MPLS/VPLS, IPSec or SDWan?

CHI-LTD
CHI-LTD used Ask the Experts™
on
Hi
We are reviewing our internet connectivity to a view of simplifying and improving performance and security.  We currently have 3 sites with Cisco routers and ASA firewalls on-premise running IPSec between them, with remote user VPNs terminating on two of them.  We are not running any additional services on the firewalls.  We also run SIP trunks into one of the offices which traverses to another.  QoS on the routers and on-premise switches.  Voice works well.
Still running many systems on prem and only have o365, no AWS/Azure yet..
We are looking at MPLS.  Would this be a better fit?  What about VPLS, SDWan or sticking with on-premise firewalls with IPsec?  
Any suggestions would be great.  
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Aaron TomoskyDirector of Solutions Consulting
Commented:
I like SD-WAN, you can usually get a fiber and coax and SD-WAN appliance managed all for the cost of MPLS with better performance and resiliency. Disclaimer: my day job is at a managed sd-wan provider

Pro tip: Keep at least one of you firewalls anywhere you have servers (for ids/ips/gav) and need client vpns,
Mike SmithEnterprise VoIP & ISP Broker
Commented:
Can you specify the issues/concerns you're having today, with your current IPsec? MPLS and SD-WAN are both viable technologies and a good fit for certain scenarios but trying to learn more about what specifically you'd like to improve.

What applications are running slow?

You said the voice is working well? Do you have local dial tone at each site, separately?

Are your 3 sites in major metropolitan areas, where you might be able to get a second Internet circuit?

Author

Commented:
Thats what i dont want: firewalls on premise, id prefer them hosted.

Sure, so incumbent isnt performing, and we haven't any firewall HA in place.  Simplify it and improve security and performance.  

Nothing running slow, apart from exchange online at times.

Yes QoS works fine as does the voice.  Yes, we have shoretel kit on premise.

We can get a second ADSL/FTTC no problem.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Mike SmithEnterprise VoIP & ISP Broker
Commented:
If nothing is running slow and voice is fine, no need to pay for MPLS or VPLS.

SD-WAN sits outside of your IPsec VPN and your IPsec tunnels pass through it. The main benefits of SD-WAN are improved performance of your network speed, lower levels of packet loss, latency & jitter and better redundancy.

Some SD-WAN providers can, however add managed IPsec VPN and managed/network security as value-add features but they are not a standard feature of SD-WAN.

It sounds like you are a candidate for SD-WAN for the performance but you need to try to find a provider who has the value-add of security, firewall, intrusion prevention, etc.

Author

Commented:
Why not?  We have less HA at our sites and old kit.  MPLS would resolve this, no?
So its a firewall/router in oue that points to a cloud offering where it can be managed by a web interface?  Ive looked at it here in the UK and the prices are either astronomical or nobody supplies it.
Enterprise VoIP & ISP Broker
Commented:
MPLS/VPLS is very pricy at high speeds. The main benefit of it is to guarantee low levels of packet loss, latency and jitter (for Real-time traffic), or prevent bottlenecks (that encryption can create), when transferring very large amounts of data.

SD-WAN with managed security pails in comparison to the cost of high bandwidth MPLS with managed security. So, if your real time voice traffic is performing well and you aren't sending monster size files, IPSec is the best way to go.

SD-WAN will provide a little added benefit of increased network speed and failover, with the option of adding managed network-based security.

Author

Commented:
signed to go MPLS...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial