Delivering Higher Bandwidth and Greater Resiliency
Points West Community Bank, headquartered in Nebraska, has branch offices located in three states: Nebraska, Wyoming and Colorado. The financial organization has a total of 17 locations, including their own self-managed datacenter and a disaster recovery site.
Kenan Luptak, CTO of Points West said, “When I started at the bank 15 years ago, we had a low speed frame relay network. Over the years, we’ve had three iterations of MPLS. And now — a migration to SD-WAN.”
Throughout this time, Points West has worked with Steve Roy, Managing Partner at Telecom Buyer, to coordinate network procurement and implementation.
Historically, each Points West location had a single MPLS connection. The headquarters datacenter and disaster recovery site each had 100 Mbps circuits, while the branches had lower speed 10 Mbps and 1.5 Mbps circuits. All the branch traffic funneled through the MPLS network to the headquarters and their customer-managed Palo Alto Networks firewall and Secureworks intrusion detection and prevention appliance.
The MPLS network presented several challenges. With a single circuit at each location, when a circuit went out, the branch went out of service. Because several circuits were purchased from the same underlying carrier, if that carrier had a regional outage, Points West could lose five branches at once.
The MPLS network was also expensive at $25,000 per month. With the ethernet private line and handful of internet connections costing an additional $3,000 per month, the total monthly spend was $28,000.
Many of the branches are in rural areas. Traffic from those locations to the datacenter would often get routed through Chicago or Denver, further degrading network performance.
Points West had issues with speed, reliability, cost and performance, all going against the MPLS network. It was time for an upgrade to SD-WAN.
Evaluating SD-WAN Options
The team evaluated a variety of SD-WAN options. Since 95% of the Points West traffic is branch-terminal traffic traveling from site-to-datacenter, they immediately ruled out SD-WAN suppliers that focus on site-to-cloud applications. They also quickly ruled out carrier-provided SD-WAN options because the customer was uncomfortable having a single carrier manage multiple-carrier network circuits.
“We looked at three premises-based SD-WAN offerings and quickly narrowed the field to Ecessa,” said Roy. “The upfront pre-sales engineering was a huge benefit to us. It was more than the technology, but also the business application and cost benefits. Ecessa’s sensibilities fit very well with Points West.”
The solution not only met Points West’s selection criteria, it offered additional traffic routing options and would prepare them for future migrations to voice and other cloud applications.
Security is vital for this client. Any unsecured point of risk at any location could subject the bank to loss of customer data, loss of revenue and loss of reputation. As an FDIC controlled bank, Points West is required to abide by specific security policies. Those policies were being implemented and enforced at the headquarters and disaster recovery locations using Palo Alto Networks and Secureworks devices. Luptak didn’t want to change that by installing new firewalls and giving every location wide open internet access, and they weren’t ready to go to a cloud-based firewall.
The Ecessa solution allowed Points West to keep its traffic flowing through the datacenter, the same way it did on the MPLS, using the existing firewall and security framework.
Once the decision was made to migrate the network to SD-WAN using Ecessa technology, the team embarked on a project spanning multiple sites, internet orders and service providers. It all needed to be done in a matter of months.
Ecessa presented a multi-phased, guided deployment plan with network schematics to ensure a successful implementation. First, they deployed Ecessa with the MPLS network, running in transparent mode. Next, they added a single internet circuit, then a second, and finally decommissioned the MPLS.
It required a lot of quick feedback from Ecessa. “We couldn’t wait a day for answers,” said Roy. “Ecessa engineers typically responded in minutes. There are always unexpected problems, but overall, the deployment went smoothly.”
Installing high-availability units for added redundancy at the datacenter and disaster recovery sites presented its own spider web of challenges. Again, Ecessa’s engineers mapped out a solution and made sure it performed as expected.
At a few branches, guest WiFi traffic will be broken out locally. This internet traffic will pass through Ecessa’s built-in firewall at the edge for an added layer of network security.
Points West locations gained – depending on the site – anywhere from ten to 66 times their previous bandwidth. They deployed dual gigabit circuits at the datacenter and disaster recovery sites. Every branch received a 100 Mbps fiber connection and a secondary circuit of at 10-25 Mbps – either a smaller fiber service, broadband cable, or a non-metered fixed-wireless service. These are active-active connections, always allowing access to the full amount of bandwidth available from both connections.
With dual active-active connections, Points West can run their Citrix traffic in packet duplication mode using both circuits. This ensures there will be no packet loss and that the Citrix sessions running teller and loan processing applications will not fail, even if one connection is lost.
The improvements in reliability and performance are being felt throughout the organization. “IT departments don’t get thanked very often, but the branches that are moving from 1.5 Mbps to 100 Mbps – they’re calling to say how great it is,” said Luptak.
Happy Customer, Successful Partner
The SD-WAN deployment brought many benefits to both the partner and his client. Points West benefited by gaining well over ten times their previous bandwidth, redundancy, a managed ticketing service, plus supplier, media and route diversity – all of that and a modest monthly cost savings.
“Gaining the increased bandwidth and redundancy with dual lines at each location was well worth the effort,” said Luptak. “Upgrading the network infrastructure to SD-WAN gives us greater resiliency and allows us, when we’re ready, to move to internet-based SaaS applications like telephony.”
Visit our Case Studies for more success stories.