By Dan Baldwin
A week or so ago we posted a blog about a major public Internet outage that adversely affected multi-location businesses that connected their offices using VPN that rode the public Internet.
In the post we discussed the migration that many businesses have launched away from VPNs on the Internet to metro Ethernet and MPLS networks.
We posed the following questions to him:
1. Start us out with a little background information. What is the prevalence of businesses using VPN's on the public Internet to connect their multiple locations and how long has Cynergy been assisting these kinds of businesses?
3. How does a Metro Ethernet private network solution differ from a MPLS solution?
4. What are the different flavors of Ethernet? (Copper over, fiber, etc.)
5. For VPN customers not ready to migrate to a MPLS solution, what are some "fail over" option they might want to consider and what are the pros and cons of each? (WiFi, Fixed Wireless, Cable and DSL with Load Balancing Routers, etc.)
6. What sort of businesses should contact Cynergy if they want help and do you work with other consultants and sub-agents? What's the best way to contat Cynergy?
Click the audio player below to listen to the interview now with your computer speakers. Click here to download the MP3 of the interview.
Scroll down below to read the interview. Click here to print the interview.
Jeff Cohen: Thank you, Dan. I appreciate the opportunity to speak with you.
DB: Jeff, start us out with a little background information on the topic we're discussing today. What is the prevalence of businesses using VPNs on the public Internet to connect their multiple locations, and how long has Cynergy been assisting these kinds of businesses?
JC: Well Dan, about 15 years ago virtual private network access was a fairly new concept for most businesses, and prior to that, most companies were utilizing some sort of either frame relay or private line. And while those 2 technologies were beneficial to companies at the time, cost savings, efficiencies and things of that nature were requiring more companies to look for alternative solutions.
That's when the virtual private network, or VPN, really became more a prevalent technology, and about 15 years ago again while large corporations had already had a good head start with VPN technologies, the rest of the companies were really starting to realize the possibilities the VPNs provided to them.
At that time vendors such as Cisco, Check Point, Microsoft began producing a variety of products that provide the VPN services to the business. And today, VPN is considered a standard feature in any serious security and router related product, and it's widely implemented to most companies.
What started as a VPN over the public Internet has today evolved and more companies are now moving towards an MPLS technology for several business related purposes and ease of setting up and managing VPNs.
Early VPN products required, and many still do, their own client which is usually installed on a remove workstation, and needs access to the local network, and the encryption methods and support protocols made them either a very good choice or simply a bad one because they could be easily compromised.
2:09 As an example, point-to-point tele-protocol, PPTP, was an extremely popular VPN solution, but it didn't provide adequate security because of its weak encryption. But today, VPN over the Internet is mostly IPsec based standard, and it uses the IP protocol security and a number of other related protocols that provide adequate security and encryption to insure that their session is secure and properly encrypted. That's kind of where we got the MPLS today.
DB: My understanding of the VPN is, is it's an equipment-based solution using the public Internet where you're just using whatever broadband solution that you have in place, and so why don't you go ahead and explain the inherent challenges of using the public Internet, this equipment-based solution, and then kind of segway into how to get away from those problems, what are people doing to migrate to MPLS?
JC: Historically VPN was thought to be less expensive because the Internet was ubiquitous and easily obtained by local providers in different areas, versus going to one carrier to secure all services around the country.
So if you could imagine a 200 location company going to carrier A and saying I need all 200 locations serviced. Well, part of those locations might not be on deck for that carrier and it would then make that location fairly expensive.
But today, MPLS and VPN are pretty much the same price as far as Internet and MPLS ports, they're about the same price. So that's not necessarily too much of an argument any more, and at the end of the day VPN can actually cost more in equipment that is needed at the site because as you were mentioning, VPN is an equipment-based product versus MPLS really being a carrier-based product.
