Small Offices: The Achilles Heel of Enterprise Networking
Sometimes it’s the little things in networking that are the most painful. It’s one thing to connect up a headquarters or large regional offices; the sheer number of users can often justify investing in the newest technologies. But small offices are another matter. How do you provide remote two-person offices with the same responsive, easy-to-use network experience as the corporate headquarters without purchasing an expensive, managed MPLS service? That was the challenge facing the Sanne Group.
Many of the company’s remote locations began as small offices making MPLS cost prohibitive. Instead, access was a combination of a small firewall appliance, Internet broadband, and equipping users with Citrix Virtual Desktop Infrastructure (VDI). Users would log into their computers, connect to a public-facing Citrix site, authenticate with dual-factor authentication, and only then gain access to their Citrix desktops. Not quite as simple as connecting to a local server, perhaps, but the best possible and most manageable approach.
Still, as offices grew, the limitations of such an approach became more apparent. For the most part, Citrix worked fine, but there were challenges. Printing was an issue. Users often assumed the remote desktop behaved like their local PC and printed heavys PDF that would take “forever,” says Nathan Trevor, Sanne Group’s IT Director.
Remote desktop architectures are also sensitive to latency and packet loss. Those performance constraints pose a problem for global Internet connections. Often traffic from Sanne Group’s Hong Kong office, for example, would take 12 to 15 hops to reach the UK. “With the Internet, we could take a fast route one day and the next day be sent around the globe,” he says
For nearby offices, Internet routing might not have mattered. “But at 6,000 kilometers your connections are very sensitive. Any packet loss or latency changes will impact throughput,” he says. The Asia-Pacific sites would often run smoothly, at least until 9 am UK time. But when UK business got going “their performance would grind to halt.”
Beyond application performance, there was also the problem of site availability. Many offices were equipped with dual Internet connections in active/passive mode. “If there was an outage, a person in the office had to do a manual switchover,” says Trevor.
And troubleshooting those outages became complicated by the lack of visibility. “In Hong Kong, for example, we had no analytics. Often, by the time we could get an engineer on-site, the problem would disappear,” says Trevor, “It was like trying to run a network with your hands tied behind your back.”
Sanne Group Tries MPLS
About two years ago, Sanne Group acquired an office with 150 users in Cape Town. MPLS seemed like the obvious answer. “For a single MPLS circuit from Cape Town to Jersey, the provider quoted us 180,000 pounds (more than $250,000) per year for three years,” says Trevor.
The circuit guaranteed Sanne Group 10 Mbits/s access with bursting up to 100 Mbits/s. SLAs were not provided but a percentage credit was issued on the length of an outage. In addition, the telco who provided the MPLS circuit required 90 days to install the circuit in Cape Town.
“If you factor in the other issues with getting the Cape Town office up and running that would be a total of 120 days to connect the site — far too long for us,” he says. At the time, though, his options were limited. He deployed MPLS knowing well that a better solution had to be found.
Sanne Group Replaces SD-WAN Appliance Complexity for Cato Cloud Simplicity
Trevor began investigating SD-WAN, first considering an SD-WAN appliance-based solution from another vendor,“IT professionals new to SD-WAN would definitely needed hand-holding,” he says, “Even with zero-touch provisioning (ZTP), configuration was complicated. The vendor had a GUI interface, but it wasn’t straightforward at all.”
Instead he turned to Cato Cloud. “It became clear early on that Cato Cloud was much simpler to deploy,” he says, “Just by looking at an early screen share I could understand how to connect my sites to Cato Cloud. And working with the people at Cato was much easier: the team offered us a POC over an extended period of time.”
The company quickly connected its locations to Cato Cloud, eliminating the mix of Internet and MPLS connections. Performance improved significantly. “Before we could see 250 ms of round-trip latency between Hong Kong and Guernsey. With Cato, latency decreased by nearly 20 percent” he says.
His network visibility has improved significantly. “Now I can open a Web browser and see the state of connectivity for every single site globally. I can even see down to a single person and how much bandwidth (s)he is using. Cato is powerful beyond belief.”
The user experience has also improved because of Cato. Previously, users had to authenticate twice to access Citrix — once when logging into their computers and again with dual-factor authentication when logging into Citrix. Now users only authenticate when logging into their computers. With Cato’s Active Directory integration, the submitted credentials allow Cato to provide access to the appropriate resources, including Sanne Group’s Citrix servers. Dual-factor authentication is available for mobile users through Cato’s mobile client.
“My users’ experience has become much simpler because of Cato,” says Trevor.
Cato Cloud: A Pot of Gold
Cato has saved the company “an absolute fortune,” he says. “I’d probably have to spend about 500,000 pounds for three years for an MPLS circuit of the same bandwidth from my Hong Kong office to the UK. “Instead, I’m spending just 18,000 pounds per year for direct Internet access (DIA) with local SLAs.”
And since costs are more affordable, he’s been able to increase redundancy, equipping locations with redundant connections. Cato Sockets, Cato’s zero-touch SD-WAN appliances, runs available connections in active/active, automatically failing over should there be a brownout or blackout.
“A lot of people I spoke with still think in terms of MPLS,” he says, “My view is that the business expects better things and MPLS simply doesn’t let you react quickly enough. Cato changes that equation completely.”