The Challenge: Poor Agility, Erratic WAN Performance
Suppliers to builders and other trades have had few choices for WAN connections among datacenter applications, warehouses, showrooms, and wholesalers. They could pay for expensive MPLS services, which could take months to deploy. Or, they could rely on more affordable but sometimes complex VPN connections, which are susceptible to the vagaries of the public Internet and so are not always consistent and reliable in terms of performance—until SASE came along.
With headquarters in High Wycombe, northwest of London, and 26 showrooms, wholesale, and retail branches throughout the Thames Valley, Grant and Stone previously relied on an IPsec site-to-site VPN mesh with 4G backup maintained by P&C Communications, an enterprise provider of voice and network solutions. Core business systems were hosted in a private cloud.
“Anything from a major Windows update to a massive file transfer could eat up our bandwidth and freeze the network.”
As with many VPN solutions, performance could be erratic. “We had very little visibility into the network or any ability to implement traffic control,” says Dave Oliver, Grant & Stone IT Manager. “Anything from a major Windows update to a massive file transfer could eat up our bandwidth and freeze the network.”
The complex mesh architecture also made onboarding new locations time-consuming. “We needed to add new branches quickly, within days or weeks, not months,” says Oliver.
A capital investment firm hired to steer the company’s growth performed a cyber audit, which found several security issues and made a number of recommendations. “The audit recommendations would have required us to put more edge security systems in place, making management even more complex than it already was,” says Oliver.
Remote access also relied on a single aging network VPN gateway, which was an obvious single point of failure and reaching the end of its life. “We needed a new redundant solution with seamless security and good performance to support our traveling staff when they met with customers on the road,” says Oliver.
Grant & Stone Launches its WAN Transformation
Oliver decided to work with P&C Solutions to transition to a more flexible WAN infrastructure that could onboard new sites faster in the case of acquisitions and expansion. He was also looking for WAN failover to 4G LTE to maintain the connection to the firm’s cloud-based merchant system, better network visibility and control, an easier way to fulfill audit recommendations, and a better way to manage remote access and onboard mobile and WFM workers. “Everyone needs fast 24 X 7 access to our systems for quotes and stock checking to continue selling products to our customers,’’ says Oliver.
“Everyone needs fast 24 X 7 access to our systems for quotes and stock checking to continue selling products to our customers.’’
Oliver had heard about the advantages of SASE and sought a SASE solution that would fulfill all his requirements. Together with P&C, he looked at several different options, but few could meet the company’s connectivity, security, redundancy, remote access, and management requirements. Some required deploying security appliances, which Oliver wanted to avoid.
Only Cato fulfilled all his requirements. Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS.
Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime; it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile users run across the same backbone, benefiting from the same optimization features, improving remote access performance.
Grant & Stone Taps Cato for Network Agility and Control
“P&C felt strongly that the Cato SASE solution would provide all the necessary services in an efficient, simple, all-in-one package,” says Oliver.
“We can gather information about circuit quality at each branch and get security alerts for quick remediation of attacks or malware infection. Best of all, we can see which applications and Web sites are using the most bandwidth and implement traffic management rules to prioritize business-critical traffic.”
Oliver was impressed with the management and network visibility provided by the Cato management portal. “Every facet of the Cato solution can be monitored and logged,” says Oliver. “We can gather information about circuit quality at each branch and get security alerts for quick remediation of attacks or malware infection. Best of all, we can see which applications and Web sites are using the most bandwidth and implement traffic management rules to prioritize business-critical traffic.”
Oliver also loved the single-pane-of-glass management approach Cato provided. “Both my team and the P&C Helpdesk can review the same Cato platform for management and monitoring of alerts and events,” says Oliver.
Deployment went smoothly, with dual connectivity at each site–a primary Ethernet or broadband connection and automatic 4G failover to maintain connectivity. “We also rolled out Cato’s VPN clients, which connected everyone to the Cato core, and made sure the right Cato security was in place,” says Oliver. “All site-to-site and Internet breakout traffic passes through Cato’s cloud-based NGFW. We also have subscriptions for Cato’s anti-malware and IPS services to protect all traffic passing through the network. Security at the core of the infrastructure helps us meet our audit and business requirements and maintain standards without having to maintain and manage a lot of security appliances.”
In addition to better management, reliability, and security, Oliver found the resilience of the branch connections using fiber broadband and 4G backup made it possible to retire several expensive Ethernet circuits at the end of their contract, leading to considerable cost savings. “Not only did Cato meet all our requirements, but it also turned out to be the most affordable of all the solutions.”