The Easiest, Most Cost-Efficient Way to Set Up a Full Mesh VPN

The Easiest, Most Cost-Efficient Way to Set Up a Full Mesh VPN

As organizations connect branch locations directly to the Internet — rather than backhauling Internet traffic to headquarters over multiprotocol label switching (MPLS) services — they need to ensure the security of those remote site connections. InSpeed Quality Service (IQS) establishes a virtual private network (VPN) to protect company data as it travels over the Internet.

IT pros talk about using VPN tunnels to transmit data securely from one point to another. The word “tunnel” is used as a metaphor for a private pathway through an unsecured network such as the Internet. The tunnel is created using encryption to encapsulate the data packets. Because the data is encrypted, only the designated recipient can read it.

Organizations set up VPNs to connect two or more sites to one another, or to allow remote users to securely access company resources. There are three primary VPN topologies:

  • Point to point: This is the simplest form of VPN, in which one site connects to another. The VPN is set up and configured at each endpoint.
  • Hub and spoke: Each remote site is a “spoke” that connect to the headquarters “hub” via a separate VPN tunnel. The remote sites communicate with one another by going through headquarters.
  • Full Mesh: All sites are connected to one another. This is the most complex VPN topology, but also the most flexible and reliable.

Organizations have traditionally used the hub-and-spoke topology because it’s relatively easy to implement and requires only one VPN connection between each remote site and the hub. However, the hub-and-spoke model has a “single point of failure” — if headquarters loses connectivity, the entire VPN fails. It also creates latency because all traffic is traveling through a single chokepoint. Remote locations are unable to access multiple data centers, or collaborate with one another.

The full mesh topology eliminates the single point of failure, reduces latency and is capable of handling larger amounts of network traffic. However, a full mesh VPN traditionally has been expensive to set up due to the hardware required for each remote site. If not designed properly, the WAN will not route traffic in the most efficient manner. Full mesh VPNs are also highly dynamic and complex to maintain using legacy tools.

SD-WAN simplifies all of this by automatically establishing and configuring each VPN connection. A mesh of virtual links is created dynamically and layered on top of the physical WAN infrastructure. With IQS, a site can be set up with a single click and managed through a centralized, cloud-based console.

InSpeed’s SD-WAN solution is cost-efficient as well. Everything is handled by a small, onsite appliance that self-configures and automatically connects to the InSpeed cloud. It’s plug-and-play simple and so inexpensive that it can be used by employees who work from home. IT teams don’t have to worry about support headaches associated with legacy VPN technologies.

Many organizations are finding that the traditional hub-and-spoke VPN topology no longer meets their operational requirements. InSpeed makes it easy to set up and administer a full mesh, site-to-site VPN, ensuring robust security over any Internet connection.

Why Organizations Don’t Want SD-WAN Offered by Their ISP or Telco

Lock in is just one issue with getting SD-WAN from your carrierEarly adopters have found that getting SD-WAN services from their phone or Internet carrier doesn’t deliver the biggest bang for the buck. A recent Gartner survey unveils the problems for those looking at SD-WAN offerings.

The software-defined WAN (SD-WAN) market continues to grow at a phenomenal pace. SD-WAN solutions only started coming on the market in 2015, but the technology was already seeing mass adoption in 2017. Gartner predicts that 2018 and 2019 will be key years for growth as early adopters continue rapid uptake of the technology.

With a market this hot, many vendors are jumping on the SD-WAN bandwagon. Back in 2015, all SD-WAN deployments were “do-it-yourself”—the organizations purchased, implemented and managed the technology. By early 2016, managed services providers (MSPs) had begun offering SD-WAN services, and by mid-2016 traditional telecom carriers and Internet service providers had introduced SD-WAN products. Research firm IDC has predicted that by 2020 the majority of SD-WAN services will be provided by the companies that sell phone and broadband.

Often it appears that getting another service from a vendor you’re already paying is easy and convenient. They may even bundle the product in with phone or Internet, suggesting there is a discount.

Do Customers Want to Get SD-WAN from Their ISP or Phone Carrier?

But is that what customers want? A recent Gartner survey says it’s not. Only 30 percent of U.S. respondents said they preferred SD-WAN delivery through a carrier or network service provider. Most (37 percent) preferred to obtain services through the SD-WAN vendor, and 30 percent preferred a non-carrier provider such as an MSP or systems integrator.

