable Cushman & Wakefield to collaborate effectively and efficiently between regions to service our multinational customers in a truly global way.”

    We can centrally define application classes and security policies, allowing the EdgeConnect appliances to intelligently make decisions on how to ideally route traffic. This allows us to get into the provider backbone networks at the nearest point of entry for each location, improving application performance and quality.
    Chris Butcher, Platform Architect for Global Networks, Cloud and Perimeter Security, Cushman & Wakefield