Transforming to an as-a-service, cloud model to deliver performance and agility at the business edge

Vössing is a family-owned civil engineering business. It is based in Germany but is now increasingly international in its ambitions. With offices in Poland, Qatar, Slovenia and China, to date, Vössing has worked on over 12,000 projects in 15 countries.

Connecting project teams and branches is critical. Vössing must do so efficiently and effectively. It wants teams to have the head office experience while accessing the data and applications they need. Faults or network performance dips must be spotted early and fixed quickly, while reducing latencies due to dependencies on central resources and creating more agility at the edge of the network. In doing so, costs must be scrutinised and managed and vendor relations streamlined.

“We have a dispersed team of knowledge workers sharing large CAD files. We want our teams to have the access to the files and the applications they need, from whichever office,” says Bernd Gewehr, Head of IT, Vössing. “File access latency must be approximately 1ms – that’s why we insist on local fileservers with cloud-based sync. The faster the sync, the faster the cross-site collaboration.”

Growth drives change

Historically, the Vössing network policy has been to channel all internet access via a central router at its data centre in Germany. With growing traffic and content from 20 different locations, Gewehr estimates he would need 10Gbps of central internet connectivity bandwidth. This would be formidably costly.

Consequently, the distributed direct internet breakout at each branch is the preferred model, while only business-critical and highly sensitive content will continue to be channelled to and via the core. A consequence of the new model is that the team will now need to manage a large number of firewalls and VPN tunnels as well as the Wi-Fi, LAN and WLAN infrastructure, alongside the WAN. This is where an integrated architecture becomes a huge advantage for Gewehr and his small team.

Optimise management, simplify vendor relations

Vössing has been a long-time Aruba customer for Wi-Fi. With the company looking at the consolidation of vendors across the business to streamline management and processes rather than force down costs, Bernd Gewehr says the relationship came under renewed scrutiny like with all other vendors:

“We created a vendor map for IT in 2019 and soon recognised that having 50 vendors for such a small business was too much. We needed to simplify the whole set up.”

“The cloud model is extremely important to our way of working. We don’t buy on-premise solutions anymore. We don’t have the necessary number of administrators – and cloud services serve best if your core business is multi-company collaboration,” says Gewehr.

It soon became apparent that Aruba could deliver a fully integrated solution to Vössing, unlike all other vendors.

Cloud-native, hardware-less core

To enable the decentralised architecture, the team chose to adopt a cloud-based and hardware-less core services model. This would ensure secure, high performance branch access to the internet and allow the business to maximise its migration to cloud-native. Vössing already has a cloud-based file server as a service, 100 terabytes of cloud-native storage and a workplace-as-a-service model for all PCs, displays and laptops. It wants an adaptable network platform with open APIs and development tools to allow easy and secure integration and orchestration with these solutions.

“Our objective has been to achieve a cloud-based core and single-node edge,” says Gewehr. “Today, almost every core component is virtual in the cloud. Once the Aruba 7220 Head-End Gateway functionality also becomes available as a virtual appliance, we will achieve a completely virtualised core architecture.”

Gewehr stresses: “Although important, cost was never the primary goal. It was never our starting objective to reduce the cost of bandwidth with SD-WAN. We have a different motivation: with smart devices and cloud services proliferating, we wanted a more efficient way to deploy and manage Wi-Fi, LAN and WAN services.”

The team needed a solution capable of integrating LAN, Wi-Fi, WAN, web filtering, VPN and security. It would combine LAN for desktops and workstations, Wi-Fi for guests, meeting rooms and mobile devices, and WAN with VPN encryption. On top of that, the team needed to manage VPN logistics for the end-users as well as web filtering proxies for secure web access.

