|
Enterprises need better bandwidth utilization, convergence, increased security, better management and the ability to add services to their WAN function. However, enterprises have traditionally been locked into private line, frame relay, MPLS, and ISDN services from the carriers. These carrier-based solutions have insufficient bandwidth, high costs, and bind organizations to a single carrier. This in turn limits flexibility, performance, and hinders the organizations ability to explore alternatives.
The “next best thing” the carriers have been touting, MPLS, is generating frustration among organizations seeking greater flexibility and agility. MPLS technology enables carriers to lower their operations costs, yet the QoS benefits pitched to their customers are greatly exaggerated.
Integrating and troubleshooting WANs across carriers is fraught with finger pointing. Carrier-specific and security overlay options also limit the network choices available, e.g. Wi-Fi, DSL, cable, wide-area wireless, and satellite. More important, carrier offerings feature little to no end-to-end security required by recent regulatory mandates.
Most IPSec VPNs can be difficult and costly to deploy and maintain. They are fraught with security issues stemming from their use of shared secrets, weak authentication, and too many opportunities for hackers to exploit. This makes physical security and patch management critical concerns. Additionally, Cisco and other vendors recommend generic routing encapsulation (GRE) for IPSec VPN deployments supporting VoIP, video, multicast applications, and legacy protocols. But GRE may exacerbate an already troublesome bandwidth constraint.
What to Look for Monthly Recurring Cost
Private line and frame relay communications are the most costly. Carriers recognize that new IP based services are stealing business and are now offering newer equivalents with some added features for treating time-sensitive data such as VoIP with higher priority.
MPLS delivers full-mesh connectivity amongst all branch offices at a lower cost to the carriers than frame and private line. However, these benefits and more can be enjoyed with a carrier independent service for as low as 20% of the current cost.
Carrier Independence
Carrier MPLS solutions offer incremental improvements over previous frame offerings. However, they still hold captive customers who cannot take advantage of superior, lower cost, local access offerings.
Geographic Independence
Typically, carriers “back-haul” via expensive 3rd party carriers to serve locations off their own network. They pass this cost onto the customer one way or another. Customers must bear with more complex network topologies, which translate into higher operations costs. IT personnel tend to perceive two types of deployments: on-net and off-net. All sites within an IPSec VPN solution are on-net, a simpler network topology for administrators operating within the WAN.
IPSec VPN Freedom without the Bandwidth Penalty GRE adds considerable overhead to IPSec VPN. This can reduce encryption throughput by up to two-thirds for VoIP traffic. An enterprise with VoIP, video, multi-cast, and non-IP legacy communications would maximize cost savings by employing a layer 2 solution that encapsulates and encrypts at the Ethernet layer instead of IP because it does not need GRE.
Investigate another kind of security overlay solution based on customer premise equipment (CPE) that encrypts and encapsulates Ethernet frames departing the premise for another site. This Ethernet frame encryption offers the most economical WAN solution for the distributed enterprise without suffering from the inflexibility and cost of carrier schemes.
An “Invisible WAN” Would Simplify Operations Within Enterprise
Most IPSec VPN offerings involve extensive dependence on WAN protocols. This not only complicates operations for those managing the WAN but also for those managing operations within the WAN. Carrier offerings can be simpler from a network routing perspective but at a high price and considerable inflexibility.
Ethernet frame encryption security overlays can yield a relatively invisible WAN yet still provide the cost savings and flexibility of an IPSec VPN solution. Managing branch assets from a data center can be much easier than with traditional layer 3 IPSec VPN products.
The Local Loop is Critical
The vast majority of failures occur with the local loop. Any solution that does not support two local loops at each branch office wherever it is located should not be considered.
Carrier service level agreements seldom provide sufficient compensation for downtime. Their secondary local loops tend to rely on the same infrastructure, undermining its value. A completely independent loop can be deployed at considerable, tariff expense.
|
