Card speeds connectivity - Internet Security - Brief Article

Lowering communications costs was one of the first duties assigned to Tony Karakashian when Rochester Midland Corp. (RMC) hired him as network manager. RMC's network includes 15 branches across the United States and Canada, each with between 10 and 30 users who communicated with the central office via a six-year-old frame relay network.

Each location's 56K DSO line was costing more than $2,000 per month, and the slow speed of the network affected staff productivity. Reliability also was an issue.

In searching for a new solution, Karakashian concentrated on using a VPN for the WAN. Unlike frame relay, a VPN offered greater flexibility, and it would allow the company to securely communicate with business partners and customers. Field salespeople also would have access to critical customer data, and senior management would be able to use videoconferencing to communicate with branch managers.

Karakashian looked at numerous potential solutions, ranging in price from $3,000 to $25,000 per location. "I knew I could lower costs further by going with an open-source solution," says Karakashian, "but, I didn't know if there was a solid VPN option for Linux."

Knowing about the firewall and routing capabilities of Linux, Karakashian found an IPSec implementation available in the form of the FreeS/WAN project.

In order to implement T-1 connectivity, WAN cards from Sangoma Technologies, for which support is built into the Linux kernal, were selected. The ISP also used frame relay encapsulation to its backbone, a good fit since the low-level protocols are built into the firmware of the Sangoma cards.

"By using recycled PCs to serve as the routers, we estimated the total cost to each of the branches during the tests at under $800, the cost of the WAN card at the time," Karakashian says. "For the three branches using DSL, the cost was that of the second Ethernet card, under $20."

After a few weeks with no downtime, the solution proved itself and was installed across the 15 sites. OS, WAN, firewall and VPN software was set up on each of the systems. To cut down on bandwidth needs and thus reduce RMC's communication costs further, Karakashian added in secondary services, such as Bind as a caching DNS server at each location, and Squid for Web proxy/caching.

With the old lines still in place, Karakashian was able to install the new system in parallel, simply by reconfiguring the IP addresses of the networked computers to use the new VPN.

For more information from Sangoma Technologies: www.rsleads.com/303cn-263

COPYRIGHT 2003 Nelson Publishing
COPYRIGHT 2003 Gale Group