Unified model, cloud management

The Aruba solution is a software-defined branch that combines wireless, wired and WAN infrastructure with unified and centralised supervision, security orchestration and quality of service management capabilities. This is combined with simplified zero-touch provisioning (ZTP) for ease of deployment and configuration orchestration for remote locations. These cloud-based service-oriented features help maximise network performance for specific applications, roles or use cases, and minimise costs as a key outcome. Gewehr and his team are now able to offer Vössing an efficient unified connectivity model, with a cloud-native approach.

“Aruba was the only vendor capable of covering all of our priorities,” says Gewehr.

Key to the solution are Aruba Central and the Aruba 9000 series Branch Gateways together with Aruba 7220 Head-End Gateways and Aruba 2930 Campus Edge Switches. Run in the cloud, Central provides a GUI from which to manage and orchestrate all network tasks and services. It enables the team to deploy configurations to new remote switches or access points from the head office, while orchestrating security policies, firmware updates and other maintenance processes.

The gateways extend the network to every branch office, maximising Wi-Fi and LAN performance and can decentralise the provisioning of web-based services while keeping security standards high.

Creating a more agile, flexible network

Aruba SD-Branch enables Vössing to improve network performance and create a highly automated and scalable platform from which to manage dispersed teams. With local internet routing, the company has been able to come down from a leased line model where each branch was directly layer 2 connected to the German DC to 1Gbps local internet access at the branch offices, delivering clear availability and cost advantages.

Calculating a total cost of ownership is never simple, Gewehr admits, but boiling down the engagement from at least five vendors down to one, capable of providing the entire Core-to-Access network architecture, was clearly the best option.
”Aruba is either doing these well enough or way better than any other vendor in the market. Having a single pane of glass was very attractive to us.”

As it happens, bandwidth costs, Gewehr adds, have reduced by approximately one third. What’s more, he continues, the Aruba roadmap shows it is advancing very quickly on new technologies, and there is the assurance of global support: “Aruba can maintain the whole connectivity of the set up.”

High-quality, consistent experience for users

Success, continues Gewehr, should be judged on the quality of the network and user experience: “We have a very reliable network situation for our people. I prefer to look at the value of ease of operation and completeness of the solution because it supports creating a perfect UX.”

Users have access to the files and applications they need; the network delivers a consistent experience from headquarters to the branch and at any time. Business continuity and productivity are primary objectives.

The solution enables integration with cloud platforms such as AWS, Azure or Google, supporting Vössing’s multi-cloud model. Vössing is able to integrate its Azure Active Directory single-sign-on (SSO) for all locations via Aruba Central.

Branch sizes range from 25 to 100 people. “Like many industries, it is a battle to attract the right expertise, the right talent,” says Gewehr. “Being able to work from anywhere is important to many people. We can now act as one team – wherever you are.”

“Network-wise, there is no better place to work than the office. We have the fastest internet you can get, and faster file access, and it doesn’t depend on a central data centre. The experience happens and is managed at the edge – the branch. Nevertheless, being mobile with client VPN supports us with working in the field and in home offices with high network availability and performance.”

Secure today, with long-term reassurance

Centralised management means Gewehr’s team of three network administrators is able to establish consistent rules, troubleshooting issues faster. This team can now manage more than 100 virtual servers, 60 switches, 700 seats, 20 international sites and an ever-growing number of mobile devices. Vössing understands the condition of every connection and device and any time saved on operations is time that can be spent on supporting the business.

“We’re doing more things at the edge now,” says Gewehr. “Central allows us to administer 20 firewalls and web filters in a single view. This is important and allows us to switch the model from central internet breakout to local internet breakout. Without the completeness of the Aruba solution this could not happen.”

The dream, he continues, is to be able to extend the branch to the construction sites, with zero-touch provisioning “all configured and monitored in Aruba Central.”

The engagement with Aruba has already been vindicated. It addresses today’s challenges and bolsters Vössing’s confidence in the future.
“The Aruba expertise is deep and more than enough for what we want to do today,” he says. “The comfort is seeing that Aruba is moving fast on new areas. Those areas might not be urgent today, but it’s good to see the path ahead.”