A national Scottish Charity solves their lack of Internet bandwidth
Multi-site charity suffering from chronic bandwidth shortage.
Install Stonegate firewalls at each location, with multiple broadband lines and traffic prioritisation.
- Stonegate Management Centre
- Stonegate Firewalls
- Exmos Managed Firewall Service
- More bandwidth
- Better bandwidth control
- Better working environment for employees
This national Scottish charity has two locations in Scotland. The locations are connected by VPN running over ADSL.
In the last few years they have seen an increase in employee head count as well as an increasing requirement
to share data between the two locations.
The possibility of using leased lines to connect the sites had been investigated and deemed cost prohibitive. Other broadband
options such as SDSL, cable etc had been investigated and were unavailable.
The charity was already using Exmos' Managed e-Mail security service which scans all e-mail for spam/viruses/malware externally, thus
avoiding the consumption of bandwidth by this type of e-mail. Typically around 90% of e-mail received by the charity is spam.
There were a number of business issues all around the chronic lack of bandwidth provided by the ADSL lines.
VPN Link Speed
With ADSL being an asymmetric (or split rate) service, the download speed into one site is governed by the upload speed
of the other. Thus, neither site can communicate with the other at a speed higher than the upload speed of ADSL. This
is typically in the region of only 256k. This is compared to the perceived speed of the links at +2Mbit (or 2048k) which
is the download speed. See broadband VPNs for more details.
The VPN was being used to share files and also to transfer e-mail between the Microsoft Exchange Servers at each site. Having an
Exchange Server in each site was beneficial in terms of keeping e-mail within the site off of the VPN and e-mails to internal distribution
lists would only traverse the VPN once. However, with the increasing head count, the amount of e-mail between sites was increasing.
Uncontrolled Bulk e-mailing
Exmos works with our national Scottish Charity based in Alloa and in Inverness. Alloa is the company’s main office. Both offices have Exchange servers with connectivity between the servers being achieved over a Virtual Private Network (VPN). The vast bulk of the businesses files reside on the Alloa server meaning that Inverness staff must access such files via the VPN.
Up to the summer of 2009 the VPN communication channel consisted of a single broadband line with standard firewalls. Connectivity with this set up was frustratingly slow, especially communications relating to Inverness staff retrieving and manipulating files on the Alloa server. This slow speed issue did at times impact negatively on the company’s productivity and staff morale.
In the summer of 2009 the VPN communication channel was upgraded by doubling the broadband lines and installing Stonegate firewalls. The upgraded set up has increased connectivity dramatically so that Inverness staff now enjoy similar speed to Alloa staff. This has eliminated the productivity and staff morale issues that were associated with the original set up.
25 August 2009
The charity communicates regularly with its community groups, partners and stakeholders via e-mail. While its largest bulk e-mail
exercises are handled by an external third-party, they still have a frequent requirement for smaller e-mail exercises of a few hundred recipients
at a time. These were mostly being transmitted using the internal servers.
With no traffic prioritisation on the outgoing connection, these
relatively small bulk e-mailings would contend fiercely for the upload bandwidth and often saturate the link. This in turn made
operations on the VPN (e-mail, file transfers) suffer to the point of being unusable.
Reliance on a single Internet link
With a considerable amount of its communication being Internet based, there was a heavy reliance on just a single Internet connection at each site. If either of these
links were down, or not functioning optimally, then the organisation suffered.
A Stonegate firewall was installed at each location, along with an additional ADSL line (giving a total of two per location). New ISPs were selected
and different ISPs for each site's two lines. This way, an ISP having problems with their network does not impact the other line. The head-office is
currently trialing ADSL Annex-M which can give higher upload speeds.
A multi-link VPN which is a load-balanced mesh VPN was created between both sites. VPN traffic
can then pass between both sites over any combination of lines. If additional ADSL lines were added, these would become part of the multi-link VPN giving additional
routes (even if the number of links at each site does not match).
By implementing traffic prioritisation (traffic shaping/QoS), the firewall is now able to throttle back the bulk e-mail transmissions. Importantly,
this throttling is only triggered when higher priority traffic is active on the links. In other words, e-mail can have all the bandwidth available
provided nothing deemed a higher priority is active. As soon as that higher priority traffic starts being passed, the e-mail traffic is slowed.
When the higher priority traffic declines, the bandwidth is released back to the e-mail traffic.
Implementation of the Stonegate solution has transformed the way in which the organisation works. Users at the non head office site now
have a usable connection back to their head office again. This in turn leads to a much happier working environment for the Charity's
Loss of an Internet connection does not bring everything to a grinding halt.
From a technical perspective, there is far more visibility of the type of traffic on all the Internet links. This in turn allows
Exmos to play a far more involved role in managing the traffic rather than trying to avoid transmitting it.
If more bandwidth becomes a requirement, the Stonegate is able to handle the additional lines.