Bugaboo Transforms its Network with Cato, Boosting Cloud and Datacenter Application Performance
Bugaboo Transforms its Network with Cato, Boosting Cloud and Datacenter Application Performance The Challenge: Slash Network Complexity and Cost
Global manufacturers need fast, secure WAN connections among datacenters, manufacturing plants, sales offices, and the cloud to provide a positive customer experience and compete successfully with fast-moving competitors. Many have relied on global MPLS networks, which are expensive--particularly in the Asia Pacific region--and not always reliable. And still others are relying increasingly on cloud applications, which are ill-suited for legacy networks based on MPLS.
Such was the case with Bugaboo, a well-known innovative Dutch designer and manufacturer of baby strollers and parenting solutions. Bugaboo had a datacenter and main office in Amsterdam, a manufacturing plant in Xiamen China, and offices and retailers throughout the EU, North America, Australia, and Asia Pacific.
When Rein Droog joined as Vice President, Global IT for Bugaboo in 2019, the company was suffering from WAN and infrastructure complexity. The network had emerged organically, requiring internal technology experts to keep humming. At the time, ERP and other applications were running in the Amsterdam datacenter, connected to global locations either via MPLS or, in the case of the smallest locations, Internet VPNs. “We had somewhere between 10 or 20 different contracts with local providers,” says Droog.
“In Asia the MPLS is much more expensive than in Europe. What’s more, IT staff had to fly all over the world to bring up even small, 10-person offices."
Not only was the WAN infrastructure complex, it was also expensive. “In Asia the MPLS is much more expensive than in Europe,” says Droog. What’s more, IT staff had to fly all over the world to bring up even small, 10-person offices, he says.
Security was also varied and highly distributed among locations. “There had been little to no centralized monitoring or management, which complicated policy configuration and enforcement,” he says.
“With all of that expensive MPLS, our China locations still had performance, latency, and downtime issues when connecting to applications in the Amsterdam datacenter. The whole setup was just not economical, and with all the expertise in a few IT staff, not sustainable.”
With all this complexity and expense, WAN performance and stability were constant issues. “One month Japan was down, the next month Australia,” says Droog. “With all of that expensive MPLS, our China locations still had performance, latency, and downtime issues when connecting to applications in the Amsterdam datacenter. The whole setup was just not economical, and with all the expertise in a few IT staff, not sustainable.”
Bugaboo also sought to kickstart a major digital transformation, which included a “Cloud Unless” policy that mandated moving applications to the cloud whenever it made business sense. MPLS was clearly not the strategic solution.
With IPknowledge, Bugaboo Embarks on Total Network Transformation
Droog started soliciting feedback from leadership, users, and IT to start building a digital transformation strategy. “All kinds of unfiltered feedback was collected, from the good to the bad,” says Droog. “From Virtual meetings not going smoothly, to latency issues or bad application performance. Some things were working, however, so my task was to find the root cause of the issues we were having and fix it.”
Droog drafted a technology transformation roadmap with three major objectives:
Fix the foundation, which included hosting and networking, site infrastructure, user and meeting services and security.
Improve the application layer by rationalization and simplification.
Improve the data reporting and advanced analytics capability by focusing on ownership, quality and tooling.
“We looked at the network and site infrastructure as one of the first,” says Droog.
To fix the foundation, Droog turned to longtime IT partner IPknowledge, a Dutch provider of Internet access and cloud-native connectivity and security to enterprises like Bugaboo. IPknowledge had already been working with Bugaboo to enhance the existing WAN infrastructure with WAN optimization solutions. In this case, Droog wanted IPknowledge to help him transform the network.
“I wanted one reliable partner, not 20 different contracts, and I didn’t want our folks having to deal with 24 X 7 monitoring. The solution had to be simple and sustainable, and it had to just work.”
“We had a lot of discussions on how to set up a flexible network that could deal with the number of users we had in our office locations,” says Droog. “I wanted one reliable partner, not 20 different contracts, and I didn’t want our folks having to deal with 24 X 7 monitoring. The solution had to be simple and sustainable, and it had to just work.”
Droog wanted to be able to open--and close--offices quickly and easily if necessary, a key requirement of rapid company transformation. “We were changing quickly, and it was difficult to know what was coming in the next three months.”
