bluebay2014 - Fotolia

Dutch pharma firm Centrient switches out MPLS for Cato SD-WAN

Centrient Pharmaceuticals, a Netherlands-based drug company, has switched out its global MPLS service in favour of a high-performance software-defined WAN from Cato Networks

Netherlands-based drug manufacturer Centrient Pharmaceuticals is seeing improved network uptime, increased capacity to support its heavy cloud usage, and was able to provision a recent office move in barely 50 minutes after switching out a global multiprotocol label switching (MPLS)-based network in favour of a software-defined wide area network (SD-WAN) supported by supplier Cato Networks.

A manufacturer and distributor of generic beta-lactam antibiotics – a class of broad-spectrum antibiotics defined by their chemical composition, that includes penicillin – next-generation statins and anti-fungals, Centrient’s history dates back to the 19th Century, when it was founded in Delft as a producer of yeast and spirits.

After diversifying into other chemicals and pharmaceuticals, it eventually ended up in the hands of chemical multinational DSM, and subsequently as a joint venture with China’s Sinochem, and was known as DSM Sinochem Pharmaceuticals between 2011 and 2018.

Subsequently sold to private equity outfit Bain Capital, it moved its head office back to the Netherlands last year, and rebranded as Centrient in December 2018.

With locations in the Netherlands, China, Egypt, India, Mexico, Russia, Spain and the US, Centrient had been running an MPLS service procured through its main technology partner. This was used to run internal applications such as SAP, Skype for Business and Microsoft Azure through its main datacentre in the Netherlands, which has an ExpressRoute connection to Azure.

Meanwhile, local internet breakouts secured by onsite firewalls offered access to the public internet for its Office 365 and other cloud applications, while at Centrient’s smaller offices in Egypt, Russia and the US, it ran a virtual private network (VPN) across the public internet to India or the Netherlands.

MPLS not agile enough

However, by 2018 it was rapidly becoming clear that to global IT manager Matthieu Cijsouw that as Centrient’s capacity requirements grew, he could not continue to run the business effectively over an MPLS network.

“MPLS is still a very good networking technique,” he says, “but for us it was not agile enough, it was on the slow side and it was simply very expensive. I wanted something faster, easier to deploy, and that cost less.”

Cijsouw began looking into SD-WAN solutions at this stage, but Centrient’s technology partner at first recommended a mix of SD-WAN appliances, firewalls and secure web gateways, which he says he thought would be too complex – particularly given that such a set-up would still be very dependent on the public internet, which was problematic for the business because of its heavy engagement in China, where internet performance can fluctuate wildly.

He was attracted to Cato’s Cloud Network – a global, geographically distributed, encrypted and SLA-backed network of points of presence (PoPs), interconnected by numerous tier-one IP backbones – on the basis that it would enable every packet of his network traffic to transit across the optimum IP backbone, resulting in better performance and uptime.

“I looked at several SD-WAN solutions, but Cato distinguishes itself because it has an optimised backbone which is better guaranteed than others,” says Cijsouw.

Proof of concept helps SD-WAN prove its worth

However, as a globally distributed enterprise, it was not necessarily a given that the board would be entirely comfortable running with what is essentially still a networking startup. Cato was founded only in 2015, albeit with industry pedigree – one of its founders, cyber security entrepreneur Shlomo Kramer, also set up Check Point.

Nevertheless, Cijsouw decide to run an extensive proof of concept at first, deploying three of Cato’s Socket zero-touch SD-WAN appliances in parallel with the existing MPLS circuits. The Cato network sailed through load balancing, failover and load testing.

The second stage of this saw production loads being deployed in the Cato Cloud itself, during which a number of test users reported that they were seeing applications becoming significantly more responsive than usual.

Fired up by this, Cijsouw moved ahead with a full migration of all MPLS-dependent locations onto the Cato Cloud, which took about a month, with the actual cutover taking about half an hour.

This process saw old 6Mbps MPLS connections replaced with two (in some cases three) local internet connections to bring this up to 20Mbps aggregate per site, burstable to 40Mbps, with capacity for the Netherlands-based datacentre set at 50Mbps, burstable to 100Mbps.

To ensure maximum availability, the new connections were dual-homed, while redundancy in the physical layer was ensured with separate modes of connection – in this case fibre and radio – to the public internet.

Business enhancements

“What was clearly visible for the business was of course, the lower cost,” Cijsouw tells Computer Weekly. “That was very easily seen.”

Indeed, he estimates that at the time of writing, the Cato network is running at around a quarter of the cost of the MPLS set-up.

Unsurprisingly, network capacity has also improved. “Before, we had 6Mbps per location, which was simply getting full, suddenly it’s 25Mbps or more, and I can do what I need over that,” says Cijsouw. “It’s not that it was dead with MPLS, but you can definitely see files being opened quicker and websites loading faster.

“For the rest of the company, those are really the only two things that are visible – they had a connection before, and they still do.”

The capacity boost has been particularly pronounced when it comes to Centrient’s Skype for Business installation, notes Cijsouw. Although voice quality has remained constant on both set-ups, reductions in packet loss and improvements in latency have both been observed.

Also, connections into China now appear to work much better running over the Cato Cloud than they did with MPLS.

Read more about SD-WAN

Ease of deployment presented a further benefit for the business, especially given the acquisition by Bain and accompanying rebrand. Last year, Centrient also repatriated its headquarters from the Far East to the Netherlands – specifically Rotterdam. With Cato, Cijsouw was able to provision the new office within an hour.

“You can deploy it yourself, you don’t need anybody to do it, it takes a matter of minutes,” he says, “compared to MPLS, where ordering lines and having them installed can be a three to four-month process.”

The new service has also given Cijsouw greater visibility into what is happening on Centrient’s network. He talks of accessible reporting and more detailed statistics on line usage, among other things.

Further savings are also likely to emerge in the not-too-distant future. Centrient has not transitioned its firewalls across to Cato yet because its licences have not yet expired, but Cijsouw hopes to be able to switch them out for Cato Security Services and Cato’s mobile client (the firewalls also serve as Centrient’s mobile access solution) bundled with the Cato Cloud.

Cijsouw says this will represent an additional cost benefit, since the spending on outsourced firewall maintenance accounts for about a quarter of his total network budget. “With Cato, that wouldn’t be necessary,” he adds.

Read more on Software-defined networking (SDN)

Data Center
Data Management