So some of the issues that we've run into with VPNs today aside from security and things of that nature, is if you can imagine you have a 200 location company and you have VPN setup, and you would then have to if you wanted a fully meshed network where every location could talk to each location without the old hub and spoke technology of coming back through the host to get to another location, each one of those locations would have to be managed by over 200 different tunnels, or IPsecs, or PVCs, permanent virtual circuits, that are connecting to each of those locations. So if you as an IP person had to manage that, can you imagine trying to keep up with all that? It would be quite difficult.
4:49 And each time you added in a new location, you would then have to program 200+ routes into that new location, and then go back to all the other 200 locations and then create a new virtual route.
So what MPLS has done is, MPLS has really taken all that away from the IT department and the carrier is now responsible for doing that. So it's really very simple to put an MPLS network into place. You're going to get a private IP that goes into a standard router, that is a router that is good for MPLS. It's the same router you would use for Internet. You would turn up that location and that location talks to the network, and the network does everything else.
So now as you are adding more sites, you go back to those 200 location customer, they want to bring up another site, all they have to do is install a T1 or whatever bandwidth they want to utilize, they will get their private IP from the carrier, they turn up that site into the network, and all of the routing is then done internally within the carriers.
So you can imagine the amount of time that now alleviates from the IT staff, and the amount of gear that you're not having to manage because now you don't have 200+ firewalls out there and VPN appliances that you're managing.
So MPLS today is not only easier to manage, it inherently is less expensive once you get to a certain size scale.
DB: You talked about the IT department and the IT staff, and the 200 location business that heretofore has been managing the VPN solution, are they embracing or being threatened by an MPLS solution being provided by the carrier?
JC: I guess what it really comes down to is what that person is doing inside the business. I would imagine in a certain size company if there are folks that were just specifically managing the VPN, they can redeploy that employee asset to other parts of the business. What we are finding on a large majority is that they are more than happy to alleviate themselves from that responsibility. There is more mission critical business activities that they prefer to be dealing with.
6:57 But keep in mind, even when you go to an MPLS there are still a lot of these companies that have the MPLS that still require Internet VPNs, so if you have remove workers obviously it's really not cost effective to put an MPLS in a remote worker's house, or on their laptop, so those folks would still need some type of VPN over the Internet to come back into the network, as well as a lot of companies are tied to their customers who are on a VPN.
So you've really got a blend of those products in a large majority of your company. There are very few of our customers that have MPLS that don't have at least a few VPNs still connecting to somebody.
DB: And you said earlier that the actual cost of the VPN solution for a 200 location company compared to the cost of the MPLS, is close to a wash?
JC: It's close to a wash these days, but of course if you're talking about sites that might have used a DSL for $60 or $70 and tried to put an MPLS circuit in there for $300 to $500, then obviously there is a big enough delta there to look at a different solution, but in today's world a lot of the carriers are now offering an MPLS connection into the network through the DSL, so we're not really finding that to be any kind of a roadblock to companies going MPLS.
And again, once you take a look at the overall cost of the manpower, the equipment, upgrading the software on a regular basis, and then really the security of your data coming through an MPLS versus going through an IP VPN over the Internet, I think most companies would realize it's just not worth the few dollars that they might save in that respect.
DB: And going back to that soft dollar comparison, let's say that a business end-user is spending 100 labor units a month managing their equipment based VPN, if they switch to an MPLS solution, how much lower than 100 VPN labor units would they be spending managing the MPLS?
9:03 JC: You're probably looking somewhere in the 5 to 10 labor units at that point, and those labor units more than likely are being spent on trying to make sure that, and we haven't really discussed cost of service on the MPLS and what are the benefits of it, but most of that labor unit time is now going to be spent making sure that their cost of service levels are appropriate for the applications that they are running across the network.
Other than that, pretty much anything else that they need, especially if it's a router managed, carrier router, any time they need something they are going to make a phone call or open up a ticket with the carrier, the carrier is going to handle the workload and then report back that everything is resolved.
There are substantial labor savings in going to an MPLS.
DB: And so I understand where the labor saving is coming from, with a VPN equipment-based network, the IT staff inhouse is basically managing all the software upgrades, managing all these routers whereas once you go to MPLS the carrier is doing the management of all of the MPLS.