The reasons for these preferences become obvious when you consider the top drivers for SD-WAN adoption. Organizations implement SD-WAN to gain increased availability, performance and agility while reducing WAN transport costs. Buying SD-WAN from a carrier is not going to give them the flexibility they’re looking for, and likely won’t provide the cost savings they’d get with an independent solution.

Carriers and some MSPs embed an SD-WAN service in a larger solution and make it look inexpensive. However, these SD-WAN offerings are more complex and expensive in the long run once you include installation, configuration of the rules and ongoing management of those rules.

[epq-quote align=”align-right”]Carrier-bundled SD-WAN often costs more in the long run once you include installation, complexity and configuration of the rules and ongoing management of those rules.[/epq-quote]The perceived challenges associated with SD-WAN offer another perspective:

  • Almost half (48 percent) of Gartner survey respondents were concerned about the lack of visibility into the operations of the service provider.
  • 48 percent were concerned about service provider lock-in.
  • 43 percent about lack of control over the SD-WAN solution.

Even if the ISP provides a bundled discount, SD-WAN offerings are not going to solve those problems.

Addressing the Problems Created by SD-WAN Resold by ISPs/Telcos

When organizations purchase services through an SD-WAN vendor, the WAN transport layer becomes commoditized. Customers can mix and match carrier services such as MPLS with broadband Internet, 4G/LTE wireless and even satellite technologies. Within these categories the services are interchangeable, giving customers the flexibility to obtain the best connectivity at the best price.

InSpeed’s SD-WAN solution goes even further. InSpeed Quality Service (IQS) installs on your existing network—no waiting for your carrier or ISP to install a new circuit and hit you with special charges. You don’t have to worry about changes in the network and IP addresses causing issues with your service. Simply plug in the InSpeed appliance and IQS automatically prioritizes interactive traffic and optimizes bandwidth over any connection. You gain:

  • high-quality voice and video conferencing
  • guaranteed application performance
  • the cost advantage of avoiding a carrier-class circuit
  • real-time visibility into ISP performance and site or data center issues

Our unique Control Center provides graphic visibility of the ISP’s performance, making service calls simple because you can easily and accurately describe the issue to the ISP. You’ll see exactly how your circuits are performing and how IQS is responding to changing traffic conditions. The big win is visibility into the ISPs performance and the ability to triage an issue among site, ISP, or data center

InSpeed does not charge for bandwidth or require a second connection. If you want to install an additional connection for business continuity it’s as easy as a song—simply add a low-cost 4G/LTE modem to be used only for network failover.

Unlike other SD-WAN services, InSpeed is self-managing, and operation and maintenance are included. No IT time is required to make modifications to the service or keep it working properly. Plus, InSpeed provides a secure network, so there is no need to add a separate firewall or VPN.

The benefits of SD-WAN are well documented but a lot depends on the service provider you select. Early adopters have found that telco SD-WAN services fail to deliver the best value. InSpeed provides an independent solution that’s highly effective, cost-efficient and easy to use.

Contact one of our sales specialists to answer all your questions about SD-WAN.

Do You Have Real-Time Visibility into Your WAN?

a mechanic looks under the hood, just as a sys admin looks at your network
a mechanic looks under the hood, just as a sys admin looks at your SD-WAN network
Just as a mechanic needs to be able to look under the hood to fix your car, your sys admin needs visibility into your network

IT pros have been complaining about visibility for at least a decade. They all need it, but don’t have enough of it. Lack of visibility is a major pain point in IT operations.

The term defies easy definition. But in essence “visibility” refers to the ability to see what’s going on inside a network, an application, an IT environment. It requires a rich set of tools that can gather data on performance, availability and other factors and present them in real time in a meaningful way.

The concept of visibility goes hand-in-hand with the notion of control. When IT pros can see what’s going on inside their systems and networks, they are better equipped to troubleshoot problems and take steps to improve performance.

