Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 365
  • Last Modified:

Is it time to replace my dedicated frame lines with a straight internet VPN solution?

Is it time to replace my dedicated frame lines with a straight internet VPN solution?

Currently we have frame lines running from our US headquarters to locations all over North America.  The performance just isn’t there for the applications we run and the amount of mail and AD replication we are doing.  Is it time to move away from the dedicated lines and search for another solution?

What technologies do you use regarding your WAN access and securing said access?
0
MaxellIT
Asked:
MaxellIT
  • 5
  • 5
  • 3
  • +2
1 Solution
 
Freya28Commented:
i run a hybrid of Frame and IP/VPN.  i am in the process of phasing out my frame lines.  slower than others and costly especially when mileage has to be paid for.  the one good thing i can say about frame is the dedicated bandwidth and you can basically blast the past at all times.  IP/VPN runs encryption, and your speed will depend on what level of encryption you run. the higher the encryption the slower the transfer is.  i am basically using my frame lines as the primary lines and the vpn as a failover and load balancing.  so when i need to cut the frame loose, i just pull the cable .  there are other technologies out there, but you have to assess your network, each one is unique, and then determine what you ned.   it also depends on if you have a building(s) that are lit with fiber from any provider.  you can then get metro ethernet services if your other offices are the same provider network and their building is lit with fiber.  if the building is lit with fiber and the offices are not lit or are lit but from a different provider, you can then get a larger internret pipe for pretty cheap.  you can usually geta  10 meg internet pipe if lit fiber from your provider, for about 1500 dollars a month.  so do the math,.  a t1 is only 1.544Mb compared to 10Mb.  so you just increased your WAN pipe by 7.
0
 
trarthurCommented:
What is the bandwidth of your frame circuits?

I used to work for a company that was 100% VPN for all of its remote locations.  Some of them were 384k DSL bi-directional (slow, but it worked for email), T-1's, frac T's etc.  A 1.1 MB DSL bi-directional handled 25 or so users with adequate results (site had a DC, all were exchange users, and of course were surfing the net)

So, depending on your bandwidth requirements, get a T-1, DSL to the internet for each site, build VPN tunnels (cisco) and you should be good to go.
0
 
MaxellITAuthor Commented:
We have full T1s to several of our locations and fractional to the rest (512, 256, etc).  We have several hundred users, and replicate our AD/DFS, and our mail.  One of our remote locations is a redundant/disaster recovery location and it houses a complete mirror of our main DC and mail server.  The full T1 is adequate at best, the fractionals are stalling bad...  and the cost of all these dedicated frames is getting rather out of hand.  :)
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Freya28Commented:
i know.  well,  then take an acconting of all sites and start to price out and see what services are available in each of the locations.  i will tell you what, i have some of my small remotes sites, up to 50 users, at each remote site, and at some of these sites i run a business class cable internet.  business class because you can get static IP;s  and i even have 2 remote sitres with standard cable internet acess, dynamic IP's and the cable link gets on average 3 - 4 Mbits per second.  that is not too shabby for about 50 or 100 bucks a month and no termination charges.
0
 
Freya28Commented:
you have to find out if your frames are on any long term commitments.
0
 
MaxellITAuthor Commented:
I am good as far as the contracts on my frames.  That should not be a factor if we decide to go with an alternative.

 
0
 
Freya28Commented:
good,  sometimes people sign 3, 5 and sometime 10 years contracts.  but if you can get out,  i suggest getting out.
0
 
Scott AndersonPrincipal Support EngineerCommented:
Could also suggest Business class DSL, pricing vs. cable will depend on where you are located, but you can get pretty decent speeds (up to 6MB) depending on each of your locations proximity to their CO/DSLAM.  It's also possible, depending on how much phone/LDx business you do with your local carriers, they could swing you a little discount to boot.  Then run your IPSec/VPN's between offices - as Freya28 has already covered...

3rd option would be to check with a local ISP.  For instance, where I used to work, a high quality ISP had a Fiber OC3 terminating in our building and ran us a Fiber Ethernet connection for around $150/mo/MB with SLA.  The ISP's core network was sitting right next to a QWest POP that was connected to both Dallas & Houston fiber loops.  Incredibly redundant at the ISP level (shout out to Managed Network Solutions, Bryan TX).  

It's possible you could find some good reliable solutions through those sources.  I'm just hesitant regarding Cable Internet, reliability issues and bandwidth SLA...

Good Luck,
Scooter
0
 
Freya28Commented:
well with any fiber link it is most probably a renundant SONet ring on the carriers network.
0
 
trarthurCommented:
If a full T is getting saturated, then as was stated above, if you happen to have offices in buildings that have been lit by various carriers, then contact them and find out what they can do for you.  Alternatively, contact a Tier I carrier, give them your locations and see if you can get a bundle discount.  If ATT has presence in the majority of your locations, they will most likely cut you a deal.  And your VPN traffic won't leave their network (unless they agreements with the other carriers).  
0
 
pseudocyberCommented:
Tough question given so many factors:

Bandwidth requirements
Uptime/reliability requirements
Budget
Equipment replacement
Provider service restrictions (what's available where)

It sounds like you have enough justification/questions to get a project started.  If you don't have the expertise in house, I would recommend hiring a consultant to perform an analysis for you and give you different solutions & scenarios.
0
 
MaxellITAuthor Commented:
I am just looking for general information on how people approach their WAN connectivity solutions.  We are in the very early stages of investigating possible alternatives to the dedicated frame lines that we are using.  So basically, just tell me what you guys are doing to connect your sattelite offices.  :)
0
 
Scott AndersonPrincipal Support EngineerCommented:
Oh, in that case...
Local pipes to the Internet:  bonded T1's, dedicated Ethernet from local ISP or Tier1 and then run VPN tunnels between.  We are in discussions to convert to MPLS circuits so we can get better performance for our IPTelephony solution.  Some features don't work well over VPN due to packet latency...
0
 
pseudocyberCommented:
We have three 20Mb Ethernet handoffs from Time Warner (two in state, one on Left coast).  Small office with a T1.
0
 
MaxellITAuthor Commented:
Is there any real reason at this point to keep the expensive dedicated line frame relay as oppossed to getting a high speed pipe to the internet and just creating a VPN link between the two?  VPN security has come a long way in the last few years.  What solutions are you guys using for your VPN connectivity?
0
 
trarthurCommented:
No.  Unless you are the NSA and very paranoid, an internet pipe and VPN tunnels are the way to go.
0
 
MaxellITAuthor Commented:
I wanted to split the points between the first 2 responders since they both attempted to contribute...  so, how do I split points in the future?
0
 
pseudocyberCommented:
Click on "split" below the question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 5
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now