Performance and Complexity Problems Complicate Internet-based VPNs
Internet-based VPNs might be an inexpensive alternative to MPLS, but that doesn’t make them a good MPLS replacement. Unpredictable performance and complexity are some of their challenges, just ask W&W-AFCO Steel.
The structural steel fabricator had connected its US locations, India office, and ad hoc project teams with an Internet VPN. But as W&W-AFCO Steel grew, the Internet-based VPN become increasingly ineffective. “In some cases, our mobile users found that network services, such as a simple network scan to file, didn’t work, and in other cases, like with network printing and virtualization, services simply weren’t available,” says Todd Park, Vice President of Information Technology at W&W-AFCO Steel.
The problem? Internet latency was often too high for the virtual desktop infrastructure (VDI), such as Citrix XenDesktop. “By the time our users hit an internal network service, they were experiencing on average, 150 milliseconds of delay,” he says. According to Park, VDI starts to have user experience issues at that point.
And users weren’t the only ones suffering. “Our help desk was constantly fielding calls from dissatisfied end users,” he says. Operations was also complicated by locations with different firewall configurations. Park and his team tried the firewall provider’s management software, “but it never seemed to work for us,” he says.
The firewalls also lacked certain key edge features. Without prioritization, web browsing could interfere with the performance of business applications, for example. Internet failover was supported but very complicated to configure, he says.
W&W-AFCO Steel Replaces VPNs and Firewalls with Cato Cloud
Park tried MPLS, but costs were too high and a poor fit for connecting small, dynamic project teams. Instead, he turned to SD-WAN. He started with investigating SD-WAN appliances but found the costs to also be too high. “The maintenance on the SD-WAN appliances alone was about the cost of Cato Cloud — and that doesn’t include the capital expense of purchasing the SD-WAN appliance.”
The other problem? None of the SD-WAN appliance-based solutions included integrated security services or mobile access. W&W-AFCO Steel would have to continue using separate tools for connecting and securing users and locations. With more tools, comes greater complexity and less visibility.
That’s when Park turned to Cato. Cato Cloud connects and secures offices, mobile users, and cloud resources into one seamless global network. Cato replaces the need for MPLS, mobile VPN, and the stacks of security appliances and tools.
Cato provided W&W-AFCO Steel with a more agile infrastructure. “Cato firewall is much easier to manage than a traditional firewall and the mobile client was much easier to deploy and configure than our existing approach,” he says.
Failover configuration was also “not as painful” as with his firewall. “We didn’t have to worry about configuring IP addresses, VPN connections or anything. It just worked,” he says.
Network performance is also much improved. Latency averages “50 to 70 milliseconds,” he says, That’s as much as a 75 percent improvement. And with Cato, Park can block web browsing, downloads or any other application from interfering with site performance.
As Cato Cloud provides detailed metrics about users and locations, Park can better hold his network vendors accountable. “It really helps you go past layer-1 support and get to layer-2 support,” he says.
“We had one location in California where our cable modem was more down than up. The provider wouldn’t take responsibility for the problem. But with Cato, I was able to show them the graphs of dropped packets. Hard to argue with that.”
Support hasn’t been an issue with Cato. “They’re a pretty responsive bunch and are very upfront as to what they can and cannot do,” he says, “It’s a relief, actually. So often that’s not been the case when I’ve dealt with a vendor. I understand any deployment has technology issues, but I don’t want to be misled about capabilities.”
Better Agility is the Bottom Line
Looking ahead, Park expects to eliminate MPLS completely once the contract expires and move his remaining locations to Cato Cloud.
Has there been a hard dollar cost saving? “I believe so,” he says, but that misses the point. “The real value came in the improvements our users and we, in IT, experienced with Cato,” he says.