Our customer, a tax consultancy and auditing company, operates 15 branches across Germany and Austria. Due to a complex structure of their distributed data locations, both internally and in Microsoft 365, as well as in specialized data centers for financial applications, the administration, and protection of client data has become increasingly complicated and expensive.
"Due to the star-shaped architecture and the central Internet breakout at the head office, we sometimes have to struggle with high latencies", the IT manager describes the situation.
“We first prioritized the needs of our customer,” says Yves Sandfort, “they had to abandon the complex VPN infrastructure and move away from the star-shaped system towards a distributed network so that if the main location were to fail, not all branches would be affected".
The connection between the locations had to be redundantly equipped in order to guarantee availability in the event of failure of individual lines (e.g. 2 independent uplinks, or 1 uplink + LTE etc.).
For the locations, direct access to the cloud and the other, distributed data centers became important, "but, at the time, there was a reason why we first routed all lines through the headquarters," explains the IT manager, "because in the nature of things we work with highly sensitive data, which is why security between locations, but also with data services, is more important than ever!“
“We recommended VMware’s SD-WAN solution to our customer,” reports Yves Sandfort. “With SD-WAN, the customer has access to a distributed network of service gateways that are provided in cloud data centers around the world in order to provide scalability and redundancy. In other words: each branch receives its own box, a so-called SD-WAN Edge, which is centrally, remotely managed. These appliances carry out application recognition, control applications and packages, determine performance indicators, guarantee consistent service quality and host services for virtual network functions" explains Sandfort, "and all of this is done via 'normal' Internet connections instead of expensive, dedicated MPLS lines".
Separate gateways in the form of virtual machines were installed in other data centers to enable data from the SD-WAN to be transferred to the data center.
“This was our short-term solution in order to ‘get the cow off the ice’ (a German pro-verb which essentially means to save the day)”, Sandfort continues with a wink, "this is how we solved the most pressing problems, namely getting the latency under control." And the customer's IT manager adds, "we have received very positive feedback so far due to the reduced latency. We also expect to save over €100,000 per year in leased line fees.“
In the long run, the customer plans to implement a SASE environment, i.e. an integration of SD-WAN, paired with a zero trust network to enable optimized access, including from mobile devices, safely and easily.