October 12, 2017 Nick Kozak

In the world of IT, hot topics usually come and go quite quickly.  However, SD-WAN remains a topic of interest among any client with multiple locations. While many networking technologies are often labeled “the next big thing,” SD-WAN is delivering on the promise. Adoption rates are increasing exponentially and production implementations are happening almost daily. Companies that are refreshing WAN edge equipment, renegotiating carrier contracts, building out new branches, or aggressively moving apps to the cloud, should be seriously considering SD-WAN. When advising clients on this, MNJ usually gets the question, “are there any downsides?

With this backdrop in mind, here are some of the downsides that we have seen in SD-WAN deployments:

  • Substantial security gaps at branch locations could occur if the internal security posture does not align with the deployment of SD-WAN as whole.  While there may be an overall savings in the cost of your WAN by introducing SD-WAN, customers should review the security strategies to ensure their SD-WAN deployment is not compromised with a security breach. Many well-known SD-WAN vendors/products will not discuss this with you because it simply is not their business, but it should be brought up with your IT team or vendor.
  • SD-WAN can facilitate a move towards lower-cost Internet transport, but this can lead to challenges in managing heterogeneous connectivity.  MPLS did something that everyone knows about, but that most people don’t really appreciate – consolidate office interconnectivity over a single vendor.  The proverbial “single-hand to shake.”  In speaking with clients who were early adopters of SD-WAN, I discovered that nearly all started bringing in multiple low cost bandwidth connections, only to find that the offerings prompted them to bring in a third-party aggregator to manage it.  Managing the various vendors became a full-time job, which was not anticipated when deploying.
  • Despite fancy marketing terms like “software defined” and “touchless provisioning,” it still involves hardware and a time investment from your IT group.
  • SD-WAN offers a fancy GUI interface for administration, and while this makes for ease of management, it also abandons knowledge of the traditional skills associated with networking.  While this is great when everything is functioning flawlessly, it can tend to cause issues in design as well as supporting problems with the implementation.   
  • SD-WAN is much easier to configure and operate than traditional routers, yet many SD-WAN implementations have added technical debt to the branch because clients can’t relinquish the comfort a traditional router brings them.  Most SD-WAN vendors allow for clients to keep their routers, but that doesn’t mean customers should.  As SD-WAN adoption rates continue to increase, routers will become more and more obsolete.
June 8, 2017 Nick Kozak

When thinking about IT, it is easy to imagine a solitary experience. Our society has painted a picture of an isolated workplace, a civilization that is only linked via a monitor screen or headset. In other words, a world void of face to face human interaction, which sounds like an extrovert’s nightmare. That was my fear when I entered the world of technology, feeling alone and lost in a jumble of acronyms and words there are no set definitions for. However, after immersing myself in the realm of IT, I was elated to discover that I was overwhelmed by the rich connections and relationships I was able to form and experience not only with my fellow colleagues, but the incredible partnerships the company I work with has. Instead of isolation, the communication that flows between networks and different spheres of hardware, solutions, and offerings is constant. This is a society that values sharing knowledge and improving yourself because it makes the community a more successful place.

This culture can be compared to the family dynamic theory, a pattern where each member interacts as a unique player although still sharing similarities. To be immersed in this culture is an incredibly empowering experience. The technology that defines this society is constantly changing and improving. In order to stay relevant in the ‘family’, you must continue to grow and achieve bigger and better things. Some might think, “this sounds like a competitive and aggressive description”. However, I have found the opposite to be true. The IT community encourages growth and supports the setbacks, as they only show room for improvement. By facilitating growth in a competitive environment, there is a solidarity that can be found, which allows for progress in your particular area of expertise.

MNJ Technologies is a great example of this culture. There are multiple pieces that go into a successful and growing company, for example, in order for one department of an IT company to succeed, they depend on all the other departments to fulfill the needs of the ‘family’. No one department is seen as more important than the other. There must be full interdepartmental cooperation every day in order to succeed and continue to promote the advancement of the community. I feel this goes to show the rich and inclusive culture that can be found throughout the IT community.

MNJ is a family owned business, which exemplifies the culture they exude not only with customers but with the supportive partners we have. By encouraging interdepartmental growth, MNJ has now been listed in CRN’s 2017 Solution Provider 500 List as well as in the CRN’s 2017 MSP 500: Elite 150 List. MNJ and our incredible partners have shared their knowledge and willingly supported each other to help form a stronger bond that certainly reflects in our customer’s experience as well as the success we have had.

September 20, 2016 Nick Kozak

As remote workers become more and more prevalent in today’s workforce, cloud collaboration technology becomes more essential to doing business. There are two market trends that enable success in managing and communicating with a remote worker. First, VPN is becoming less and less intrusive and more user friendly. For example, leveraging a Cisco ASA with updated AnyConnect licenses and a Cisco phone allows devices to operate without a secure VPN connection on a fully supported Cisco deployment. Also, using VPN-less Jabber allows remote employees to work anywhere there is sufficient wireless/4G signal. You can be anywhere in the world and if you have connectivity, you can be reached on a desk phone number. Second, accessing files and systems from the Cloud is relatively painless as long as the workbook/pc is properly configured and managed. Clouds and applications have robust interfaces that enable easy access no matter where the location.

