W&W-AFCO Steel Improves Citrix and Simplifies Security with Cato Cloud

One of the largest steel fabricators in North America, W&W-AFCO Steel LLC is headquartered in Oklahoma City, Oklahoma. Prior to deploying Cato, the company’s 1,500 employees were spread across 15 locations, 14 in the US and 1 in India, connected by Internet-based VPNs. Firewall appliances at seven manufacturing plants and engineering offices established site-to-site VPNs across direct Internet access (DIA) lines to the headquarters. One of those locations also connected with three additional manufacturing sites via MPLS. Four construction projects had open Internet access where the users ran a mix of Citrix XenDesktop, Outlook Anywhere, mobile VPN for accessing internal applications, and Microsoft Office 365. All company servers and workloads, including the Citrix infrastructure, ran in the headquarters.

  • Performance and Complexity Problems Complicate Internet-based VPNs

    Internet-based VPNs might be an inexpensive alternative to MPLS, but that doesn’t make them a good MPLS replacement. Unpredictable performance and complexity are some of their challenges, just ask W&W-AFCO Steel.

    The structural steel fabricator had connected its US locations, India office, and ad hoc project teams with an Internet VPN. But as W&W-AFCO Steel grew, the Internet-based VPN become increasingly ineffective. “In some cases, our mobile users found that network services, such as a simple network scan to file, didn’t work, and in other cases, like with network printing and virtualization, services simply weren’t available,” says Todd Park, Vice President of Information Technology at W&W-AFCO Steel.

    The problem? Internet latency was often too high for the virtual desktop infrastructure (VDI), such as Citrix XenDesktop. “By the time our users hit an internal network service, they were experiencing on average, 150 milliseconds of delay,” he says. According to Park, VDI starts to have user experience issues at that point.

    And users weren’t the only ones suffering. “Our help desk was constantly fielding calls from dissatisfied end users,” he says. Operations was also complicated by locations with different firewall configurations. Park and his team tried the firewall provider’s management software, “but it never seemed to work for us,” he says.

    The firewalls also lacked certain key edge features. Without prioritization, web browsing could interfere with the performance of business applications, for example. Internet failover was supported but very complicated to configure, he says.

  • W&W-AFCO Steel Replaces VPNs and Firewalls with Cato Cloud

    Park tried MPLS, but costs were too high and a poor fit for connecting small, dynamic project teams. Instead, he turned to SD-WAN. He started with investigating SD-WAN appliances but found the costs to also be too high. “The maintenance on the SD-WAN appliances alone was about the cost of Cato Cloud — and that doesn’t include the capital expense of purchasing the SD-WAN appliance.”

    The other problem? None of the SD-WAN appliance-based solutions included integrated security services or mobile access. W&W-AFCO Steel would have to continue using separate tools for connecting and securing users and locations. With more tools, comes greater complexity and less visibility.

    That’s when Park turned to Cato. Cato Cloud connects and secures offices, mobile users, and cloud resources into one seamless global network. Cato replaces the need for MPLS, mobile VPN, and the stacks of security appliances and tools.

    Cato Management Application
    The Cato Management Application provides a bird’s-eye view of a company’s network

    Cato provided W&W-AFCO Steel with a more agile infrastructure. “Cato firewall is much easier to manage than a traditional firewall and the mobile client was much easier to deploy and configure than our existing approach,” he says.

    Failover configuration was also “not as painful” as with his firewall. “We didn’t have to worry about configuring IP addresses, VPN connections or anything. It just worked,” he says.

    Network performance is also much improved. Latency averages “50 to 70 milliseconds,” he says, That’s as much as a 75 percent improvement. And with Cato, Park can block web browsing, downloads or any other application from interfering with site performance.

    As Cato Cloud provides detailed metrics about users and locations, Park can better hold his network vendors accountable. “It really helps you go past layer-1 support and get to layer-2 support,” he says.

    analytics from the Cato Management Application
    With detailed analytics from the Cato Management Application, IT gains full visibility into network activities

    “We had one location in California where our cable modem was more down than up. The provider wouldn’t take responsibility for the problem. But with Cato, I was able to show them the graphs of dropped packets. Hard to argue with that.”

    Support hasn’t been an issue with Cato. “They’re a pretty responsive bunch and are very upfront as to what they can and cannot do,” he says, “It’s a relief, actually. So often that’s not been the case when I’ve dealt with a vendor. I understand any deployment has technology issues, but I don’t want to be misled about capabilities.”

  • Better Agility is the Bottom Line

    Looking ahead, Park expects to eliminate MPLS completely once the contract expires and move his remaining locations to Cato Cloud.

    Has there been a hard dollar cost saving? “I believe so,” he says, but that misses the point. “The real value came in the improvements our users and we, in IT, experienced with Cato,” he says.

Loading...