Go Hybrid! How to Rightsize MPLS VPN Connectivity

You’re the network administrator for a business with multiple locations. If you’re like most, at least one of your locations, typically the headquarters, contains a data center hosting a variety of applications. Some of those applications are the exclusive domain of HQ-based personnel (e.g., HR, finance, marketing, corporate communications, legal, and the executive suite) while other applications are directly or indirectly used by personnel in most if not all of your other locations, such as: email, file shares, SCM, and CRM.

In addition to differing application usage, your locations differ in the number of connected users. Naturally, your remote locations, such as retail outlets and sales offices, have the least number of connected personnel. Furthermore, for those non-HQ locations, their “application consecutiveness” is characterized best as “in and out” rather than “always on”; face time with customers and business partners is far greater than screen time.

So does it make sense that a dedicated access pipe to your MPLS VPN network is needed for all locations? Of course not, it is not needed or cost-justified.

Your best approach is to choose the right type of access pipe to your MPLS VPN network for each of your locations. Your hubs of connected activity—data center locations, headquarters, and regional offices—must have the high-end performance, reliability, and control attributes that is only possible with dedicated access such as private line and fiber-based Ethernet. For your other locations, there is a range of broadband alternatives–for example, DSL, cable, and, with the advent of 4G, wireless. While these broadband alternatives will not match the attributes of dedicated, you’ll probably decide this solution is “suitable for our needs and at a price that we like.”

You will not be alone in going hybrid. Based on a 2012 Frost & Sullivan survey, over 25 percent of U.S. businesses rely on broadband for a portion of their MPLS-connected locations.

Worried about data privacy? You should be concerned, but not worried. Creating an encrypted tunnel with either IPsec or SSL for communications with your broadband-connected locations will ensure privacy.

You may also ask, what about cyber-threats? Don’t my broadband locations need to be protected? Yes, definitely. But it doesn’t mean installing and operating the same stack of security technologies (e.g., firewall, intrusion prevention, anti-virus, and Web content filtering) at your hub locations. Most network providers offer “security as a service” from within their networks. You get the type of security you need at a price that is appropriate for each location. Plus you maintain full control over your security policies.

Private, protected, and price-conscious broadband access to your MPLS network and the Internet for your “other” locations—it is good to be hybrid.


Michael Suby is the Vice President of Research at Frost & Sullivan. He brings 12 years industry analyst experience. His expertise spans communication technologies, products, and services, from fixed wired to mobile wireless.
Michael Suby Vice President of Research Frost & Sullivan About Michael