InformationWeek is spotlighting the companies whose innovative solutions to technology and business challenges earned them a place on our 2015 Elite 100. For more on the program, and to see profiles of the Top 10 Elite 100 finalists, click here.
Sometimes it takes an engineer to solve a financial problem. That's what happened with a global network at Esselte Group, a manufacturer and a marketer of office products with offices in Scottsdale, AZ. The company has subsidiaries in 25 countries and sales in more than 120 countries. The project that earned it recognition in the InformationWeek Elite 100 will be familiar to many readers: The company took a hard look at its traditional WAN infrastructure and decided that there had to be a better way.
In a Skype conversation with Mark Katz, CIO and senior vice president, and Michal Cieplak, director of engineering, the story of the company and its dramatically reconfigured network took shape. Katz got the ball rolling. "I called this project 'how to kill an expensive, non-functional [multi-protocol label switching] wide-area network, save money, and make your customers happy.' That's the headline."
Cieplak and his engineers put together some commonly available network components and an overall network design that allowed the company to eliminate its MPLS carrier, increase the bandwidth to every site, speed up the movement of data -- particularly the access to Sharepoint and file servers -- and in the process save a lot of money, according to Katz.
[ How will we connect tomorrow? Read 8 Smart Cities: A Peek At Our Connected Future. ]
Katz said that Cieplak came to him with the idea to change from MPLS to a commodity Internet connection at one of the company's global sites because of the very high cost of a leased line in certain locations.
Cieplak explained, "It drove me crazy spending great amounts of money for, say, 512 kpbs bandwidth. This was ridiculous, spending the equivalent of $3,500 [per month] for such speed," he said. "So, I think, all this huge cost tells me that we basically can't pay that amount of money. As well, in that moment of time when we implemented DMVPN [Dynamic Multipoint VPN], I recognized that we had [fewer] problems with the Internet connection in terms of dropping and quality problems, so I said, 'Why not try moving to DMVPN and removing the MPLS?'"
The idea of using a sophisticated VPN architecture over commonly available Internet connections seems obvious to many small-business IT professionals and consumers, but taking enterprise links from dedicated lines to the public Internet is a huge step for larger companies. The step is even larger when you have customers depending on the links. Katz said that caution led to a slow approach to the change. "It was a stepping-stone process," he explained. "We said maybe one circuit was too expensive, so we tried moving that one circuit out of MPLS and onto common Internet connections, and that worked very well. So we thought, the speed is better, the quality is better, the price is better. What if we do it again, somewhere else? Oh, it's even better here!"
Cieplak said Esselte had a WAN physical infrastructure based on Cisco equipment. He told InformationWeek that the DMVPN, a technology embraced by Cisco, was the key to creating a public Internet-based network with the performance Esselte required for its operations.
Cieplak explained that DMVPN looks at the endpoints of the pending VPN tunnel and dynamically creates a route based on proximity. He gave an example of Esselte branch offices in San Francisco and Phoenix needing to communicate -- a process that might involve links back to the Esselte office in Krakow, Poland. Rather than going around the world, "In such a case, it can create a dynamic VPN," Cieplak said. "The advantage of this technology is that the route directors are intelligent and can measure where the packets will be sent. If the route will be too long, they can create dynamic VPNs between branch routers."
Even with the DMVPN routers in place, Cieplak said that Katz wasn't entirely convinced that the commodity-based network could handle enterprise needs. To optimize traffic flows and reassure Katz, Cieplak added Riverbed appliances to the branch offices. Among other things, Cieplak said, "The Riverbed let us centralize things so we didn't have to buy all the local domain controllers, and it let us speed everything up."
After demonstrating that the technology could work, Cieplak and Katz still had to convince the company's business executives to make the shift. One of the primary issues they faced was the familiar struggle between operating expenses and capital expenses.
"The capital proposal was scary. Even though the cash flow looked pretty good over a three- to five-year window, it was a lot of CapEx," Katz said. "The challenge the CFO put to me was that I already had an OpEx fund, and he didn't want to convert OpEx to CapEx. Michal and I looked at each other, and luckily the [service provider] we were working with was able to do an Infrastructure-as-a-Service deal and present this to us as a pure [operating] expense. That's kind of what signed the deal."
Esselte was able to make the shift without adding staff through a partnership with NCR. "NCR prepared the draft of the project in terms of the technology," Cieplak said. "They are located around the world, and everything was purchased locally, in the location where the router was installed."
At the same time that the company was installing the new hardware, it doubled the number of Internet connections to each office. "In 90% of the offices, we had an Internet line, but only one because we also had the MPLS," Cieplak said. "So, at the same time we made the move we placed the order for a second Internet line."
One doesn't usually associate the corporate WAN with improving employee morale, but that was one of the results achieved in Esselte's branch offices. "It was a great success because the people from local IT were really involved, and they negotiated the price of Internet locally," Cieplak said. "The involvement was important for us and for them, because they were proud that they negotiated a great price and fantastic speed for the location."
After his experiences with the WAN update, Katz said that he now has a radical redesign of the company's IT infrastructure in his sights. "My vision is now for centralized everything," he said. "[This project] let us bring everything into the one center and it gives us the opportunity to remove servers from branch offices. In the branch offices it will be the router [and] the Riverbed, with VMware installed, and the domain controller is on the Riverbed. So there's only two boxes in the branch office, everything else is sitting in the data center."
Katz admits that centralizing IT operations does have ramifications for resilience. "Of course, the data center is then critical for everyone, which is why we've built an identical data center for disaster recovery," he added.
Ultimately, the network infrastructure project succeeded beyond Katz's hopes, and he gives Cieplak credit for the enterprise "win." "I originally had the idea for a three-pizza-box solution," he said, "and Michal beat me by coming up with the two-pizza-box solution."Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio