Manufacturing
James Walker Gains a Streamlined Network and Security Platform for Digital Transformation, Thanks to Cato
MPLS Was Not the Right Network Solution for Digital Transformation
MPLS is a good solution for branch offices accessing applications in a centralized corporate datacenter. In an era of digital transformation, work-at-home, and the cloud, however, MPLS has become much less practical and too expensive.
That was the predicament James Walker found itself in when it started planning its future digital transformation strategy. Based in Woking, UK, James Walker is one of the strategic business units under the James Walker Group. It specializes in the design and manufacture of high-performance sealing and joint integrity systems such as O rings and gaskets.
With 30 sites spread across the Americas, Europe, Africa, and Asia, James Walker initially relied on 20 MPLS and 10 IPsec connections for its office and factory connections. Its MPLS networks were distributed regionally in hub-and-spoke configurations, with different providers and breakout locations for Asia/Africa, Europe, and the Americas. In Europe there was an Internet breakout in the UK.
Twelve firewall appliances, also distributed regionally, handled IPsec VPN connections and security.
“The network was designed originally for the consumption of on-premises applications and services,” says Andrew Story, Senior Infrastructure Analyst. “When the world started changing and the cloud became more prevalent, we decided it was time to reevaluate our network and security strategy.”
For one thing, once cloud services were added it would no longer make sense for James Walker to backhaul data from two-thirds of the company’s locations through a central firewall in the UK. “In terms of performance and latency that certainly doesn’t make sense for an office in Hamburg accessing a cloud service based in Frankfurt,” says Story.
Joining together several MPLS hub-and-spoke networks and suppliers, plus 10 IPsec tunnels was complex and difficult to troubleshoot. “Our network was a beast,” says Story. “All it took was one thing to fail or not work correctly and we were sent down a troubleshooting rabbit hole to pinpoint where the issue was exactly. We would get calls at midnight that the Australian sites couldn’t talk to the ERP solution in our UK datacenter because one network wasn’t talking to the other.” In the meantime, Australia could not place orders or send out invoices.
With the diversity of the installed firewall appliance products, Story found himself managing eleven different rule sets. “If we had to make a change there was no way to do it globally. We had to make it individually on every single firewall,” says Story. He also had to keep each firewall up to date in terms of patches and firmware.
Finally, with all that diverse infrastructure, moving or opening new sites was time consuming. “We were moving one or two sites a year to new locations and the provision of MPLS services for each move was very difficult and took too long.”
James Walker Looks at SD-WAN, Chooses Cato SASE
Story started looking for network alternatives that were more suitable for his company’s cloud transition and digital transformation. He looked at SD-WAN solutions and SASE and quickly concluded that SASE was the way of the future.
“We saw SASE as an evolution of SD-WAN such that typical SD-WAN solutions would not be around in a few years,” says Story. “It would all be SASE.”
Story had several requirements that ultimately led him to Cato. “We were looking for a solution that would bundle security with the network and have it all managed by someone else,” says Story, “and we wanted all the security done centrally with policies we could deploy easily. The goal was to make it as simple as humanly possible for us.”
Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.
Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.
Story liked that Cato would give James Walker the benefit of a high-performing global network without having to pay for it on their own. “We could access the Cato backbone at the nearest point and all our traffic would swing around those 18 time zones on a private network just for us.”
Deployment Was Quick. Platform Ready for Digital Transformation
After an initial POC, deploying Cato to all 30 locations was quick and easy and performance was excellent.
“The cost has been roughly the same as our previous setup, but we get much more for that money,” says Story. “We get all that security, including IPS, which we didn’t have before, all managed by someone else. We no longer have to maintain firewall appliances and network hardware. We have multifactor authentication via Azure for our remote users. And we don’t spend nearly as much time troubleshooting network performance issues or outages. Cato does that for us.”
Cato’s support is far superior to the support Story was used to with his MPLS providers. “It’s like night and day,” says Story. “Our experience with our MPLS providers was terrible. We’d constantly have to chase them. We were often telling their engineers what they needed to do when they were supposed to be managing the network. Working with Cato and our new ISP is a breeze in comparison.”
Story can now configure, change, and manage all firewall rules centrally. “We’ve gone from about 500 rules to under 100,” he says, “and we don’t have go to eleven places to change them.”
The addition of IPS has improved the company’s security posture immensely. “When Log4j hit last year. Cato blocked over 1500 attempts to scan our network in the first weekend.
Visibility with Cato is also far superior to the previous solutions.
“Everything in networking and security is visible on a single pane of glass,” says Story. “We can optimize the network from end-to-end so our users can access applications from anywhere and no matter where they are in the world. They just join the Cato network and egress close to wherever that application is.”
Story is in the process of deploying Microsoft 365 and a new cloud ERP system and looks forward to the cloud performance he’ll get, thanks to Cato’s PoPs and global network.
Overall, Cato has given James Walker the network and security platform it needs to jumpstart and fulfill its digital transformation goals.
“With Cato we were able to deliver a huge amount of change in the middle of a global pandemic,” says Story, “with very little downtime.”
About James Walker
Before Cato, James Walker relied on 20 MPLS and 10 IPsec connections for its 30 office and factory sites spread across the Americas, Europe, Africa, and Asia. It worked with separate hub-and-spoke MPLS networks and providers in Europe, the Americas, and Asia/Africa, each with its own Internet breakout. In Europe the Internet breakout was in the UK.
Twelve regionally distributed firewall appliances handled VPN IPsec connections and security.