JC: That is absolutely correct.
DB: Moving on, can you share with us does the Metro Ethernet private network solution differ from MPLS, because you hear MPLS, you hear Metro E, are they the same? Are they different?
JC: Metro E inherently is sold within a LATA (local access transport area). Where MPLS can go world wide, cross any type of boundary, Metro Ethernet as a product is really designed to be sold to companies that are within LATA boundaries.
So if you are where I am at in Atlanta, which we have a very large LATA, Georgia has 3 different LATAs, so if you're in south Georgia and you're trying to connect to Atlanta, you would not be able to do that over Metro Ethernet network.
Metro Ethernet comes in 2 flavors for the most part. Each carrier sells a little bit different flavor, but typically Metro Ethernet is very similar in MPLS where it is a shared switch-based network. It is not a private point-to-point network internally within the carrier.
11:14 So really it is an inexpensive, high-bandwidth product that is very similar in nature to MPLS, but it has limitations on where you can connect and how far you can go with the network.
DB: As far as security, is Metro Ethernet solution less secure than an MPLS?
JC: No, it's identical. It's identical as far as the security.
DB: When a business wants to go to a private network, the only thing that would dictate whether it is MPLS or Metro E would be how spread out past the local area network or LATA?
JC: Yes, it is strictly geographic, and we've got several examples where we have customers with clusters of locations. For example, Charleston, North Carolina, LATA, and maybe in Birmingham, Alabama where there are 15 or 20 sites in each one of those cities, and what we will do in that scenario again because it is more cost effective is build many Metro Ethernet networks, one for each city, and then connect the 3 networks together with an MPLS solution from either the same carrier or another carrier in that now all the networks are connected and they will take advantage
Just to give you a ballpark idea, a 10 meg Ethernet circuit in Atlanta might run $500 or $600 for a 10 meg, but 10 megs on an MPLS might run you $1,000 to $1,500. So you can see where the price of a 10 meg Metro E is almost the price of a 1.5 or a 3 meg bonded T1 solution, so again every customer is a little bit different with what they're looking to do. Most companies obviously the price of something is going to have a pretty dramatic affect on their ability to do it or not. But we've done that multiple times with customers with a lot of success by giving them high bandwidth for low cost, but still connect all their locations together.
13:19 DB: So multi-location companies evenly spread across the country are probably just going with an MPLS where as “campus-type companies will lean towards metro Ethernet, right?
JC: Yes. Campus-type companies, a university, hospitals, healthcare networks that are spread over a metro they are going to look at Metro Ethernet first. Absolutely.
DB: For VPN customers not ready to migrate to an MPLS solution, what are some failover options they might want to consider, and what are the pros and cons of each?
JC: You have obviously your 3G, 4G wireless backup cards. You've got DSL, cable modems, wireless access. You can also utilize a bandwidth sharing-type or load balancing appliance in your environment. I don't know if there is so much a benefit other than again cutting down the price and availability where DSL or cable might not be available, but you might go to 3G or 4G-type application or card.
Some of the things you are going to get, each one of those products inherently comes with some type of benefit and non-benefit to it. 3G, 4G, coverage area. DSL, it's a non-business product for the most part, so you don't know for sure what bandwidth you are going to get.
But we've got customers who are utilizing all of those standards, and again it comes down to location, availability and pricing, and what works and what doesn't work in your specific location.
To give an example again, we rolled out a 600 location retail chain that wanted to go with a DSL solution. These folks were in malls and DSL was not available at every mall, so the secondary approach to it was to go with a 3G or 4G wireless card, 4G wherever we could and then 3G. Some of the issues that we ran into with that solution was being in a mall it never gets a good signal, so some of these locations we had to go up and put antennas on top of the roofs.
15:29 As far as a backup with VPN, it really just comes down to again location, price, and how critical is it that that particular site stay up. And today, most of our customers a T1 backup is not that expensive anymore at a lot of locations, so it comes down to how mission critical is the data at that point.
