Solved

Is it time to replace my dedicated frame lines with a straight internet VPN solution?

Posted on 2006-11-13
18
222 Views
Last Modified: 2010-04-10
Is it time to replace my dedicated frame lines with a straight internet VPN solution?

Currently we have frame lines running from our US headquarters to locations all over North America.  The performance just isn’t there for the applications we run and the amount of mail and AD replication we are doing.  Is it time to move away from the dedicated lines and search for another solution?

What technologies do you use regarding your WAN access and securing said access?
0
Comment
Question by:MaxellIT
  • 5
  • 5
  • 3
  • +2
18 Comments
 
LVL 12

Accepted Solution

by:
Freya28 earned 325 total points
ID: 17933723
i run a hybrid of Frame and IP/VPN.  i am in the process of phasing out my frame lines.  slower than others and costly especially when mileage has to be paid for.  the one good thing i can say about frame is the dedicated bandwidth and you can basically blast the past at all times.  IP/VPN runs encryption, and your speed will depend on what level of encryption you run. the higher the encryption the slower the transfer is.  i am basically using my frame lines as the primary lines and the vpn as a failover and load balancing.  so when i need to cut the frame loose, i just pull the cable .  there are other technologies out there, but you have to assess your network, each one is unique, and then determine what you ned.   it also depends on if you have a building(s) that are lit with fiber from any provider.  you can then get metro ethernet services if your other offices are the same provider network and their building is lit with fiber.  if the building is lit with fiber and the offices are not lit or are lit but from a different provider, you can then get a larger internret pipe for pretty cheap.  you can usually geta  10 meg internet pipe if lit fiber from your provider, for about 1500 dollars a month.  so do the math,.  a t1 is only 1.544Mb compared to 10Mb.  so you just increased your WAN pipe by 7.
0
 
LVL 5

Expert Comment

by:trarthur
ID: 17933727
What is the bandwidth of your frame circuits?

I used to work for a company that was 100% VPN for all of its remote locations.  Some of them were 384k DSL bi-directional (slow, but it worked for email), T-1's, frac T's etc.  A 1.1 MB DSL bi-directional handled 25 or so users with adequate results (site had a DC, all were exchange users, and of course were surfing the net)

So, depending on your bandwidth requirements, get a T-1, DSL to the internet for each site, build VPN tunnels (cisco) and you should be good to go.
0
 

Author Comment

by:MaxellIT
ID: 17933785
We have full T1s to several of our locations and fractional to the rest (512, 256, etc).  We have several hundred users, and replicate our AD/DFS, and our mail.  One of our remote locations is a redundant/disaster recovery location and it houses a complete mirror of our main DC and mail server.  The full T1 is adequate at best, the fractionals are stalling bad...  and the cost of all these dedicated frames is getting rather out of hand.  :)
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17933819
i know.  well,  then take an acconting of all sites and start to price out and see what services are available in each of the locations.  i will tell you what, i have some of my small remotes sites, up to 50 users, at each remote site, and at some of these sites i run a business class cable internet.  business class because you can get static IP;s  and i even have 2 remote sitres with standard cable internet acess, dynamic IP's and the cable link gets on average 3 - 4 Mbits per second.  that is not too shabby for about 50 or 100 bucks a month and no termination charges.
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17933822
you have to find out if your frames are on any long term commitments.
0
 

Author Comment

by:MaxellIT
ID: 17933886
I am good as far as the contracts on my frames.  That should not be a factor if we decide to go with an alternative.

 
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17934041
good,  sometimes people sign 3, 5 and sometime 10 years contracts.  but if you can get out,  i suggest getting out.
0
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 17934225
Could also suggest Business class DSL, pricing vs. cable will depend on where you are located, but you can get pretty decent speeds (up to 6MB) depending on each of your locations proximity to their CO/DSLAM.  It's also possible, depending on how much phone/LDx business you do with your local carriers, they could swing you a little discount to boot.  Then run your IPSec/VPN's between offices - as Freya28 has already covered...

3rd option would be to check with a local ISP.  For instance, where I used to work, a high quality ISP had a Fiber OC3 terminating in our building and ran us a Fiber Ethernet connection for around $150/mo/MB with SLA.  The ISP's core network was sitting right next to a QWest POP that was connected to both Dallas & Houston fiber loops.  Incredibly redundant at the ISP level (shout out to Managed Network Solutions, Bryan TX).  

It's possible you could find some good reliable solutions through those sources.  I'm just hesitant regarding Cable Internet, reliability issues and bandwidth SLA...

Good Luck,
Scooter
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17934258
well with any fiber link it is most probably a renundant SONet ring on the carriers network.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 5

Expert Comment

by:trarthur
ID: 17934438
If a full T is getting saturated, then as was stated above, if you happen to have offices in buildings that have been lit by various carriers, then contact them and find out what they can do for you.  Alternatively, contact a Tier I carrier, give them your locations and see if you can get a bundle discount.  If ATT has presence in the majority of your locations, they will most likely cut you a deal.  And your VPN traffic won't leave their network (unless they agreements with the other carriers).  
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 17937459
Tough question given so many factors:

Bandwidth requirements
Uptime/reliability requirements
Budget
Equipment replacement
Provider service restrictions (what's available where)

It sounds like you have enough justification/questions to get a project started.  If you don't have the expertise in house, I would recommend hiring a consultant to perform an analysis for you and give you different solutions & scenarios.
0
 

Author Comment

by:MaxellIT
ID: 17947949
I am just looking for general information on how people approach their WAN connectivity solutions.  We are in the very early stages of investigating possible alternatives to the dedicated frame lines that we are using.  So basically, just tell me what you guys are doing to connect your sattelite offices.  :)
0
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 17948013
Oh, in that case...
Local pipes to the Internet:  bonded T1's, dedicated Ethernet from local ISP or Tier1 and then run VPN tunnels between.  We are in discussions to convert to MPLS circuits so we can get better performance for our IPTelephony solution.  Some features don't work well over VPN due to packet latency...
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 17948539
We have three 20Mb Ethernet handoffs from Time Warner (two in state, one on Left coast).  Small office with a T1.
0
 

Author Comment

by:MaxellIT
ID: 17950014
Is there any real reason at this point to keep the expensive dedicated line frame relay as oppossed to getting a high speed pipe to the internet and just creating a VPN link between the two?  VPN security has come a long way in the last few years.  What solutions are you guys using for your VPN connectivity?
0
 
LVL 5

Expert Comment

by:trarthur
ID: 17950209
No.  Unless you are the NSA and very paranoid, an internet pipe and VPN tunnels are the way to go.
0
 

Author Comment

by:MaxellIT
ID: 17982368
I wanted to split the points between the first 2 responders since they both attempted to contribute...  so, how do I split points in the future?
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 17982396
Click on "split" below the question.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now