Rethinking the WAN: To better serve its legal customers, SmithAmundsen needed to transform its business and standardize the environment. It did this with SD-WAN.
“The VMware SD-WAN and Zscaler integration is very solid – resulting in an easy to deploy and use secure SD-WAN solution.” – Head of IT, SmithAmundsen
With over 180 lawyers in seven sites striving to provide clients with the highest level of legal advice to support their transactional, labor and employment litigation needs, SmithAmundsen needed to rely on a network that was efficient, easy to manage, and could scale with its growth strategies. However, SmithAmundsen’s existing network was unable to satisfy the changing needs of its lawyers and support staff and its customer base. A change was needed.
SmithAmundsen’s wide area network (WAN) was traditional in nature with a single MPLS line connecting all of its offices in a direct hub and spoke configuration. Guest traffic utilized Internet broadband, but employees were required to use the MPLS network for corporate applications. Corporate Internet traffic was backhauled to the main data center in Chicago and through central firewalls for Internet breakout.
While the firm relied little on SaaS applications, it did utilize ERP, Remote Access, email, voice and video. With its MPLS and Internet connections either too slow to handle corporate traffic or constantly suffering outages, SmithAmundsen began moving in the direction of deploying an SD-WAN-like architecture. It began cobbling together other technologies to make the SD-WAN functionality work, but it became premises-based and did not cover the entire network.
Solution Selection and Implementation: Coevolve and VMware SD-WAN™ by VeloCloud®
SmithAmundsen knew it had to make a change to its existing infrastructure to meet both current business requirements and enable future development. To transform its business and standardize the environment, it needed a consistent configuration throughout each office and for remote workers. SmithAmundsen’s goals were to:
- Increase the efficiency of its network connection
- Eliminate its MPLS installation to achieve cost savings
- Expand the available network bandwidth
- Utilize a hosted solution
- Ensure a standard and secure platform
It turned to Coevolve, a managed service provider delivering one-stop solutions for voice, data, Internet, wireless, video and secure network options for domestic and global enterprises. Coevolve, with VMware SD-WAN by VeloCloud, and a cloud-delivered architecture transformed the network from one of unexpected and business damaging outages to one with full redundancy, visibility, and providing always-on network uptime.
The transition from its existing infrastructure was efficient and quick. During the initial network exploration, Coevolve was able to identify numerous network configurations that were not implemented correctly or not implemented at all. To reduce the transition time, the existing MPLS circuits were converted to Internet circuits using the same underlying access circuits. Once these connections were converted, SD-WAN was deployed over the top of the existing infrastructure with dual internet circuits and dual SD-WAN appliances at each site.
Within 45 days all SmithAmundsen offices were transitioned to SD-WAN and the network operated without interruption during the cut over time. During the deployment each legacy router was replaced with a VMware SD-WAN Edge by VeloCloud using Zero-Touch Provisioning, connecting to the cloud-based VMware SD-WAN Orchestrator by VeloCloud for proactive management, monitoring, and control.
Automatic Company-wide Connections
Following the solution deployment, SmithAmundsen was transitioned to a full SD-WAN environment, leaving behind its traditional hub and spoke design. Prior to deployment, it had a limited remote access approach, so remote users would not have the same experience as those in the main offices. But SD-WAN integrated with Zscaler’s cloud based security solution enabled all employees, regardless of location, to enjoy fast, efficient, and safe access to all corporate data and applications whether they were in the cloud or stored on-premises.
Additionally, the intelligence built into the VMware SD-WAN solution did not require the IT Team to configure complex configuration policies to route the traffic using the optimal connectivity path based on application traffic or destination need. The SD-WAN solution utilizes established and customizable configurations that automatically creates VPN tunnels using each connectivity path to whatever destination the end user needs to access and then automatically routes the traffic using the optimal performance path based on configurable application performance objectives. In addition, with the integration with Zscaler, SmithAmundsen off-net users no longer have to consider when they should initiate the VPN and when not to as the software does that work for them automatically and this process is completely transparent to the user.
High Availability at Each Site
SmithAmundsen’s lawyers work with highly sensitive data on behalf of its enterprise customers and need to ensure that they have constant access to that data regardless of where it resides. This requires a high availability configuration, with dual connections that can provide failover capabilities in the event of a brownout or blackout situation. To achieve this, Coevolve repurposed the second circuit at each location that was initially dedicated only to guest wireless access and is now part of the fully meshed VPN capabilities. Additionally, each office is home to dual VMware SD-WAN Edges. This environment enables SmithAmundsen to provide consistent network access for sensitive data access and utilization of Unified Communications applications such as video at all times.
Recouping Network Sunk Costs
With a pre-SD-WAN network that was heavily based on legacy infrastructure, SmithAmundsen had significant sunk costs that it did not entirely want to lose. To recoup those sunk costs, it repurposed each of its legacy routers. During a previous attempt to cobble together SD-WAN-like capabilities utilizing the legacy routers, SmithAmundsen found that they were not able to support the data requirements, but were strong on voice delivery, so it converted all legacy routers to be voice switches, leaving the VMware SD-WAN Edges to manage data traffic.
Single Pane of Glass Network Visibility
Following the deployment of SD-WAN network-wide, every office, every person, and every application is seamlessly connected. Through centralized management of the network using the VMware SD-WAN Orchestrator, both Coevolve and SmithAmundsen have a one pane of glass view of network behavior. Visibility includes immediately identifiable ISP equipment issues, end-to-end visibility of application usage and performance, and a consistent approach and configuration for all policies and devices.
Ensure Network Security End-to-End with Zscaler
Security was of the utmost importance to SmithAmundsen and needed to be an integral part of the overall network solution to which it was shifting. The initiative was to transition all employees away from the firewall-based internet filtering and to the cloud-based Zscaler solutions using SD-WAN service chaining and profiles.
Coevolve implemented Zscaler Internet Access (ZIA) for office-originated Internet browsing and Zscaler Private Access (ZPA) for remote/mobile users. When users are away from the office all network traffic is routed locally to the Zscaler program and then to its final destination. Okta, the identity provider for cloud services, authenticates Zscaler traffic and enables single-sign-on (SSO) capabilities. This extends Zscaler security throughout the network to the end-user regardless of their location.