Paysafe Fixes Active Directory, Improves Throughput, and Reduces Costs By Converging MPLS and Internet-based VPN onto Cato Cloud


With executives started to complain about being unable to access corporate resources when visiting other company offices, the IT team at Paysafe knew the time was ripe for WAN transformation. Those complaints were just the symptom of the costs and complexity that had developed around their global network architecture.

Paysafe is a leading global provider of end-to-end payment solutions. The company has over 2,600 employees in 21 locations around the world. Over the years, mergers and acquisitions (M&As) had left Paysafe with a mix of offices connected by MPLS and Internet-based VPNs.

And it was that mix of backbone technologies that contributed to Paysafe’s access problems. The company depended on local Active Directory (AD) servers at the locations for managing permissions to applications and other corporate resources. Yet for AD to work, the servers had to replicate their data between one another. But without a fully mesh connecting all locations, AD operation became erratic with updates from the distributed AD domain controllers propagating too slowly, if at all. Users found themselves locked out of some accounts in one location but not another, explains Stuart Gall, Infrastructure Architect in Paysafe’s Network and Systems Group.

But neither Internet-based VPN nor MPLS were suitable for connecting all locations. Establishing a fully-meshed Internet-based VPN was too complicated too configure. It would have meant figuring 210 tunnels, says Stuart, requiring far too much time to build and monitor.

MPLS was no better. The costs were too high for many locations and then there was a lack of agility. “Deploying MPLS sites was a nightmare. Depending on where you are in the world, you could require two to three months of lead time,” he says.

Instead, users ended up relying on the company’s mobile VPN solution while within their own offices, something that just didn’t sit right with Stuart. “Users might just accept that as normal, but as an engineer, I know we need to be better,” he says, “We need to go that extra mile; we need that ‘wow factor.’”

SD-WAN was the logical option and Stuart ended up evaluating the leading SD-WAN appliances and services, including Cato Cloud. “The biggest eye-opener for me was that there are two completely different technology architectures called ‘SD-WAN,’” he says. “Some don’t provide the infrastructure, only doing intelligent routing over your own network or the Internet, while others include the infrastructure.”

For him, the answer was obvious. “We didn’t want a routing management solution; we wanted a core network with lower latency.”

Stuart evaluated other competing SD-WAN services besides Cato but had concerns about costs, security, availability, and management. “One global SD-WAN service provider was twice as expensive as Cato,” he says.

Stuart also preferred how Cato enrolled new locations. “The way the other SD-WAN service provider handled security was appalling,” he says. “Cato’s security background comes through.”

Cato had other advantages as well, such as availability. “In the worst-case scenario, if there were a countrywide outage, my Cato locations would automatically reconnect to the closest point-of-presence (PoP). Latency might be screwy, but at least we’d have connectivity. The other provider? Its locations would be down and require provider intervention to fix.”

With Cato, Stuart can monitor, manage, and troubleshoot outages and problems himself. “The other SD-WAN service was managed only by the provider. There’s a nice visibility console but no control. Any changes require opening trouble tickets with the provider; it’s very carrier-like. With Cato, we can fully manage the SD-WAN ourselves or tap its support.”

Stuart decided to converge his MPLS and Internet-based VPN networks into Cato Cloud.  With Cato, he received MPLS-like performance at Internet-like prices. “With Cato,” says Stuart, “we connected our twenty-one sites and still saved 30% on costs compared to our six-site, MPLS network.”

To learn more about how Paysafe adopted Cato’s secure cloud-based SD-WAN as an affordable MPLS alternative, read the full  case study here.

Related Topics

Related Articles