DB: You've kind of taken us into our last question, Jeff, where we are talking about the value of some sort of consulting company that can integrate all of the solutions, and/or figure out which solutions can be integrated. Can you tell us now a little bit about Cynergy, your history, and what sort of businesses should contact Cynergy if they want help, and do you work with other consultants and subagents?
JC: Just a little background on Cynergy. Cynergy initially operated under another name that was founded back in 1996 and we just changed the brand name about 6 years ago. We are a boutique Telecom management company that goes in and analyses a customer's needs, and what we are trying to do with our customers is utilize technology to drive down pricing and give the customer a better network to run their business on.
Taking a T1 from $400 to $350, that's a pretty easy solution for most of the companies that are out there, but again what we are looking to do is take a company who is managing a couple hundred locations on the VPN, help them migrate and plan a migration from a VPN or a legacy point-to-point, hub and spoke network over to an MPLS network.
We work with partners, we work with consultants on a regular basis to help customers project manage this. When Cynergy comes in not only are we helping you determine which solution is best for you, we are also working with the carriers in negotiating the price range. We will then project manage the installation between the customer, the vendors and the carriers to make sure the migration is as smooth as possible, and then our post-sale support side, we stick around.
17:33 We have our own internal helpdesk 24/7 support for trouble tickets, moves, adds, changes, changes, billing questions, any type of issue the customer has, rather than going directly to the carrier and opening up a ticket and speaking with somebody new each time, we have our customers call us and we get to build a very nice relationship with the customer. We understand what they're doing and who they are. They know who we are and how we work, how they want to work, and at the end of the day it has been a very successful formula for us as a whole.
DB: While you are based in Atlanta, it doesn't sound like your customers are exclusive to the Atlanta metro. You help customers across country?
JC: Absolutely. We have customers worldwide at this point, and we have employees located in multiple states. We have several sales and engineering support people that are scattered around the country at this point. I would say probably 50% or 60% of our business originates out of Atlanta and the other 40% or 50% originates outside of the Atlanta area.
We've been very fortunate that we get along well with our customers and a CIO might leave one company and go and work for another, but we have a pretty high success rate with those folks calling us back and bringing us into their new environment to help take them from wherever they are to where they were before.
DB: This is Dan Baldwin. We've been talking with Jeff Cohen, partner of Cynergy Telecom out of Atlanta. Jeff, if any of our audience end-users or other communications consultants want to bring an opportunity in and see how they can work with you, what's the best way to get a hold of you?
JC: Dan, they can reach me directly. My direct number is 678-369-9625. My email address is firstname.lastname@example.org. I would be happy to speak with anybody at any time, and if we're not able to help them we will certainly give them whatever guidance we can. We would be happy to be of assistance.
19:38 DB: Anything we forgot to talk about today, Jeff?
JC: I think we covered it pretty well. There is obviously always more to talk about, but I think that one thing that we probably want to talk about is one of the main reasons and one of the main drivers I think that people go from an Internet-based VPN to an MPLS would be the ability to manage the quality of service between locations, and to be able to take critical applications and prioritize them over the network through various classes of service that are offered through the MPLS network.
With more and more people going to voice and video, the applications within their environments or Oracle or an SAP, that MPLS application versus an IP VPN over the Internet, it's night and day the results that the company is going to have, and the experience they are going to get internally when they go to an MPLS.
We would certainly be happy to talk to customers, venders, agents, anybody that would like to talk more about it, we would be happy to talk to them.
DB: Thanks Jeff. I look forward to following up with you in the future.
JC: Thank you so much for the opportunity to speak with you, Dan.
Looking for a Southern California based, vendor neutral business communications technology service expert that can help you out with your multi-location telecom or data network problems?
Click here to learn about how we might be able to fix your problem for free, then contact me directly at 951-251-5155 or Dan@BaldwinTel.com.
BaldwinTel helps multi-location businesses across the United States but specializes Southern California especially San Diego County, Orange County, Los Angeles County, Riverside County and San Bernardino County.