[epq-quote align=”align-right”]#NetworkVisibility is the ability to see what’s going on inside a network. It requires a rich set of tools that can gather data on performance, availability and other factors and present them in real time in a meaningful way.[/epq-quote]Gaining visibility has never been easy, and it’s becoming more difficult as the IT infrastructure becomes more complex. Organizations are operating multiple wired and wireless networks, dozens of applications, scores of appliances, and multiple cloud platforms. They may have voice over IP (VoIP) systems, video conferencing systems and collaboration tools—some onsite, some cloud-based. Not all of those systems will have tools for monitoring and analyzing performance metrics, and those that do may require someone with an engineering degree to figure them out.

The WAN has always been a blind spot. Network administrators typically have limited visibility into their WAN circuits, other than whether the link is up or down. So when VoIP calls are garbled and video conferences freeze, there’s not a whole lot that administrators can do. They may suspect that the WAN is the culprit but are unable to prove it or to pinpoint the source of the problem. They’re also unable to hold service providers accountable for their contracted service-level agreements (SLAs).

Software-defined WAN (SD-WAN) solutions are supposed to make WAN management easier. With SD-WAN you can aggregate multiple links and establish software-based policies for controlling how traffic is routed and prioritized. Typically, you can also manage all of your remote sites through a centralized console.

But very few SD-WAN solutions give you visibility into the WAN. A few provide data on network behavior and usage. Some support the Netflow or IPFIX protocols, which allows you to inject network flow data into a collection tool for future analysis and reporting. But administrators really need to see events that cause network traffic to be rerouted and how WAN performance and Quality of Service are impacted.

InSpeed Quality Service (IQS) gives you that visibility. IQS continuously monitors traffic quality and dynamically manages throughput to prevent buffer bloat and minimize latency, jitter and packet loss. Through InSpeed’s unique Control Center you can see, in real time, how your circuits are performing and how IQS is responding to network and traffic conditions. You don’t have to be a rocket scientist—IQS shows your high-priority traffic, normal-priority traffic, and latency and packet loss in a simple-to-read timeline.

InSpeed also monitors the ISP’s throughput to validate its advertised bandwidth, and measures InSpeed’s improvement on the ISP’s connection to validate Quality of Service. IQS provides a report with these and other metrics.

Visibility may be elusive in today’s complex IT environment, but you don’t have to guess what’s going on inside your WAN. InSpeed lets you look under the hood and see in real time how IQS is maximizing quality and performance. Contact our sales team to get started.

Why SD-WAN Should Be Part of Your Business Continuity Plan

With IQS, it is possible to maintain business continuity in a hurricane. 4g failover to the rescue

dowload a printable PDF of this article: Eliminate MPLS
Download this post as a PDF

Network Downtime Affects Your Bottom Line

If time is money, downtime is money wasted. The 2017 Veeam Availability Report, a global survey of IT decision-makers conducted by ESG, found that downtime costs enterprises an average of $21.8 million each year. There has been a 36 percent year-over-year increase in downtime incidents. Not surprisingly, 86 percent of survey respondents expect downtime costs to continue to go up in the future. That’s why business continuity is so important.

Whether downtime is caused by hardware failure, a weather-related event or a cyberattack, the bottom line suffers when employees can’t access the IT resources they need. Customers and business partners lose confidence in your organization, your reputation suffers, and resources have to be diverted to make up lost ground.

Losing WAN Connectivity Grinds Business to a Halt

The loss of WAN connectivity can be as bad as a server crash — if not worse. Most organizations rely on the WAN to connect multiple locations and remote workers. The WAN also supports IP phone systems and collaboration tools, and provides access to cloud-based applications. Without the WAN, business grinds to a halt.

The right software-defined WAN (SD-WAN) solution can help maximize WAN availability. SD-WAN makes it possible to implement a hybrid WAN with intelligent path selection and automatic failover. Organizations can increase WAN resilience by supplementing multiprotocol label switching (MPLS) and broadband Internet with 4G/LTE or satellite connectivity.

An Ohio-based retailer with more than 70 showrooms in 24 states can attest to the value of SD-WAN for business continuity. With many of its stores clustered along the East Coast, including several locations in Florida, the company was concerned that a hurricane or other disaster could interrupt WAN services. Based upon a recommendation from its IT solution provider, TTx, the retailer began testing InSpeed’s SD-WAN solution in a single location.

