Is it time to replace my dedicated frame lines with a straight internet VPN solution?

What is the bandwidth of your frame circuits?

I used to work for a company that was 100% VPN for all of its remote locations.  Some of them were 384k DSL bi-directional (slow, but it worked for email), T-1's, frac T's etc.  A 1.1 MB DSL bi-directional handled 25 or so users with adequate results (site had a DC, all were exchange users, and of course were surfing the net)

So, depending on your bandwidth requirements, get a T-1, DSL to the internet for each site, build VPN tunnels (cisco) and you should be good to go.

We have full T1s to several of our locations and fractional to the rest (512, 256, etc).  We have several hundred users, and replicate our AD/DFS, and our mail.  One of our remote locations is a redundant/disaster recovery location and it houses a complete mirror of our main DC and mail server.  The full T1 is adequate at best, the fractionals are stalling bad...  and the cost of all these dedicated frames is getting rather out of hand.  :)

i know.  well,  then take an acconting of all sites and start to price out and see what services are available in each of the locations.  i will tell you what, i have some of my small remotes sites, up to 50 users, at each remote site, and at some of these sites i run a business class cable internet.  business class because you can get static IP;s  and i even have 2 remote sitres with standard cable internet acess, dynamic IP's and the cable link gets on average 3 - 4 Mbits per second.  that is not too shabby for about 50 or 100 bucks a month and no termination charges.

you have to find out if your frames are on any long term commitments.

I am good as far as the contracts on my frames.  That should not be a factor if we decide to go with an alternative.

 

good,  sometimes people sign 3, 5 and sometime 10 years contracts.  but if you can get out,  i suggest getting out.

Could also suggest Business class DSL, pricing vs. cable will depend on where you are located, but you can get pretty decent speeds (up to 6MB) depending on each of your locations proximity to their CO/DSLAM.  It's also possible, depending on how much phone/LDx business you do with your local carriers, they could swing you a little discount to boot.  Then run your IPSec/VPN's between offices - as Freya28 has already covered...

3rd option would be to check with a local ISP.  For instance, where I used to work, a high quality ISP had a Fiber OC3 terminating in our building and ran us a Fiber Ethernet connection for around $150/mo/MB with SLA.  The ISP's core network was sitting right next to a QWest POP that was connected to both Dallas & Houston fiber loops.  Incredibly redundant at the ISP level (shout out to Managed Network Solutions, Bryan TX).  

It's possible you could find some good reliable solutions through those sources.  I'm just hesitant regarding Cable Internet, reliability issues and bandwidth SLA...

Good Luck,
Scooter

well with any fiber link it is most probably a renundant SONet ring on the carriers network.

If a full T is getting saturated, then as was stated above, if you happen to have offices in buildings that have been lit by various carriers, then contact them and find out what they can do for you.  Alternatively, contact a Tier I carrier, give them your locations and see if you can get a bundle discount.  If ATT has presence in the majority of your locations, they will most likely cut you a deal.  And your VPN traffic won't leave their network (unless they agreements with the other carriers).  

Tough question given so many factors:

Bandwidth requirements
Uptime/reliability requirements
Budget
Equipment replacement
Provider service restrictions (what's available where)

It sounds like you have enough justification/questions to get a project started.  If you don't have the expertise in house, I would recommend hiring a consultant to perform an analysis for you and give you different solutions & scenarios.

I am just looking for general information on how people approach their WAN connectivity solutions.  We are in the very early stages of investigating possible alternatives to the dedicated frame lines that we are using.  So basically, just tell me what you guys are doing to connect your sattelite offices.  :)

Oh, in that case...
Local pipes to the Internet:  bonded T1's, dedicated Ethernet from local ISP or Tier1 and then run VPN tunnels between.  We are in discussions to convert to MPLS circuits so we can get better performance for our IPTelephony solution.  Some features don't work well over VPN due to packet latency...

We have three 20Mb Ethernet handoffs from Time Warner (two in state, one on Left coast).  Small office with a T1.

Is there any real reason at this point to keep the expensive dedicated line frame relay as oppossed to getting a high speed pipe to the internet and just creating a VPN link between the two?  VPN security has come a long way in the last few years.  What solutions are you guys using for your VPN connectivity?

No.  Unless you are the NSA and very paranoid, an internet pipe and VPN tunnels are the way to go.

I wanted to split the points between the first 2 responders since they both attempted to contribute...  so, how do I split points in the future?

Click on "split" below the question.