Our customer, a tax consultancy and auditing company, operates 15 branches in Germany and Austria. Due to a complex structure of distributed data locations, both internally and in Microsoft 365, as well as in specialized data centers for financial applications, the administration and protection of client data has become more and more complex and expensive.
"Due to thestar-shaped architecture and the central Internet breakout at the head office,we sometimes have to struggle with high latencies", the IT manager describes the situation.
“We first set the priorities with our customer,” says Yves Sandfort, “the customer had to abandon the complex VPN infrastructure and move away from the star-shaped system to a distributed network so that if the main location were to fail, not all branches would be affected ".
The Connection between the locations had to be redundantly equipped in order to guarantee availability in the event of failure of individual lines (e.g. 2 independent uplinks, or 1 uplink + LTE etc.).
For the locations, direct access to the cloud and the other, distributed data centers became important, "but, at the time, there was a reason why we first routed all lines through the headquarters,"explains the IT manager, "because in the nature of things we work with highly sensitive data, which is why security between locations, but also with data services, is more important than ever to us!
„We recommended the introduction of a SD-WAN solution from VMware to the customer ” reports Yves Sandfort, “with SD-WAN, the customer has access to a distributed network of service gateways that are provided in cloud data centers around the world in order to provide scalability and redundancy. In other words: each branch receives its own box, a so-called SD-WAN Edge, which is centrally, remotely managed. These appliances carry out application recognition, control applications and packages, determine performance indicators, guarantee consistent service quality and host services for virtual network functions" explains Sandfort "and all of this via 'normal' Internet connections instead of expensive, dedicated lines via MPLS". In the other data centers separate gateways in the form of virtual machines were installed to enable data from the SD-WAN to be transferred to the data center.
„This was our short-term solution in order to ‘get the cow off the ice’ (a German pro-verb which essentially means to save the day)”, Sandfort continues with a wink, "this is how we solved the most pressing problems, namely getting the latency under control."
“Due to the lower latency times, we have received very positive feedback so far,” the IT manager reports, “in addition, we will probably save over € 100,000 per year in leased line fees!“
In the long run, the customer plans to implement a SASE environment, i.e. an integration of SD-WAN, paired with a zero trust network to enable optimized access – including from mobile devices– safely and easily.