With most of his company’s employees working away from corporate headquarters and needing regular access to corporate data, Thys Coetzee found he had two choices. He could continue wracking up large long-distance phone bills so that employees could dial in for slow, insecure access to that data or he could implement a virtual private network (VPN).
For Coetzee, the answer was easy: He implemented a VPN system that enables far-flung employees to securely and directly connect to backoffice data via any Internet connection.
Coetzee is director of information systems for Zinpro Corp., headquartered in Eden Prairie, Minn. While the company only has slightly more than 100 employees, it is known worldwide for developing trace mineral nutrition for livestock.
About 30 employees work in the home office with the rest spread out in small sales offices, often in the homes of the regional representatives. The company also has factories and research facilities around the U.S. and a number of sales offices spread around the globe.
“We share common backoffice data and I had to provide communications between all those centers,” Coetzee said. “Before, we used dial-up Internet access and dial-up RAS and it wasn’t unusual to have connect speeds of 14.4 Kbps. Plus, it was insecure.”
Slow, Insecure and Expensive
The old set-up also was a “technological nightmare,” Coetzee said.
“With so many remote people trying to dial in, the modem pool was often strained,” he says. “Security was basically non-existent and costs were incredibly high because everything was done via long-distance or an 800 number.”
Coetzee says that the company’s phone bills often reached $11,000 a month. “That’s not small for a company our size,” he notes. Even worse, there was no centralized access to the back-end data. As a result, the far-flung employees would often send and receive key data via e-mail.
“We should have been able to move 10 times the amount of data,” he said. “People were e-mailing huge PowerPoint presentations. You can just imagine the problems.”
Besides high costs and technical concerns, another incentive to change to VPN technology was that a key executive moved to California for personal reasons and the company wanted to keep that executive on-board. So Coetzee started to transition the company to a VPN-centric system in early 1999, which he hoped would be cheaper and more secure and would enable the California-based executive to remain with the company.
“The first thing I did was tear out the old firewall system (in the corporate headquarters) and replace it with a solution from WatchGuard Technologies,” he recalled. That product combined the VPN software with a firewall.
Even at that, Coetzee said he still had some work to do.
“Initially I had to roll my own IPSec,” he said, referring to the widely used VPN protocol. “But they (WatchGuard) implemented their own before long.” In addition, Coetzee said he implemented the PPTP tunneling protocol, which is included with Windows, on client workstations.
Coetzee also deployed T1 lines and additional WatchGuard firewall/VPN devices into the three larger remote facilities. He gave employees who worked out of their homes and small offices a choice of broadband flavors and a SOHO version of the enterprise WatchGuard product. Coetzee hit the road to deploy the equipment and software in both corporate facilities and in home offices.
Home-based employees were particularly pleased that he installed the devices and they didn’t have to. Plus, family members received fast Internet access, which Zinpro considers a fringe benefit.
Traveling employees were given a standard dial-up account. In those cases, security is provided partly by the fact that dial-up clients have dynamic IP addresses, which prevents outsiders hacking into the system. In addition, mobile PCs use PPTP.
Phone Bills Down, Efficiency Up
Coetzee said the system is still expanding, but the benefits to the company already are clear.
At this writing, he has installed 11 of the SOHO firewalls from WatchGuard at about $440 each. That represents less than half of the home and small office-based deployments – Coetzee said he will finish the rest of the deployments over time.
The four enterprise-level firewall/VPN devices at headquarters and at the outlying facilities cost about $3,900 each. Plus, he added a T1 line at each of the company’s three outlying facilities – the home office already had one – for about $1,000 per month each.
“Our long-distance bill (which typically was $11,000 a month) now is about $4,000 a month,” he says. “That’s money in the bank.” He notes that employees were paying for the Internet connections anyway, so these are not new costs.
The dollar savings are only part of the benefit, he says. Employees are more efficient since they can more quickly access up-to-date back-end data. Plus, the data is more centralized, which provides benefits such as more effective backup strategies. And, the system is more reliable and secure.
“We didn’t do a formal ROI (return on investment),” Coetzee says. “There was no point. The issue is: Do you want to communicate or don’t you?”
Coetzee says he also has benefited greatly from the changeover.
“We used to do nothing but firefighting,” he says. “The phones were ringing all the time. Now, we can get on with developing new concepts.”