Salcomp Replaces Global MPLS, Firewalls, and WAN Optimizers With Cato Cloud
Salcomp Finds Global MPLS Too Unreliable and Rigid
When you’re a primary manufacturer to major mobile phone companies, uptime and security are critical. A small hiccup in your production line could be disastrous for your customers — and your business. All of which might sound like a good reason for sticking with expensive managed MPLS services until you consider that you’re also being evaluated on budget management.
Such was the challenge for Ville Sarja. The seasoned CIO was responsible for the aging IT architecture at Salcomp, a global manufacturer of adapters for electronic devices, originally part of Nokia and now a primary supplier to Samsung and other leading mobile phone companies. “The IT template hadn’t changed in nearly 20 years since Nokia spun out Salcomp”, says Sarja.
During those two decades, though, Salcomp’s business had changed significantly. The headquarters and the datacenter were still in Finland, but most manufacturing occurred in Brazil and the Asia Pacific. Offices had given way to more mobile users, particularly in China. The cloud had become far more popular, something Sarja was looking to leverage, and video conferencing had become the norm.
Optimizing Network Spend a Must for Salcomp
None of which sat well for Salcomp’s networking architecture. The company’s global MPLS network, which connected manufacturing plants in China, India, and Brazil with the datacenter and headquarters in Finland, consumed a “significant portion” of Salcomp’s IT budget, says Sarja.
MPLS: Not Suited for the Future
Global MPLS bandwidth was limited, which would prove problematic as traffic requirements grew. To address the situation, Salcomp deployed WAN optimizers at each end of his MPLS connections, but the WAN optimizers were challenging to configure, he says.
MPLS is also poorly suited for taking advantage of cloud services, which Sarja knew Salcomp wanted to leverage. “We wanted to be more cloud compliant, which was not compatible with the infrastructure in place,” he says.
Global MPLS’s Last-Mile Availability Problems
And for all of its touted uptime and availability, MPLS’s dirty secret remains the last-mile connectivity problems that arise on global connections. Unable to control last miles outside of their regional networks, MPLS providers must rely on local third-party partners — often with mixed results. For just that reason, Salcomp equipped locations with backup connections — local Internet access and firewall clusters running antimalware and IPS.
“In Brazil, we had a problem with an MPLS circuit, and the office was out of service for six months. Luckily we had Internet redundancy, so we were able to direct traffic to the Internet and bandwidth and connectivity were good enough. Our MPLS provider was unable to resolve the problem,” he says.
MPLS’s Long Installation Times
The last straw was MPLS’s rigidity around new site installation. Says Sarja “In terms of deploying new sites, which was something we’re doing more in the past year, MPLS takes up to six months to have a circuit in place. That’s not very critical because it’s a site to be established and we can plan but regardless the inflexibility was there,” he says.
Performance Testing Shows Cato Blows Away MPLS
Two years previously, Sarja had begun studying SD-WAN. Two years later, he returned to that effort, determined to find an MPLS alternative.
“We thought an appliance-based SD-WAN solution was the most promising approach, but the SD-WAN reseller was unable to get our POC started. There were cooperation issues with the SD-WAN vendor, and we were caught in the middle of everything,” he says.
That’s when he learned about Cato. “I liked the fact that the Cato service used Cato’s own technology,” Sarja says, “It makes your life easier when you’re working with the vendor. The knowledge is there, and logistical problems are resolved beforehand, making onboarding much easier.”
Sarja and his team decided to run a POC, testing Cato Cloud from Salcomp’s Finland datacenter and locations across China, Taiwan, and India. They deployed a Cato Socket at each location with policies in the local firewall steering the pertinent traffic to Cato.
Three types of tests were run:
- Sharepoint file transfers and file sharing. Salcomp wanted Cato performance to be at least as good as the current 10 Mbits/s, MPLS connection or other SD-WAN providers over the Internet (also operating at about ~10 Mbps).
- SAP user experience. Salcomp didn’t want any degradation in SAP experience as measured by running reports and in the time taken to execute transactions.
- Office 365 performance. Uploading and downloading of files from Sharepoint Online in the Hong Kong region across Cato was to be compared against the regular Internet and other Internet-based SD-WAN solutions.
What Sarja found impressed him. Data throughput on Sharepoint file transfer testing from Taiwan to Finland with Cato was 30x better than MPLS with a WAN optimizer; file sharing improved by more than 40x.
Within China, Sarja found downloading a 116 MB Excel file across the site’s 20 Mbits/s connection to Cato Cloud on average took 83 seconds. Across MPLS? Download times were 20x longer.
Latency also dropped by 13% when tested from China to Finland across Cato. And not only was performance as good if not better than MPLS, but Cato deployment was much quicker. He could use any Internet line to connect locations to Cato Cloud, eliminating the six-month deployment times required for MPLS.
Salcomp Replaces MPLS with Cato Cloud
Sarja decided to move forward with a phased migration of Salcomp’s production line onto Cato. Initially, the team connected the datacenter in Helsinki to Cato. Afterward, they migrated the Indian and Brazilian locations. During the final phase, Sarja moved over the China locations of Shenzhen and Guigang, as well as the Taiwan location in Taipei.
Across all locations, he replaced the routers, firewall appliances, and WAN optimizers with redundant Cato Sockets configured in high-availability mode. “With just one architecture, not three, we can make changes in a few minutes that required weeks with our MPLS provider,” he says. Without local firewalls, Sarja relied on Cato Security Services to protect against network-based threats. Cato Security Services is a fully managed suite of enterprise-grade and agile network security services built into Cato network that includes Next-gen Firewall (NGFW), Secure Web Gateway (SWG), Advanced Threat Prevention, Cloud and Mobile Access Protection and Network Forensics. Testing done by a leading mobile phone manufacturer vetted Cato’s security, allowing Sarja to extend an IPsec tunnel from his Cato network to the mobile phone provider’s premises.
Since the deployment, Sarja was able to show far better budget management. He’s playing less per megabit for bandwidth and eliminating all of those appliances at each location has saved him a bundle.
“We’ve reduced our networking opex by 50 percent and more since moving from MPLS to Cato,” he says.
Salcomp IT: Ready for Today and Positioned for Tomorrow
With the transition to Cato, Sarja is better positioned to address new IT challenges facing his organizations. He’s planning a Microsoft Office 365 deployment and expects to connect his Office 365 instance to Cato. Cato dramatically improves cloud performance, routing traffic along the optimum path across the Cato backbone to the Cato PoP nearest to the customer’s cloud instance. Cato PoPs collocate in the same physical datacenters as the IXPs of Microsoft, AWS, and other leading cloud providers, making it a short hop across the datacenter’s local network into the cloud provider. It’s like having premium, direct cloud connections from 40+ locations across the globe — for free.
Cato’s range of built-in optimizations also benefit unified communications. “Video quality with Microsoft Lync from China has been very good,” he says. Sarja is also looking at equipping mobile users with Cato’s mobile client to connect to Cato Cloud, once their existing VPN licenses expire.
Overall, Sarja says he’s received the best feedback any CIO could want from his users — nothing. “Users just aren’t complaining any longer,” he says. And that’s a very good thing.