Cato connects all global enterprise network resources — including branch locations, mobile users, and physical and cloud datacenters — into a single secure, global, cloud-native network service. With all WAN and Internet traffic consolidated in the cloud, Cato applies a suite of robust security services to protect all traffic, including anti-malware, next-generation firewall, content filtering, and IPS.
Connecting a location to Cato is just a matter of installing a simple preconfigured Cato Socket appliance, which links automatically to the nearest of Cato’s more than 65 globally dispersed PoPs. At the local PoP, Cato provides an onramp to its global backbone and security services. The backbone is not only privately managed for zero packet loss and 5 9’s uptime, it also has built-in WAN optimization to dramatically improve throughput. Cato monitors network traffic and selects the optimum path for each packet across the Cato backbone. Mobile and home users run across the same backbone, benefiting from the same optimization features and improving remote access performance.
Droog tested several solutions, including Cato. Bugaboo had just switched to Office 365 and Cato worked the best with the service, particularly in China. “Our overall internal network performance also improved with Cato and the performance of our Amsterdam-based applications in China improved significantly.”
Network Complexity to Simplicity with Cato and IPknowledge
“Cato really is plug and play. It was clear that Cato’s flexibility actually made switching to Cato less risky than staying with the solution we already had.”
Setting up the tests was remarkably easy. “That’s one of the things that drew me to the Cato solution,” says Droog. “Cato really is plug and play. It was clear that Cato’s flexibility actually made switching to Cato less risky than staying with the solution we already had.”
Rolling out Cato to the other locations over a month was also quick and painless. “There was zero downtime during the rollout,” says Droog. “We just shipped the Cato Socket to each office and walked whoever was there, even a salesperson, through how to plug it in.” No IT travel required.
When Covid-19 hit, Bugaboo sent everyone home to use its existing remote access solution but switched gradually to Cato between November 2020 and January 2021. Once remote access moved to Cato, performance for all those work-from-home users improved in Asia and North America as well. “We heard a lot of home users say, ‘Hey, this runs much faster!” says Droog.
“With Cato the performance with the cloud was faster than connecting to the cloud directly,”
And finally, cloud applications also ran faster under Cato. “With Cato the performance with the cloud was faster than connecting to the cloud directly,” says Droog.
As for security and management, Bugaboo has its own security monitoring tools and policies, but Cato provides the firewall, antimalware, and IPS capabilities in the cloud. IPknowledge also has its own management and monitoring tools to manage the Bugaboo Cato deployment but hooks into Cato’s management system using the Cato API.
“Cato’s management portal takes care of a lot of mundane tasks that we had to handle ourselves before,” says Steven de Graaf, managing director of IPknowledge. “With Cato we can be proactive and spend time on architectural improvements instead of configuring and fixing firewall rules. Cato lets us compete with the big telcos and provide a better solution, which is why it has become our principal strategic partner.”
“Monitoring and maintenance have improved a lot with Cato and IPknowledge,” says Droog. “And where there were hiccups every month with our previous infrastructure, Cato has been absolutely stable, fast, and available.”
Alewijnse Transforms Global, Real-Time WAN with Cato Secure SD-WAN
Alewijnse Transforms Global, Real-Time WAN with Cato Secure SD-WAN MPLS: Expensive and Incompatible with Alewijnse’s Business
For decades, Alewijnse relied on MPLS as a principal part of its wide area network (WAN). The company’s Amsterdam datacenter, nine sites in the Netherlands, and a branch office in Romania were connected by a fully meshed, MPLS network. Its predictability made MPLS essential for delivering the company’s high-definition video system, and remote desktops using Citrix and the Remote Desktop Protocol (RDP). Three other locations, the largest in Vietnam, established virtual private network (VPN) tunnels across direct Internet access (DIA) connections to the Amsterdam datacenter.
Increasingly, though, MPLS was not addressing Alewijnse’s business requirements. Users complained about poor Internet and cloud performance – and for good reason. Applications were starved for bandwidth, as they were backhauled across 10 Mbits/s MPLS connections to the Internet breakout in Alewijnse’s datacenter.
Internet traffic was driving up MPLS costs. Cloud applications and Internet usage accounted for about 50 percent of MPLS bandwidth to the datacenter, says Willem-Jan Herckenrath, manager of ICT at Alewijnse.