Leveraging VPN-less Jabber and Cisco phones without VPN at remote sites requires version 10 or higher of Cisco Call Manager. Organizations with outdated Cisco Call Managers should implement virtualization, as it will be the last time in the foreseeable future they will have to worry about the hardware supporting their Call Manager.

With the remote worker on the rise, companies need to be attractive to not only their current workforce, but also the workforces of the future. Remote Workers and Call Managers are going to go hand in hand as the technology that supports the dial tone on your phone continues to be layered with other feature sets and offerings. Mobile devices and tablets will continue to augment the workday and carry more operational value. By strengthening the work force through empowering these devices, the overall organization is improved.

August 23, 2016 Nick Kozak

WAN (Wide Area Network) Optimization is often requested by our clients. They want their circuit to perform better than the TCP/IP (Transmission Control Protocol/Internet Protocol) windows will allow their traffic to. WAAS (Wide Area Application System) is Cisco’s response to this demand. Many of these products look similar, from Riverbed to Silverpeak, but in Cisco’s case the software exists on the router itself instead of a dedicated appliance. This is key when protecting an investment of a Cisco router versus competing products.

WAN Optimization typically becomes a priority once a WAN network is taken across many sites, long hauls, or international. A typical ping from the United States to China is over 200ms. This is a result of distance; the light can only travel so fast. With a delay of 200ms, the circuit performance becomes critical because the introduction of any jitter or packet loss will be dire to the throughput. Companies then install appliances like Riverbed, Silverpeak, or Cisco WAAS to do some of the following functions:

  • Packet Deduplication
  • Forward Error Correction
  • Packet Order Correction
  • Optimize SSL traffic

Utilizing this technology can increase the performance of your circuits and maximize the data transmitted. However, there is a core issue here that we regularly run into with our clients. These devices typically can improve circuit performance by 15-30%. This is a great number, but from an economy of scale perspective, this is relatively small. Increasing a 10Mb circuit by 15% will only add an additional 1.5Mb of throughput.

Some international sites will benefit from WAN Optimization when their existing bandwidth is sufficient. If it is a poor performing circuit, or they are frequently accessing a central file server on a long haul, these are prime candidates. It’s important to note that WAN Optimization is not the right answer for a location that is currently inundating the existing circuits. We need to review the bandwidth utilization, future growth, potential new systems, and the circuit performance. From here was can establish a plan of attack for how best to improve site performance.

June 11, 2016 Nick Kozak

The technology around circuitry is evolving. As a service provider, much of our business is involved in circuits. We feel the pain you feel when there is an outage. Recently in the Chicagoland area, there was an accidental fiber cut with Comcast that resulted in a six-hour outage for some of our clients. Not only does this bring our project work to a halt as we look at all solutions possible to bring clients back up, it exposes networks that do not have a back-up circuit. Many organizations site cost as the reason they do not have a back-up. There are ways of reducing that cost through Active/Active strategies.

MPLS has its place in the world, but it can be expensive. The reference to Public Internet is any non-guaranteed/bulk internet provider such as Comcast Business Class or Cogent. This also pertains to DIA circuits as well. To set a baseline, some obvious positives of these services are below.

MPLS:

  • SLA’s and performance guarantees
  • Secure route traffic and control
  • Easily monitored, maintained, and to troubleshoot

 

Public Internet/DIA:

  • Inexpensive per MB
  • Quick to install/turn up
  • Great way to handle non-mission critical traffic (Social Media, Streaming, etc.)

 

MPLS is needed for critical activities, especially with technologies such as voice, video, or anything that requires a secure, controlled circuit. Many of our clients use MPLS for their primary and their back-up with a larger MPLS as the primary for cost control. There are two ways to rethink this model; one is to use a Public Internet circuit for your bulk traffic and use an MPLS as a backup, and a way to route mission critical traffic.

The other way to rethink this model is a little more risky, but can save your organization money in the long run. One of our clients is using two Public Internet circuits at the majority of their sites, and only MPLS at a select few, larger sites. The purpose of this was to save money over the staggering rates they were paying for a nearly 100 site MPLS deployment. How did we do it? How does it work?

MNJ leveraged three existing technologies into one box. We used Cisco’s iWAN, DMVPN, and WAAS on a Cisco router, and put a router at each location. We put a central DMVPN hub into our core and centralized all routing protocols at this location. Utilizing WAAS, we are able to cover de-duplication and bandwidth optimization. Utilizing iWAN, the router is smart enough to determine which circuit is operating best and send traffic across the more effective circuit with performance based routing. Utilizing DMVPN, we were able to create a mesh network so that we did not have to place static routes at any of the client sites and we could simplify new site deployment

The benefit of this deployment is the client is able to save a great deal of money. By leveraging these technologies, the sites will perform nearly as effective as their MPLS circuits did previously, but at a fraction of the cost. Additionally, the DMVPN is smart enough to redirect traffic between locations directly instead of sending the traffic back to the core/hub every time, which saves on some bandwidth usage. While this solution may not be perfect for every organization, it is a good way to rethink WAN design when approaching the end of your existing circuit contracts.