Geosyntec Connects 60+ Locations, Improves VoIP and Remote Access Punch with Cato Cloud
How to Deploy Skype for Business Without MPLS
Collaboration is essential to most enterprises, but the voice and video collaboration are too sensitive to route over the Internet and scaling up an MPLS can be very costly. What can IT leaders do without increasing their networking costs? That was the challenge facing Edo Nakdimon, senior IT manager at Geosyntec Consultants
The environmental consulting service had relied on MPLS service to connect 67 offices across North America with T1 (1.544 Mbits/s) connections. Geosyntec initially ran voice over MPLS using Cisco CallManager in its datacenter. Routers at the branch offices provided local breakout sending voice traffic across the MPLS circuit and the rest of the traffic across the Internet.
“Enabling voice, video chatting and other collaboration services over a single T1 lines it’s like trying to push an elephant through a pinhole”
“Enabling voice, video chatting and other collaboration services over a single T1 lines it’s like trying to push an elephant through a pinhole,” says Nakdimon, “ For optimal experience, we knew we had to either scale up our existing solution or rearchitect our Wide Area Network environment. Without the proper network design traffic such as voice and video will suffer.”
Collaboration, though, wasn’t the only application that concerned him. The company’s consultants rely on Geographic Information System (GIS) software and CAD for their work. The GIS project files were stored on servers in the respective Geosyntec offices. However, the consultants often had to open files in remote offices, pulling the large files across the DMVPN connections. “If there’s any latency, if there’s any lag, we’re going to hear about it,” says Nakdimon.
He decided to migrate to Skype for Business and replace the MPLS service with a network architecture that could address all of his application needs.
Cato Meets Geosyntec’s ‘Ever Evolving’ Needs
Nakdimon initially investigated traditional SD-WAN offerings but was skeptical of vendor claims that they could maintain quality of service (QoS) across the Internet. “I don’t care what any SD-WAN provider will tell me; I don’t care what any network engineer will tell me. They can’t guarantee markings will pass over the public Internet across multiple internet service providers,” he says. “Once traffic leaves the endpoint, it’s beyond the vendor’s control. This is just the way it works.”
Cato distinguished itself because its SD-WAN devices connect to Cato’s global, private backbone. And with more than 50 points of presence (PoPs) across the globe, Cato as located near Geosyntec’s strategic locations. These factors ensured Cato could provide the QoS Geosyntec requires. “I looked and saw that Cato’s SD-WAN devices were connecting to its private network and thought that was ‘perfect.’ It’s exactly what I wanted,” he says.
Nakdimon conducted a PoC, and “everything worked great,” he says. There was no comparison between MPLS’s T1 connection and the 25 Mbits/s connections he used with Cato. Since then, he’s rolled out Cato across all of his North American locations, replacing MPLS with Cato’s Secure Access Service Edge (SASE) platform.
As an early Cato adopter, Geosyntec experienced some “growing pains,” he said. He points to problems with firmware upgrades to the Cato Socket, Cato’s SD-WAN device, as an example, which needed to be addressed. “I generally found Cato support to be quick and responsive,” he says. “Once that was done, we have so far no complaints. If you have complaints, typically it was not on the network side. We’ve been very happy so far,” Nakdimon says.
“Day-by-day needs and requirements are changing, and at Geosyntec, we need to constantly research options to meet those ongoing changes and requirements. Cato provides us with a platform for delivering the networking and security capabilities that help our users increase their productivity while allowing our network engineers to concentrate on other projects by reducing the management time and overhead.”
Gradually Nakdimon has expanded beyond MPLS replacement, activating other Cato capabilities, such as Cato security services, to protect branch offices. “Networking is ever-evolving,” says Nakdimon. “Day-by-day needs and requirements are changing, and at Geosyntec, we need to constantly research options to meet those ongoing changes and requirements. Cato provides us with a platform for delivering the networking and security capabilities that help our users increase their productivity while allowing our network engineers to concentrate on other projects by reducing the management time and overhead.”
Cato SDP Solves Global Geosyntec’s Remote Access Challenge
Remote access has been another service Nakdimon activated for his users. Like many enterprises, Geosyntec faced the challenges of widespread remote access posed by the COVID-19 pandemic. And while Nakdimon had already planned to deploy Cato SDP (Software Defined Perimeter), Cato’s remote access solution, before the pandemic. “Corona was just an added reason for me to roll it out,” Nakdimon says.
“We utilize a few different VPN technologies. With the COVID-19 pandemic on the rise, many of our users began to work remotely. Our VPN traffic spiked, in some cases, hitting the limits of our VPN servers”
Nakdimon accelerated his Cato remote access adoption in part because of the scalability issues of his VPN servers. “We utilize a few different VPN technologies. With the COVID-19 pandemic on the rise, many of our users began to work remotely. Our VPN traffic spiked, in some cases, hitting the limits of our VPN servers,” Nakdimon says.
Not only was scaling VPN servers a problem, but so was performance. Users initially connected to a VPN server in a Geosyntec location but continued to send data through those offices even when accessing data in a different location, introducing latency and bottleneck issues.
Instead, he deployed client-based Cato SDP, equipping remote users with more than 1200 users with Cato’s Mobile Client. “Deployment was quick. In a matter of 30 minutes, we configured the Cato mobile solution with single-sign-on (SSO) based on our Azure AD,” he says.
“We found that we could reduce network overhead and eliminate bottlenecks for remote users. By connecting them directly to Cato, we eliminated unnecessary hops across the public Internet core.”
By running the Cato Mobile Client, users are automatically connected to the nearest Cato PoP, bringing them the full benefits of Cato’s security services and network optimization. “Cato SDP extends the QoS and network policies in our SD-WAN, to our remote users,” he says, “We found that we could reduce network overhead and eliminate bottlenecks for remote users. By connecting them directly to Cato, we eliminated unnecessary hops across the public Internet core.”
In addition, Nakdimon was able to deliver additional security to remote users. “The easily deployed [single sign-on] and web filtering integration provided us additional layers of security for our remote users,” says Nakdimon. “The Cato remote access solution is simple to deploy, yet robust. It improved our employees’ ability to securely and productively work remotely.”
Geosyntec Looks Ahead with Cato
Looking ahead, Nakdimon hopes to replace its branch firewalls and routers with Cato security services.
Overall, Geosyntec credits Cato solutions with streamlining WAN connectivity, remote access, augmenting security, and providing a high degree of user satisfaction, Nakdimon says.
“My team and I received many emails from employees saying this is the best experience they have had out of all the VPN clients,” Nakdimon says. “They email me. They’re thrilled. And if users are happy, management is happy.”