ITBusiness.ca

Laser eye surgery clinic migrates to VPN, multi-purpose security device

Growth by merger and acquisition often puts enormous strain on employees, processes and corporate bottom lines. For network managers, there’s the added stress of ensuring the overall communications infrastructure can support the new, larger business that results.

In the case of TCLVision Corp.

of Toronto, a provider of eye care services ranging from laser correction to cataract surgery, the merger of two industry leaders created a pressing need to update a computer network that, according to Roger McIlmoyle, TLCVision’s director of technical services, had reached the point of “”coming to end of life and collapsing.

“”As we went through the merger it just simply wasn’t a priority to spend money on technology,”” notes McIlmoyle, referring to the joining of TLC Laser Eye Centers and Laser Vision Centers Inc.

Over the course of four to five years of change, the network had grown from a relatively small infrastructure to more than 74 sites using a mix of Frame Relay, virtual private networking (VPN), ISDN and direct dial up connections. “”The Frame Relay network was very expensive for very low bandwidth,”” says McIlmoyle. “”Most of our sites were running at 128 (Kilobit-per-second) links and we were basically getting speeds lower than dial up.””

Add the fact that the bulk of the company’s VPN and concentrator products hadn’t been upgraded, were no longer supported and were starting to fail, and you get a network that was ripe for change.

With more than 1,000 affiliated surgeons, a referral network of thousands of affiliated eye doctors and close to 60 branded centres across the U.S. and Canada, TLCVision needed to both consolidate its network and provide increased bandwidth to support remote distribution of corporate practice management and financial applications. At the same time, it needed to ensure legislated privacy and security requirements were met.

This spring, the company decided on Internet-based VPN technology, replacing its entire carrier-based Frame Relay links with fractional T1 lines. Most ports were upgraded to 768 Kilobits per second (Kbps), while some in outlying areas were at least brought up to 384 Kbps. It then chose FortiGate systems from Sunnyvale, Calif.-based Fortinet to provide network VPN and security services

In four weeks, the entire corporate network was switched to a public IP-based network using the VPN functionality in FortiGate. In addition to industry standard VPN support, the systems provide real-time detection and elimination of viruses and worms, network intrusion detection, network intrusion prevention and firewall services – security measures that were lacking on the old network.

“”We didn’t have any firewalling on any of the remote clients, we didn’t have any centralized policy management for the firewalls we did have, and our virus scenario was less than ideal to say the least,”” says McIlmoyle. “”We were just in bad shape.””

The new network is managed centrally from Toronto, freeing up time for the four IT staff members to address other concerns. Most security threats are caught on the outside, drastically reducing the amount of processing required by in-house anti-virus software which now contends mainly with infections occurring on the inside through a physical means rather than an electronic pathway.

Since migrating to Internet-based VPN, TLCVision has saved about $16,000 a month, says McIlmoyle. While he acknowledges some of his peers would argue IP based VPN isn’t robust enough to support mission-critical applications, in McIlmoyle’s opinion ‘mission-important’ is just as good.

“”Because of the way our business applications are structured, although the applications are mission critical they can withstand a certain amount of outage,”” he says, noting that applications are distributed using a thin client model.

Using statistics that were collected over a period of about three years, the company is able to compare the performance of its VPN network to the older, primarily Frame Relay network and is finding that all links are performing equal to or better than the original network.

“”We looked at what we were doing, how we were delivering it and what it was costing us and we just weren’t doing it in an intelligent way anymore,”” says McIlmoyle.

“”Now that we’ve made this transition, even though a lot of people pooh-pooh Internet-based VPN, from our perspective we’re as reliable as we ever were.””

Exit mobile version