Main page image

A national Scottish Charity solves their lack of Internet bandwidth

Overview

Business Problem

Multi-site charity suffering from chronic bandwidth shortage.

Exmos Solution

Install Stonegate firewalls at each location, with multiple broadband lines and traffic prioritisation.

Tools Used

  • Stonegate Management Centre
  • Stonegate Firewalls
  • Exmos Managed Firewall Service

Benefits

  • More bandwidth
  • Better bandwidth control
  • Better working environment for employees

Abstract

This national Scottish charity has two locations in Scotland. The locations are connected by VPN running over ADSL.

In the last few years they have seen an increase in employee head count as well as an increasing requirement to share data between the two locations.

The possibility of using leased lines to connect the sites had been investigated and deemed cost prohibitive. Other broadband options such as SDSL, cable etc had been investigated and were unavailable.

The charity was already using Exmos' Managed e-Mail security service which scans all e-mail for spam/viruses/malware externally, thus avoiding the consumption of bandwidth by this type of e-mail. Typically around 90% of e-mail received by the charity is spam.

Business Problem

There were a number of business issues all around the chronic lack of bandwidth provided by the ADSL lines.

VPN Link Speed

With ADSL being an asymmetric (or split rate) service, the download speed into one site is governed by the upload speed of the other. Thus, neither site can communicate with the other at a speed higher than the upload speed of ADSL. This is typically in the region of only 256k. This is compared to the perceived speed of the links at +2Mbit (or 2048k) which is the download speed. See broadband VPNs for more details.

The VPN was being used to share files and also to transfer e-mail between the Microsoft Exchange Servers at each site. Having an Exchange Server in each site was beneficial in terms of keeping e-mail within the site off of the VPN and e-mails to internal distribution lists would only traverse the VPN once. However, with the increasing head count, the amount of e-mail between sites was increasing.

Uncontrolled Bulk e-mailing

quote Exmos works with our national Scottish Charity based in Alloa and in Inverness. Alloa is the company’s main office. Both offices have Exchange servers with connectivity between the servers being achieved over a Virtual Private Network (VPN). The vast bulk of the businesses files reside on the Alloa server meaning that Inverness staff must access such files via the VPN.

Up to the summer of 2009 the VPN communication channel consisted of a single broadband line with standard firewalls. Connectivity with this set up was frustratingly slow, especially communications relating to Inverness staff retrieving and manipulating files on the Alloa server. This slow speed issue did at times impact negatively on the company’s productivity and staff morale.

In the summer of 2009 the VPN communication channel was upgraded by doubling the broadband lines and installing Stonegate firewalls. The upgraded set up has increased connectivity dramatically so that Inverness staff now enjoy similar speed to Alloa staff. This has eliminated the productivity and staff morale issues that were associated with the original set up. quote


Chief Officer
25 August 2009

The charity communicates regularly with its community groups, partners and stakeholders via e-mail. While its largest bulk e-mail exercises are handled by an external third-party, they still have a frequent requirement for smaller e-mail exercises of a few hundred recipients at a time. These were mostly being transmitted using the internal servers.

With no traffic prioritisation on the outgoing connection, these relatively small bulk e-mailings would contend fiercely for the upload bandwidth and often saturate the link. This in turn made operations on the VPN (e-mail, file transfers) suffer to the point of being unusable.

Reliance on a single Internet link

With a considerable amount of its communication being Internet based, there was a heavy reliance on just a single Internet connection at each site. If either of these links were down, or not functioning optimally, then the organisation suffered.

Exmos Solution

Stonegate Firewalls

A Stonegate firewall was installed at each location, along with an additional ADSL line (giving a total of two per location). New ISPs were selected and different ISPs for each site's two lines. This way, an ISP having problems with their network does not impact the other line. The head-office is currently trialing ADSL Annex-M which can give higher upload speeds.

Multi-link VPN

A multi-link VPN which is a load-balanced mesh VPN was created between both sites. VPN traffic can then pass between both sites over any combination of lines. If additional ADSL lines were added, these would become part of the multi-link VPN giving additional routes (even if the number of links at each site does not match).

Traffic Prioritisation

By implementing traffic prioritisation (traffic shaping/QoS), the firewall is now able to throttle back the bulk e-mail transmissions. Importantly, this throttling is only triggered when higher priority traffic is active on the links. In other words, e-mail can have all the bandwidth available provided nothing deemed a higher priority is active. As soon as that higher priority traffic starts being passed, the e-mail traffic is slowed.

When the higher priority traffic declines, the bandwidth is released back to the e-mail traffic.

Business Benefits

Implementation of the Stonegate solution has transformed the way in which the organisation works. Users at the non head office site now have a usable connection back to their head office again. This in turn leads to a much happier working environment for the Charity's employees.

Loss of an Internet connection does not bring everything to a grinding halt.

From a technical perspective, there is far more visibility of the type of traffic on all the Internet links. This in turn allows Exmos to play a far more involved role in managing the traffic rather than trying to avoid transmitting it.

If more bandwidth becomes a requirement, the Stonegate is able to handle the additional lines.