Global MPLS Limits Centrient
As with many enterprises, the IT team at DSM Centrient Pharmaceuticals grew tired of the limitations of MPLS. Performance across the company’s 10-site, global network was for the most part “solid,” says Matthieu Cijsouw Global IT Manager at Centrient. But as the applications’ capacity requirements grew, increasingly the MPLS service was becoming congested.
“Users noticed that MPLS was slow. It took a long time for them to open documents,” he says.
The high cost of MPLS bandwidth made upgrading global bandwidth unrealistic. “MPLS was about 4x more than Cato for a quarter of the bandwidth,” he says.
And bandwidth wasn’t the only problem. Agility was also limiting Centrient. It typically took him three to four months to move a location, a bit faster in Europe. “One time, we needed to move a sales office, and the MPLS connection was simply not ready in time. It led to operational issues and difficult workarounds,” he says, “Needless to say that was not appreciated by the business.”
Centrient Evaluates SD-WAN Alternatives
As his MPLS contract came up for renewal, Cijsouw started looking into SD-WAN. A technology partner recommended a combination of SD-WAN appliances, firewalls, and secure web gateways (SWG). But Cijsouw thought the solution would be too complex and was troubled by the dependence on the Internet middle-mile. “Internet performance from many regions, particularly China mainland, fluctuates significantly during the day,” he says, “we wanted a middle-mile solution.”
Global SD-WAN service providers, such as Cato, replace MPLS (and the Internet middle-mile) with an affordable MPLS alternative. The Cato Cloud Network is a global, geographically distributed, SLA-backed network of PoPs, interconnected by multiple tier-1 IP backbones. Cato dynamically selects the optimum IP backbone for every packet giving Cato Cloud better performance and uptime than any one of the underlying networks.
But while Cato Cloud provides global connectivity at Internet-like prices that’s not the case for every global SD-WAN service provider. “The other provider’s service would have meant spending around 2x more than with the Cato solution and still not get any of the security services Cato offers.”
After meeting with the Cato team, he decided to run a proof of concept (PoC). Cato Sockets, Cato’s zero-touch, SD-WAN appliances, were installed in three locations alongside the existing MPLS circuits. Firewall rules steered traffic from specific hosts onto the Cato Cloud. “We did load balancing, failover tests, and load tests and Cato passed them all,” he says.
During the next phase, he put a production load on Cato Cloud to see if there would be any hiccups. Not only weren’t there any problems, but users noticed that applications were even more responsive, he says.
Like many enterprises, there was initially some concern about moving the global backbone to a startup. “For a pharmaceutical company, it’s not very normal,” says Cijsouw. He convinced management of the Cato Cloud’s value and showed how he could minimize risk.
“We migrated to Cato in stages, gaining confidence along the way,” he says, “Even with a full deployment, I can bring up a global, site-to-site VPN in two hours should something happen, but I don’t see that as a concern. Not only does Cato Cloud perform well, but the support Cato offers is insanely great. I never experienced such a fast response.”
Centrient Switches from MPLS to Cato Cloud
In the end, he decided to move all MPLS locations to Cato Cloud. “It only took us about a month,” Cijsouw says, “The actual cutover was done in 30 minutes.”
Most locations had been equipped with 6 Mbits/s MPLS connections. He replaced those with two, and in some cases, three local Internet connections for an aggregate capacity of 20 Mbits/s per site, burstable to 40 Mbits/s. Datacenter capacity is even higher, up to 50 Mbits/s, burstable to 100 Mbits/s — enough for current usage.
The additional connections were dual-homed for maximum availability. To ensure complete redundancy in the physical layers (including wiring and ducting), Cijsouw followed best practices and connected sites to the Internet with separate technologies — typically glass fiber and radio connections.
Not only has he reduced his costs, but with more capacity, his applications continue to perform as well, if not better, than with MPLS. “The voice quality of Skype for Business over Cato Cloud has been about the same as with MPLS but, of course, at a fraction of the cost”, he says. “In fact, if we measure it, the packet loss and latency figures appear to be even better.”
His connections into China also work equally or “even better” than with MPLS, he says.
And with Cato Cloud, he gained greater visibility into his network. The reporting is very “accessible” with detailed statistics on line usage, he says.
A More Agile Future With Cato Cloud
As Cijsouw looks ahead, Cato Cloud will afford him flexibility — and negotiating strength — in other areas of his network. His firewall appliances, for example, are coming up for renewal in a year. Besides providing site security, they also serve as his mobile access solution. With Cato Security Services and Cato’s mobile client bundled with Cato Cloud, he could replace both and save on licensing and operational costs. “Today, we outsource firewall maintenance for about 25 percent of our networking budget,” he says, “With Cato that wouldn’t be necessary.”
Overall, how would he summarize his Cato experience? “It’s been really excellent,” he says. “Product delivery, support have all been there. With Cato Cloud, not only did I receive a more agile infrastructure, but I also received an agile partner who can keep up with my needs. We operate faster because of Cato.”