How a Clientless SD-WAN Solved PSP Corp.’s VPN and Remote Access Problems
If your organization is increasing its global footprint, operating out of remote locations, or is experiencing a sizeable number of employees accessing the corporate data center with remote access, chances are you are already witnessing a surge in number of VPN gateways and concentrators within your enterprise network.
In the past, the biggest concerns for implementing VPN concentrators were considerations of security and interoperability. But as the number of VPN requests skyrocket, application performance and network manageability have become two critical pain-points for an IT department.
However, Platform Specialty Products (PSP) was able to solve this issue, reducing their number of VPN concentrators down from 50 to 4, and improving application performance for remote and mobile employees by 20-30%.
Let’s take a look at what they did.
A Classic Problem of “Too Many”
PSP produces high-technology specialty chemical products and provides of technical services all over the world. Formed by the merger of six companies in 2013, the IT team inherited a myriad of disparate network systems from PSP’s predecessors. This not only included an enterprise WAN to manage for over 190 sites worldwide, but also connectivity for their remote and mobile knowledge workers, which make up 40% of PSP’s employee base.
The VPN setups for PSP were a hodgepodge of solutions that were distributed to various regions, very decentralized, and managed locally without a standard set of policies.
The VP of Global Infrastructure Services at Platform Specialty Products, Dustin Collins, said of this system, “You name it, we had it: Cisco, Juniper, NetExtender. VPNs in general are something we have used to securely connect our workforce to various assets whether they were managed in the cloud, on-premises, etc. But at one point we realized that we have a mish-mash of 50 concentrators – and security and performance were at stake.”
For PSP, multiple entry points meant it could be difficult to secure or guarantee a uniform standard of security globally. The topology of the VPN set up can also have a significant impact on application performance and can vary widely among the remote devices. If you’re supporting a site-to-site VPN that connects two different remote offices, it’s likely that both ends use dedicated equipment configured for a permanent VPN tunnel.
Moreover, too many VPN gateways and concentrators are the reason behind serious user dissatisfaction. With multiple VPN gateways, every time a user wants to connect to the network they have to worry about what resource they must connect to – and in a scenario where users need connectivity to two resources that are not available on a single client, they would have to disconnect from computer resource, launch another VPN client, and connect to another resource.
As requests escalate and VPN performance slows down, organizations have no other option but to increase the size of the tunnel by adding bandwidth at both ends. Usually, the connectivity medium is MPLS, which is itself fraught with problems, including increased costs as bandwidth requirements go up, long deployment times, difficulty connecting in remote geographies, and an inability to connect to the cloud without expensive and time-consuming workarounds. And when the public Internet is used instead, the network is subject to jitter, delays, transmission disturbances and variable response times.
The Solution: Aryaka SmartACCESS
Post-merger, PSP’s focus was on reducing the burden on the IT team to increase efficiencies and speed the time to market.
Traditionally, PSP would have had to install new VPNs to standardize the connectivity, which might have taken many months or even years – and required a heavy investment of IT budget and human resources. And even installing new VPN concentrators would not have to ensured application performance, especially in remote geographies.
PSP decided to forego the legacy technologies like MPLS and the public Internet, and chose instead Aryaka’s Global SD-WAN to solve their network connectivity problems. By deploying that solution, they were also able to leverage Aryaka’s SmartACCESS, the first clientless SD-WAN for the remote and mobile workforce. This is an extension into Aryaka’s global private network for users who are connecting to the WAN remotely.
Using SmartACCESS enabled PSP to reduce the amount of VPN concentrators down from 50 to one globally available URL, load balanced across four nodes in two geographical locations. They were able to save roughly $100K in network operating costs and increase efficiency due to the consolidation of their system.
In addition to the consolidation, PSP was able to as Collins described, “shrink the globe.” All their remote users now come through the U.S. first, but it does not affect their application performance whatsoever.
For example, if a remote knowledge worker sitting at home in Hong Kong needs to access resources sitting in an Azure data center in Singapore, they connect first through the U.S. using PSP’s global VPN, which then routes their traffic through Aryaka SmartACCESS to the Singapore location, and then back again. Even though the application is traversing the world four times essentially, PSP found application performance is about the same, if not a better, than having a local VPN concentrator routing traffic from that region. This is because Aryaka SmartACCESS accelerates both the network and VPN traffic. Not only did this save PSP costs in IT infrastructure, they were able to increase the application performance, and estimate productivity from remote and mobile users has increased 20-30%.
As the business environment continues to become more dynamic, mobile, and cloud-reliant, most organizations will continue to see their number of VPN connections increasing in the near future.
To help IT teams achieve better control over network security and provide users with application performance and ease of use, CIOs and IT leaders would be best serving their organizations by investing in solutions that can help them reduce and control the number of VPN gateways and concentrators they deploy on their networks.
To learn how Aryaka can help you reduce overhead and achieve an easy-to-manage, lean IT infrastructure, contact us now or request a proof of concept today.