Our SD-WAN Means Business Continuity…Even in a Natural Disaster

The retailer was using MPLS to support the IP phones in each location, and wanted to add 4G broadband for redundancy. InSpeed made it possible to flip back and forth between MPLS and 4G with no dropped calls or disruption of service. During the test, the retailer also found that Quality of Service (QoS) and performance were vastly improved when using 4G broadband with InSpeed instead of MPLS.

Shortly thereafter, Hurricane Irma began approaching Florida. The retailer sent an IT director to install InSpeed with 4G broadband at each Florida store before Irma made landfall. When WAN service was disrupted, InSpeed automatically switched over to 4G without any problems.

The retailer then decided to install InSpeed in its primary call center. InSpeed was meant to serve as a backup, but the company again found that InSpeed plus broadband provided better QoS and performance than MPLS. InSpeed’s real-time visibility and reporting capabilities showed that the MPLS connection had significant packet loss and latency even though it was only handling voice traffic. InSpeed was able to improve voice call quality and ensure performance for other traffic as well.

This led the retailer to eliminate all of its MPLS circuits and use InSpeed and broadband in every location. InSpeed provided the desired redundancy while reducing WAN costs by more than half.

Bottom line: Downtime is expensive. MPLS is expensive. InSpeed can help improve business continuity, reduce WAN costs and ensure performance for business communications and cloud-based applications. Contact one of our specialists to learn more.


SD-WAN Is Supposed to Relieve Complexity. Why Does It Have to Be So Hard?

sys admin frustrated by network complexit
sys admin frustrated by network complexit
Don’t let network complexity get you down

Reducing network complexity is one of the primary reasons why organizations implement software-defined WAN (SD-WAN) solutions. In a recent IDC study, rapid deployment, operational efficiency and reduced complexity scored high as motivational factors for organizations considering SD-WAN deployments. The ability to simplify WAN infrastructure was a top SD-WAN use case.

In theory, SD-WAN delivers on this promise. SD-WAN sits on top of multiple WAN links, using software-driven policies to automatically select the best data transport mechanism for each application. As such, SD-WAN masks the complexity of implementing and managing an aggregate WAN and frees IT from the virtually impossible task of implementing those policies manually.

But that’s only one aspect of WAN management. Most organizations are struggling with a complex array of WAN equipment, including routers, load balancers and other gear along with firewalls and other security appliances. SD-WAN becomes yet another box IT has to deal with.

Furthermore, the cost-saving benefits of SD-WAN only manifest themselves when you connect branch locations directly to the Internet as opposed to backhauling Internet traffic to headquarters via a private circuit. With direct Internet access, security becomes an even greater concern, so additional security solutions are typically needed. The branch WAN stack grows larger, and maintaining user accounts takes more time.

And when broadband Internet links enter into the mix, IT has to worry about application performance—particularly for latency-sensitive applications such as voice and video conferencing. However, troubleshooting performance problems becomes more difficult given the fragmented nature of the WAN.

Doesn’t sound so simple, does it? Plus, you’re adding a new technology (SD-WAN) that the IT team isn’t familiar with, and changing WAN management processes.

Some organizations try to sidestep these issues by going with a managed SD-WAN solution through their telecom carrier. However, this approach increases costs and makes it harder for organizations to respond to changing business and IT requirements.

With InSpeed Quality Service (IQS), you get all of the benefits of a managed service in a carrier-independent model. Designed for rapid deployment and ease of use, IQS consists of a small onsite appliance that routes WAN traffic through a secure VPN tunnel to the InSpeed cloud. The cloud service automatically shapes the traffic entering and leaving the site, giving priority to interactive traffic such as voice and video conferencing. It also manages bandwidth utilization from end to end, ensuring optimum performance for all applications.

IQS enables secure site-to-site connectivity without the need for private circuits or complicated firewalls. It also supports multiple WAN connections for business continuity, automatically switching to a backup link while maintaining Quality of Service.

Installation of the IQS appliance is plug-and-play simple, and the cloud service does all the heavy lifting without the need for complex configuration or policy management. It’s so easy you can use it in all of your sites, including the home offices of your remote workers.

SD-WAN is supposed to relieve complexity, so many organizations are wondering why it has to be so hard. It doesn’t. IQS delivers all the benefits of SD-WAN without any management headaches.