We use frame relay to connect our other satellite offices to the main office. But for this new office we're considering an appliance-based site-to-site VPN tunnel, with Internet access provided by a metro fiber provider. The provider offers 100-Mbps Internet access in certain cities for only $1,500 a month. We have this connectivity in our main office--and yes, this rocks. The first time you download some massive patch from Microsoft that used to take minutes and now takes seconds, you want to kiss your ISP. The uptime is also good, but we keep a point-to-point leased T1 with Internet access from another provider as a backup.
Bucky Rogers, our IT security manager, was not going to let the network team off the hook when it came to authentication for a wireless network. If we go with the wireless LAN and a connection to our frame relay network or site-to-site VPN, we will certainly lock down access security with authentication such as 802.1X--but that comes with added cost, hardware and complexity.
So, we're considering having just raw Internet access at the remote site--using the metro fiber provider, no site-to-site VPN or frame relay. The users would hit the basically secured wireless LAN (encryption/keys) and then access our corporate systems with their existing client VPN software. The 100-Mbps access from the metro provider would offer excellent connectivity with our main office.
So that's the story. What would you do? What might we have missed in our considerations? Do you have a purely wireless office? Have other thoughts in general? I welcome your input.
Hunter Metatek is an enterprise IT director with 15 years' experience in network engineering and management. The events chronicled in this column are based in fact--only the names are fiction. Write to the author at realityIT@nwc.com.