Leveraging AWS to Reduce Latency in Microsoft365 for Global Organization

Challenges

Vandis’ engineering team was engaged to develop an automated solution that would enable a large enterprise organization to migrate to Microsoft 365. The organization had an existing proxy server environment in their regional hub data centers that were not able to handle the traffic bound for Microsoft 365. Vandis was engaged to determine how to either tune the proxy or create a methodology to directly route the M365 traffic to the closest Microsoft CDN. The organization’s primary goal was to reduce user latency in Microsoft 365 whether the user was in a local office, remote office, or working from home.  Additional goals were to have a solution that was fully automated and had low maintenance overhead. 

Solution

Based on the organization’s requirements, the Vandis team designed an automated platform leveraging the AWS stack for the creation and global distribution of proxy auto-config (PAC) files. Once presented with the proof-of-concept, the client included the following PAC file criteria: 

• Real time updates for their global infrastructure as well as Microsoft’s rotating classless inter-domain routing (CIDR) and fully qualified domain name (FQDN) ranges 
• Enforcement of single tenant Isolation whether the user is on premise or remote anywhere in the world 
• Geographic IP Awareness for employees distributed across the globe, ensuring all Microsoft 365 traffic takes the most efficient route to M365 

Vandis leveraged AWS Cloudfront, Lambda@Edge, and S3 Storage buckets to automate the packaging and deployment of the dynamic PAC file. Working with the customer’s Active Directory team, Vandis created a Microsoft Group Policy to inform the endpoints where to pick-up their new PAC file. The customer was thrilled to see the performance gains that the PAC file provided during the testing phase and approved a Vandis-assisted multi-step global rollout to all the endpoints in the organization.  

Results

The global rollout allowed the client to automate their proxy bypass with Microsoft’s Dynamic DNS changes, decreasing the load on their proxy environment and increasing the performance of Microsoft 365 leveraging a modern DevOps approach powered by AWS to enhance dated technology. With this new architecture in place, the customer saw a 90% reduction in user latency.  
 
As is standard DevOps best practice, the entire stack is run through a secure change control system with a controlled CI/CD architecture. The organization was so happy with the performance of Microsoft 365 that they decided to expand the usage of the PAC files and AWS to enhance the performance of Zoom, GoToMeeting, and WebEx.