IndusChem - A Personal Account
A year-long decision process changed with expert advice
By the IT Infrastructure Director, IndusChem
Two years ago, IndusChem was on the brink of extinction. It started alright. We had been spun out of chemical giant as a separate public company. We were a global force, 59-locations strong and headed for our own IPO.
We IPO-ed at about €18 per share, but shortly after the IPO we encountered all sorts of legacy financial problems. Our stock crashed to €3 per share, losing 75% of its value. Everybody basically was buried.
Coming from a long corporate legacy, we had to make a cultural paradigm switch, if we were going to be successful. The company set out to modernize the organization, and fast. Hungry dogs run faster.
We reevaluated all aspects of IT. We brought in IT automation, outsourced backups and software patches — basically minimized the grunt work of IT. We rationalized our applications and in 24 months pretty much did a complete IT transformation.
As part of that process, I made it a corporate goal to migrate to SD-WAN with a two-year time-frame for a complete implementation. We simply were spending too much on bandwidth when you consider the cost of Internet services. If Internet-based SD-WAN was feasible, and I believed it was, we had to consider the technology.
Our Core SD-WAN Criteria
The SD-WAN space is remarkably complicated. There are probably 50 vendors out there and deciphering their differences can be difficult. We evaluated the market guided by a few red lines. We knew we didn’t want to be dependent on a single carrier. Our experience with the carriers has been, let’s just say, on the negative side of customer service. We wanted a managed service for a single-throat-to-choke but not one from the traditional carriers.
Building security into the network was also critical. Operationally, it meant we’d have a partner to handle the drudge work of maintaining a solid security perimeter. It’s particularly important, though, as a chemical manufacturer because we have to adhere to U.S. Homeland Security regulations. As such, the company wanted to find a solution with security built into the network (see “The Security Checklist”).
Our infrastructure committee began evaluating different managed SD-WAN solutions and eventually settled on a managed SD-WAN service provider. Before moving forward to the contracting stage, I wanted a third-party to validate our decision. Our WAN transformation architect, Nirvik Nandy of Red Lantern, recommended we speak Steve Garson, principal at SD-WAN Experts.
SD-WAN Experts is the leading independent authority on SD-WAN deployments. We found Steve to bring a wealth of knowledge about enterprise networking in general and SD-WANs in particular. I particularly appreciated how Steve was able to offer unbiased analysis and technology purchase advice.
IndusChem Engages with SD-WAN Experts
Upon engaging with IndusChem, Steve, and Nirvik began leading our team through the SD-WAN Experts Assessment Process. The way Steve put it, the Assessment Process is a five-step methodology that he uses aimed at uncovering not just the technical objectives but the corporate processes and interactions and then aligning those objectives with the capabilities of a given technology.
Working with Nirvik, Steve uncovered our technical and organizational requirements. They installed PRTG networking monitoring on one of our servers and arranged for our existing carrier to configure the MPLS routers to forward Netflow and SNMP data. With fourteen-days of data collection, SD-WAN Experts had objective data on the bandwidth requirements for every one of the fifty-nine sites. This included bandwidth peaks, 95th percentiles, and specific flow data by the application. Specs for required bandwidth were drafted, with an eye to future bandwidth that would be needed for future.
While Steve dove into the networking needs of our applications; Nirvik provided security analysis. Together, they really got what the business issues were all about. The two broke down our network and security topologies. But what I really liked was how they learned our corporate culture enough to help the various teams and personalities come to consensus.
Steve knew we had our eyes set on a service provider already, but he started asking the “tough” questions and quickly identified all sorts of limitations. The proposed security solution, for example, involved a third-party next-generation firewall. A firewall approval mechanism was missing as part of the firewall logging process. There was also no multi-factor authentication (MFA) and Active Directory support for remote mobile access.
Beyond Technology Analysis
But technical analysis is only a small part of any network deployment. Network transformation leaders need to take into account the needs of all departments, often navigating conflicting waters. Nirvik, did a remarkable job meeting everyone’s needs, inserting Steve’s and his own knowledge, and helping us get to consensus.
More specifically, a meeting was scheduled with the evaluation committee and the finalist solution provider. Steve kicked off the meeting by providing a detailed analysis of our network. He demonstrated that he “got” what we did at a very technical level. And then by asking questions that were based on customer requirements and his understanding of the limitations of the proposed solution, Steve managed to illustrate the gap between wants and vendor deliverables. The committee came to his conclusion on its own.
SD-WAN Assessment and Analysis
Steve recommended a solution from a company we had never heard of before. After doing our due diligence and meeting with their sales and engineering team, we developed a confidence in the proposed solution. It integrated sophisticated managed security into the SD-WAN. The solution was also independent of any carrier, yet included the necessary carrier circuit management to simplify last-mile ordering and management.
We ran a proof of concept (POC), liked the results, and decided to engage. The vendor recommended a solution but to ensure the new network was “right-sized,” SD-WAN Experts provided a recommendation based on the data the team had gathered about our network. Using a mix of MPLS, DIA, and broadband, bids were obtained, prices negotiated and contracts signed.
We started rolling out the recommended SD-WAN solution across IndusChem locations. Steve’s experience in provisioning circuits in China was a big help in the process. He noticed that the DIA pricing for China was far lower than he knew they should be for global access. Flagging this issue, he stopped the installation of local internet circuits to ensure that higher quality international DIA circuits were installed.
We plan to have all their locations using SD-WAN by the end of Q3 of 2018. With the transition to SD-WAN, we expect to save around €3.5-million per year on bandwidth and security management costs. SD-WAN Experts insight and initiative helped make that possible.
Our network, which required a great deal of management attention, is already experiencing better performance and far greater uptime, with fewer staff resources. All of our transformation initiatives helped fuel our bottom line and our stock price shot up to €50 per share.
IndusChem is a leading chemical company providing solutions across a wide range of industries. The company had 59 locations across the globe connected by a global MPLS network when the team contacted SD-WAN Experts. The text has been reviewed and approved by the client but due to company policy, references have been anonymized and distinguishing details changed.
“After spending nearly a year trying to evaluate SD-WAN options on our own, we turned to SD-WAN Experts for help. In just a few weeks, Steve showed us why our selection wasn’t going to be the right fit and suggested a better alternative, one we never even considered. As a result, he saved us money and improved our security and operations.”
The Security Checklist
IndusChem wanted an SD-WAN solution with integrated security. Specific features included:
- A managed next-generation firewall (NGFW) with full approval process and change logging for every rule change.
- Secure mobile access that was integrated with the company’s Active Directory (AD) deployment.
- Threat intelligence feeds for updating the various security tools.
- Compliance with all regulations
- Secure network authentication
- URL filtering and malware scanning
- SSL interception
- Intrusion Detection/Prevention Service (IDS/IPS)
- WAN encryption
About SD-WAN Experts
For the past decade, SD-WAN Experts has been the leading independent authority on WAN deployments. SD-WAN Experts maintains an internal knowledge center of more than 40 different SD-WAN appliances and services. Without vendor affiliation and focussed on buyer requirements, SD-WAN Experts provides unbiased analysis and technology purchase advice to enterprise IT managers. Founder and lead analyst, Steve Garson, brings more than a decade of experience designing and deploying wide area networks (WANs). Prior to SD-WAN Experts, Garson had founded MPLS Experts where he built global MPLS networks for enterprise clients. To learn more, visit us at sd-wan-experts.com or on Twitter @WANExperts.