IT agility was also constrained by MPLS. “Our business demands that we can set up project locations in a short period of time,” says Herckenrath, “With MPLS, I often had to wait three months to get a connection, if the technology was even available in that region.”
At the same time he was rethinking his network, Herckenrath had to reevaluate the company’s security architecture. He needed a better way to secure his remote offices. Firewall appliances bring additional operational costs around deployment, management, and upgrades.
He also needed a better approach to protect mobile users against ransomware and zero-day attacks. “Users were local administrators on their laptops and so they were not always fully protected when they entered the office,” he says, “We wanted to introduce a way so that they would always connect securely.”
Converging Networking and Security Reduces Complexity and Costs
Herckenrath wanted a simpler WAN design that made more effective use of the Internet without compromising on MPLS’ “quick performance” required by his loss-sensitive applications. The architecture would also have to address company’s security requirements and mobility concerns.
Connecting locations through an Internet-based VPN was one approach, but that would still mean installing, configuring, and managing VPN routers at every location. SD-WAN showed promise, but traditional SD-WAN solutions do not connect mobile users or cloud resources. They also lack advanced security services and a global backbone.
Herckenrath and his team looked at bundling SD-WAN solutions with a secure web gateway (SWG) service and another provider’s backbone. But they rejected the idea. “The feature comparison looked good on paper, but they were more difficult to implement and much more expensive than Cato Cloud,” says Herckenrath.
Cato Cloud is a secure, global SD-WAN service, connecting locations, cloud resources, and mobile users. Advanced security services are built into Cato Cloud and include a next generation firewall (NGFW), SWG, IPS, and advanced threat protection. “With Cato, we got the functionality of SD-WAN, a global backbone, and security service for our sites and mobile users, integrated together and at a fraction of the cost,” he says.
Cato Cloud: MPLS-like Performance without MPLS-like Price
Alewijnse began a phased deployment of Cato Cloud. In the first phase, Herckenrath and his team connected the offices in the Netherlands, Romania, and Vietnam into Cato using high-quality, Internet last mile. In the next phase, Herckenrath connected the rest of his offices to the Internet and Cato Cloud.
Cato’s ability to use any available last mile service in the WAN gave Herckenrath additional agility. Established locations can still be connected via MPLS, but now Herckenrath and his team were no longer dependent on MPLS services. As long as users can connect to the Internet, they can access Cato Cloud. And where physical Internet connectivity is not available, he can use 4G. It means his project teams at building locations, for example, can quickly get up and working.
Yet despite moving off of MPLS, Herckenrath has not sacrificed performance. “Our users haven’t noticed a difference,” he says, “Latency and packet loss are low. Even the users outside of Europe have the same or better user experience with our HD video conferencing and our CAD system (which runs over Citrix).”
[caption id="attachment_6743" align="alignnone" width="781"] With Cato Cloud, Alewijnse consolidated its datacenter, locations, cloud resources and soon, mobile users, onto a single, secured WAN.[/caption]
Eliminating MPLS means he’s been able to reduce his bandwidth spend each month by “about 25 percent,” says Herckenrath, for as much as 10-times more bandwidth in some locations.
Additional bandwidth has helped his Internet performance, but so has eliminating Internet backhaul. With Cato, Alewijnse Internet traffic goes directly to Cato Cloud, where it’s inspected and secured, and from there to the public Internet.
“Users are much happier now with our Internet services,” he says.
Any new deployment faces its challenges and when they happen, quickly getting hold of a quality support team is critical. “We had our challenges, but what I hear from my guys is that they WhatsApp with Cato’s support guys. They don’t always have to first go, log a complaint, and open a ticket. I really like that approach,” he says.
Alewijnse Extends WAN Transformation to Mobile Users and Eliminates Security Appliances
To achieve the full value of the converged solution, Alewijnse will gradually deploy Cato Clients to secure employees’ laptops and mobile devices. Also on the roadmap is to eliminate the firewall appliances in the branch offices. Together, Herckenrath has a long migration path for transforming his network, but with Cato Cloud he thinks he has the right platform.
“We like Cato’s all-in-one approach and the competitive pricing gave us very good value for money.”
[caption id="attachment_6744" align="alignnone" width="417"] With Cato, Alewijnse understands how its network is used by all users and locations[/caption]