Answering the Top Questions About SASE Asked by IT Professionals
J., information technology manager, works for one of the world’s leading manufacturers and marketers of consumer goods. The company has more than 30 manufacturing plants in the Middle East, Europe and the U.S., with offices across the globe. He has more than 20 years of experience in network security and information management, and specializes in enterprise infrastructure, security and project management. His professional certifications include: certified information security manager (CISM), certified information systems security professional (CISSP), certified information systems auditor (CISA).
The WAN for J.’s company is based on full mesh VPN tunnels over the internet between commercial firewalls. All enterprise locations were backhauling traffic over the internet to a datacenter that hosts an internal SAP instance. The company was moving to SAP Hana Enterprise Cloud (HEC) in Germany, which required the backhauling approach to be re-engineered. Connecting to the SAP HEC instance was enabled using 2 IPSEC tunnels, so a full mesh configuration was only possible by deploying a new firewall cluster in the SAP HEC datacenter.
The company faced substantial costs and risks to support this configuration:
- Buying, configuring and deploying a high-end firewall cluster in a SAP HEC datacenter (an uncommon scenario)
- Providing 24X7, in-country support and maintenance of the new firewalls given their role as a global gateway to the critical SAP instance.
This scenario created an unacceptable risk to the company’s operations due to the introduction of a new, unmanaged, network security element.
“The current WAN architecture could not handle the SAP migration and we needed a solution that was affordable, didn’t require a lot of internal resources, and could be operational in two weeks in order to keep the project on track,” he says.
The SAP project team was searching for a solution. After a visit to Cato’s website, the team met with Cato and was won over by the solution’s architecture, gradual deployment process, network configuration flexibility and 24/7 customer support. Like with choosing any new vendor, he expected that there would be problems – especially since Cato was given such a short window to deploy.
Cato proposed a phased approach
- Establish IPSEC tunnels from each of the company’s firewalls to the Cato Cloud.
- Connect the SAP HEC instance to the Cato Cloud, without the need for a new firewall cluster
- Connect other cloud datacenters (AWS and Azure) to the Cato Cloud
The company’s WAN was reestablished in the Cato Cloud, enabling point-to-point connectivity without the need for a full site-to-site mesh, and delivered the benefits of Cato’s low-latency backbone. The team was very professional and the job was completed on schedule.
The customer is particularly happy with Cato’s customer service and support, both during and after the project. There were minor issues with configurations at the start of the project, but the support team was very responsive and solved the issues in record time. It is because of this level of attention and service that he and the IT team have complete confidence in building a long-term relationship with Cato.
The customer points out that “Cato delivered on what it promised us at the start of the project. We are running a mission critical, global enterprise network on Cato. It just works.”
The IT team is seeing a substantial upside to the Cato deployment: “We are maintaining 30 firewalls in our remote locations primarily as connectivity devices, but also for internet security. We can eliminate these firewalls using Cato Sockets and maintain a centralized policy and security capabilities. This option gives us substantial cost savings in hardware refreshes and software licenses. We have already initiated a replacement of the first four firewalls. We expect to finish this process in the next 12 months.”
Additionally, the customer is considering using Cato for mobile VPN access and IoT initiatives noting that “Cato enables us to connect all parts of our business into a common networking and security platform This is a great relief, compared with the mix of technologies and solutions we had to use before. I can see why many enterprises will find Cato’s platform compelling to make their infrastructure more cost effective and easier to manage.”
“Technology executives within established organizations are often afraid to make bold moves, like replacing the network architecture they’ve relied upon for 20 years. We moved our WAN to Cato because my organization’s strategic ERP application was moved to the cloud, and our legacy WAN was too rigid to support that move and meet the project timeline. With Cato we were able to address the immediate business need, on time and under budget, and now have a platform to further optimize our networking and security infrastructure”