Solved

2500 users on a 12/3mbps Satellite Internet Connection... How to Improve speed?

Posted on 2015-02-05
10
100 Views
Last Modified: 2015-02-21
Hi All,

As the Title suggests, we have a lot of Internet issues.
We have 2500 users who are accessing an uncapped 12mbps down / 3 mbps up Satellite connection.
This is a corporate environment

Unsurprisingly, we always max out the connection and have some unhappy users complaining that the Internet doesn't work...

Purchasing more internet is not an option, as the Satellite Links are incredibly expensive.

So we are looking at possible ways to ensure that the Internet link is used the most effectively.
More than happy to buy kit, even expensive kit, as the Return On Investment for anything that reduces the need for more Internet costs would be easy to justify.

Our current environment uses an Cisco ASA 5540 as the Firewall and we have a  Cymphonix Network Composer (now owned by untangle) as the Web Filter and basic traffic shaping.

This works, but im sure there must be something more out there that will allow us to better manage the Internet traffic so that we can ensure the best possible internet experience for our users. And give better reporting than the Cymphonix.

Also, VERY IMPORTANT, is that the level of skillsets with the IT area for maintenance of the devices is low, so we will need something that is reasonably easy to maintain (again, happy to pay for that!) and is easy to work with.

Does anyone have suggestions for:


Traffic Shaping  (with differing rules for different AD Groups, ie Streaming media ok for some, restricted for others, blocked entirely for some, volume based shaping would be good too ie. User gets 200mb of Streaming Media or Internet as a whole unrestricted, as soon as they go over that they are shaped right down to something small)

Prioritising of Traffic (able to prioritise certain traffic, websites or AD users so their internet takes precedence, ie for Video conferencing or Online Exams)
 
Web Filtering (with differing rules for different AD Groups, HTTPS filtering as well)

Block of unwanted traffic (time based, ie P2P blocked always but Online backups, Dropbox etc, available at night)

Comprehensive Monitoring and Reporting. (Be able to identify users and PCs clearly, drill down options on the traffic)


We would probably prefer a commercial option, even up to the ISP quality equipment, to ensure that we can do this right.
We have considered devices like  Procera  Packet Logic http://www.proceranetworks.com
But would like to get an understanding of what else is out there.

Thank you
0
Comment
Question by:HBS-Mach
  • 6
  • 3
10 Comments
 
LVL 4

Accepted Solution

by:
Joey Yung earned 500 total points
Comment Utility
You might consider for BlueCoat proxy solution, which can meet your requirement and resolve the bandwidth bottleneck issue.
0
 
LVL 1

Author Comment

by:HBS-Mach
Comment Utility
Thanks Joey Yung, I will take a look.
Are you using it yourself?
Feedback on its effectiveness would also be helpful
0
 
LVL 14

Expert Comment

by:JohnnyCanuck
Comment Utility
I think you just don't have enough bandwidth for 2500 users.  I have 90 users on 25 down and 7 up and that chugs at times.  Consider what happens as well when everyone's computer wants to update on patch Tuesday or Adobe issues another of their numerous updates.  Is there any way you can get more upload bandwidth?  That might help somewhat as I can only imagine how much data is squirting up that 3mb uplink with 2500 users.  Internet traffic is 2-way.  Each computer has to send a request before it can get a web page and a clogged uplink will really slow everything down.
0
 
LVL 1

Author Comment

by:HBS-Mach
Comment Utility
Hi Johnny
Unfortunately buying more bandwidth isn't an option. This is a island in the middle of the pacific. Satellite costs are huge.
We use WSUS for patch Tuesday and System Centre for other updates to reduce traffic.
We are looking for something that will hopefully make it a little better... But it will always be slow, we understand that.
A little better is better than nothing :-)
0
 
LVL 1

Author Comment

by:HBS-Mach
Comment Utility
Does anyone use Procera Packet Logic or a BlueCoat?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 4

Expert Comment

by:Joey Yung
Comment Utility
I'm not the end user, and I was help my customer to deploy before. End up the customer is satisfied with the product, and BlueCoat is the market leading brand.
0
 
LVL 4

Expert Comment

by:Joey Yung
Comment Utility
I'm not much memory of this project, but I remember their scope is around 1500 users with 15Mb WAN bandwidth.
0
 
LVL 1

Author Comment

by:HBS-Mach
Comment Utility
thanks Joey Yung. That scope sounds about right for me.
0
 
LVL 1

Assisted Solution

by:HBS-Mach
HBS-Mach earned 0 total points
Comment Utility
I will close this question with points awarded to Joey Yung for suggesting BlueCoat and we will also look at Procera Packet Logic.
0
 
LVL 1

Author Closing Comment

by:HBS-Mach
Comment Utility
In the end I didn't get as complete an answer as I hoped, but this at least gives me a couple of areas to look at.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Being able to change email signatures is made really simple with email signature software and services.
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now