It doesn't matter whether you are using virtual private network (VPN) technologies to connect your branch offices...
via cheap ADSL or expensive T/E-carrier links: Analyzing the cost of VPN links should be a monthly routine for every IT manager or senior engineer at any organization.
Most companies periodically increase the bandwidth availability of their VPN links by adding more network connections or upgrading existing ones. However, other companies purchase an initial VPN link from their Internet service provider (ISP) for each office and remain with the same VPN links for years.
You should consider your current VPN link capacity to determine whether you can upgrade or downgrade your VPN. Understanding VPN link capacity will help you determine whether you can save your company money with a VPN downgrade. The tips below will help you calculate the cost of VPN links.
Calculate cost of VPN links, determine requirements
In a world where upper management is constantly asking for reduction of ongoing costs, looking into the cost of VPN links is a great idea, and it doesn't even require a Master's degree in economics -- it's much simpler than that.
Here are some steps that will help you calculate the cost of VPN usage for your company:
Step 1: Identify all VPN links. This is usually a big problem for large enterprises. Successfully identifying all links the company is paying for can be unfortunately daunting, but it is a necessary task. A summary of VPN links can be requested from your provider(s) to help you find them all.
Step 2: Test your VPN link speeds. The next step is to find out the speed of each VPN link. This information can also be obtained from your service provider and checked against your equipment to ensure what you are paying is what you are getting. You can measure WAN latency using ping.
Step 3: Analyze your VPN services. Pay extra attention here -- this is a very important step. Knowing what services are running on each VPN link is critical to understand what options you might have to manage the cost of VPN links by upgrading or downgrading.
For example, if your remote users are in branch offices that mostly use terminal sessions (like bank branches), chances are your bandwidth requirements are not that critical. Terminal sessions tend to take up very little bandwidth, as they are mainly text characters and contain few or no graphics.
If you're running voice services -- for example, if you are interconnecting PBXs or call centers among branches -- then you might be able to get away with smaller links by using a different type of voice codec. (Compare 64 Kbps with 8 Kbps per call session when switching from G.711 to G.729, respectively.)
If remote users access virtual desktop services, then downgrading to a lower-latency VPN link might save you bandwidth and reduce the overall cost of VPN services.
Another typical service is email. When remote offices use the POP/SMTP protocols to send or download email accounts from the centralized mail server, switching to IMAP or webmail might mean the difference of hundreds of dollars in network bandwidth requirements, as IMAP and webmail require a lot less bandwidth due to their design and the protocols used.
Step 4: Monitor the bandwidth usage and availability of VPN links. I'll use two graphs to illustrate the advantage of monitoring your VPN link bandwidth usage and availability in the course of one day.
Both graphs below show the typical daily bandwidth usage of VPN links to two different remote offices. Each link is a 1024 Kbps VPN link. The green area indicates download bandwidth while the blue line indicates upload bandwidth. Knowing this, what can you see?
Figure 1: VPN link bandwidth usage peak 1
Figure 2: VPN link bandwidth usage peak 2
Without a doubt, this company is wasting a lot of money. These traffic patterns indicate that there is no requirement for a 1024 Kbps VPN link for each site, and the full cost of the VPN service is being wasted. The first graph shows a peak usage of just 560 Kbps while the second graph tops at around 680 Kbps.
Practically, this means the company is paying for an additional 460 Kbps (first graph) and 244 Kbps (second graph) that are not being used at all!
Graphs like these can be easily obtained using free tools such as MRTG.
Obtaining traffic statistics for one day alone is merely not enough to help make decisions as to whether an upgrade or downgrade is required. It is always recommended to put such monitoring mechanisms in place and closely monitor the statistics they provide over a period of time. This will help you come to a safe conclusion as to whether a VPN link upgrade or download is required.
Knowing VPN link capacity = knowing whether you need an upgrade
By now, the importance of each step in evaluating the cost of VPN links should be evident. By obtaining the right information about your VPN link, making corrections and monitoring their progress will ensure you are not left in the dark when it comes to evaluating your VPN links and managing their costs.
Small strategic changes, like the ones in our example of the switch between voice codecs (G.711 to G.729) between your sites, will make an impact on your VPN link capacity the very next day. When your patterns stabilize and don't peak at their maximum available bandwidth, you can then safely start cutting your VPN link costs by downgrading their capacity.
On the other hand, if you are experiencing a lot of peaks and performance issues, then you can safely upgrade to the next available level, knowing you are making the most out of what you already have.
Reading other tips in this series:
- How to find a VPN firewall solution for your enterprise
- Hardware vs. software VPNs
- Calculating the cost of VPN links