[Case Study Session] Reasons for Replacing Corporate Network from IP-VPN to SD-WAN and Effects of Introduction

In SESSION 2 on the second day, the ICT group of the Corporate Planning Department at Samsung Diamond Industrial Co., Ltd. Mr. Yutaka Onoe, GL representative, was in charge of the lecture.

MDI's business includes the development, manufacture, and sale of cutting tools for electronic parts, processing tools for patterning processes, and laser beams and engineering. Specialty is the division of brittle materials. The company is headquartered in Osaka, has 4 bases in Japan such as Nagano, and 1 overseas base each in South Korea, China, Taiwan, and Germany.

Mr. Onoe cites the reduction of WAN operation costs as the primary effect of introducing VMware SD-WAN. Comparing before and after migrating from international IP-VPN to VMware SD-WAN, it was said that there was a 67% reduction effect.

In particular, it was significant that IP-VPN communication costs could be reduced to the cost of Internet lines for consumers and businesses. However, although we can understand the cost reduction, how can the quality of the line be improved? A number of concerns were found.

Purpose of building a WAN

The reason for building a WAN this time was the expiration of the IP-VPN contract in June 2021. At this point, the company instructed them to reduce WAN operating costs by 10 million yen annually. In addition to this, it was also required to implement measures to enable operations to continue at other bases in the event of a disaster at the head office.

Furthermore, in 2017, we were forced to respond to the Cyber ​​Security Law issued in China. It is a request that data should be stored domestically and not cross national borders.

Before the update, I was connected to overseas bases with an international IP-VPN, and used an Internet VPN as a backup line. This configuration was configured to share Azure.

In the update, IP-VPN was canceled and VMware SD-WAN and VMware SD-WAN Edge were installed at each location other than Suzhou. We decided to deploy the company-wide system in the cloud. Only in Suzhou, in order to comply with China's cyber security law, we configured an Azure connection and placed the East Asia region server in Hong Kong.

Next, I will explain how the method of connecting to Azure has changed significantly. Prior to the update, Azure was only connected to headquarters. In addition to using an international IP-VPN, each branch had to go through the headquarters once to connect to Azure, which was inefficient.

After the update, each location can connect directly to Azure via SD-WAN.

How was it built and deployed?

The steps to build it are as follows.

At the conceptual design stage, the WAN network and routers were selected. VMware SD-WAN was the best in terms of communication speed, connection availability with Azure, and zero-touch provisioning.

The equipment configuration policy is to configure HA at the head office in Osaka and the Iida factory where IT personnel are located, and configure equipment with priority on deployment and maintainability at sites where there is no IT staff.

In the PoC of VMware SD-WAN, we conducted a test to see if file transfers would slow down in the operator's product verification lab. The results are shown in the table below, and it was found that SD-WAN has no problems in operating file servers on Azure.

In the process of building and deploying, zero-touch provisioning that can be easily connected in the field is required while ICT personnel cannot go on business trips due to the COVID-19 pandemic. In addition, the procedure for switching from the old configuration is explained with diagrams and photos.

Switching of bases in China

In June 2017, China's cyber security law came into force. The point is that the data must be stored in China and that the data is restricted from crossing national borders.

The requirement to store data in China was met by moving the China-based shared folders to the Azure East Asia region. With this, even if data cross-border restrictions are imposed and communication with the Osaka head office becomes impossible, business can be established within China.

In China, two related bills will be enforced in the second half of 2021, and regulations related to IT networks are being strengthened. Mr. Onoe adds that it is necessary to consult with the legal department and others when considering the composition as a countermeasure.

Operation

MDI uses Microsoft Teams as a communication tool, and if there is a system failure, a notification will be sent to Teams. In the past, when the line was interrupted, if it did not recover after waiting for 30 minutes, the carrier would contact us, and then we would start isolating whether the fault was the device or the line.

After the update, when a notification is sent to Teams, the person in charge of the system and the person in charge of operations at the base will grasp it and start isolating the problem. Whether it is a line or a device can be identified at a glance, and the company or the operator will respond to the restoration.

Also, on the SD-WAN Edge orchestrator screen, we are introducing a mechanism that allows you to see where and what kind of failure is occurring.

Considerations and observations after construction

In this case, the initial cost and operation cost of WAN construction were reduced to one-third, the stability and speed of the line, and CIFS communication remained unchanged. , Teams video conferencing is not interrupted in the middle. They say they are very satisfied with the quality. However, CIFS needs some ingenuity.

In terms of deployment and operation, it can be installed without an IT staff at the equipment installation location, and SD-WAN Edge can be operated with a GUI. Since the controller is in the cloud, it is advantageous in terms of operation that maintenance can be performed without being in the company. Easy deployment and high operability can be said to be an advantage for users.

“VMware SD-WAN Edge is not a trade-off between cost and quality.