Establishing Digital Trust: Don't Sacrifice Security for Convenience
All the while, your bandwidth requirements increases exponentially due to new applications the software development teams churn out to meet the needs of your business. At the same time, your directive, straight from the CIO, is to make sure business applications are responsive at remote locations and hold down costs, of course.
Well you can rest easy as I am going to tell you how you can go back to your CIO and advise him or her that not only are you going to double the bandwidth, but you are going to reduce overall costs as well.
Simple Definition of a Broadband site-to-site VPNThe most simple and cost effective network is a network that leverages the public Internet as the long haul transport mechanism. Simply speaking, you provision a circuit to the Internet at your datacenter, which terminates at a VPN aggregation router, e.g. Cisco 7206 with VPN Module.
Obviously you employ your existing corporate firewall and/or a choke router to ensure that access is limited to business-related traffic. At your remote location, you provision Internet access via ADSL, DSL, or cable modem and terminate with a VPN router such as the Cisco 1711 VPN router.
Once the Internet circuit and routers are installed, a VPN tunnel, which traverses the Internet, is built by configuring a tunnel between the remote router and the aggregation router at the Corporate Data Center. This is a simple router configuration that must be done on both the end-point and head-end aggregation routers.
We will get into the gory details of that in the next installment of this series.
First and foremost, let's cut through the myths about "network availability" and "the Internet is not reliable" stories you are hearing from those doubting engineers that have a Frame Relay security blanket wrapped tightly around them. Can you remember the last time your DSL or Cable Modem Service was out of service at your home? I would venture to guess the answer is you can't remember the last time you lost service, and if so, it was due to a major event such as a storm, hurricane or cable cut that impacts all network services including Frame Relay.
As a matter of fact my experience has been that DSL and Cable systems are more resilient and recover much more quickly than the Frame Relay locations during the punishing hurricane seasons of the past couple of years. The fact of the matter is it's not uncommon for site-to-site VPN networks to achieve 99.99 and better availability.
Folks, this is right up there with Frame Relay and at less than half the cost!
"Yes, but you forgot about latency", quips doubting engineer in the background. Well I am here to tell you latency is not an issue. Latency will typically be less than 120 ms, and in some cases with high-speed cable, this will drop to the neighborhood of 30 to 40 ms. I am actually transmitting call center voice traffic over my network, which is the acid test.
Page 2: Invoicing Headaches & One-Stop Shopping
Now that we have dispelled the myth about the technical issues we need to take a hard look at the "administrative" issues involved with a broadband site-to-site VPN network. This can be relatively simple if you have a network comprised of only one vendor (which is probably not the case) or downright miserable if you have a large network comprised of a multitude of providers at the end points (which is most likely what you're facing).
Can you imagine having to reconcile hundreds of invoices from the various Bells and cable providers each month? Yikes! It is not a pretty picture, is it? Well, don't worry; the solution is simple.
All you need to do is to outsource the network to a full service firm that harnesses the broadband services from a variety of providers, manages all of this for you and then provides you one itemized invoice for all of your remote locations at the end of the month.
In all probability, when you displace Frame Relay with broadband site-to-site VPN you will start receiving a small, easy-to-read invoice in place of the telephone directory sized invoice you receive from your Frame provider today. It typically takes me about 8 hours to slog through my Frame Relay invoice and less than one hour to process my Broadband VPN invoice, both networks of which have a comparable number of locations. So you do the math.
The site-to-site Broadband VPN will introduce numerous end-point providers. Not to fear, this is an opportunity to take advantage of an aggregator as I described above.
Let the aggregator manage your network on a 7/24 basis. This eliminates the need for you to worry about monitoring the network at all hours and the small monthly fee you pay for this service will be recouped many times over with the savings you reap by making the switch. Simply speaking, you will continue to enjoy one-stop shopping, management and billing while cutting costs and potentially reducing staff.
The Next Step
O.K. lets get to the bottom line, since there appears to be no significant technical challenges or administrative burdens to incur. First tally up your monthly spending on Frame Relay then ask yourself if you are willing to double or triple the bandwidth capacity while cutting your monthly recurring costs in half.
Then I recommend you research some of the full service network consolidators such as Megapath or Go Remote (links below) and get a first-hand look at what services they have to offer as well as some of their success stories. I suspect you may find an off-the-shelf solution that you can easily plug into your existing infrastructure with very little engineering time. Actually the only engineering time you should have to expend is how to interface the VPN network securely to your infrastructure, and even then, the time spent should be realm of hours versus days.
In the next installment we will discuss the design considerations and help you to put together a cost benefit analysis.