AmeriGas Propane is the largest propane distributor in the United States. With annual revenue in excess of $1.8 billion, Valley Forge, Pa.-based AmeriGas has more than 5,000 employees in more than 700 locations in the lower 48 US states.
There are approximately 800 employees in the six main locations that each district reports to. The rest of the users are located in various retail branch or district locations that distribute the propane for AmeriGas.
The Business Challenge
AmeriGas wanted to create a network that provided all the applications to all users in real time (users in the main locations, in the retail locations and the approximately 200 executives and sales people that travel and need remote connectivity). Each locale posed its own problems.
Branch Connectivity Challenges
Microsoft Outlook for e-mail, PeopleSoft for the ERP system, Cognos for data warehousing and Attachmate for mainframe access.AmeriGas had several methods for remote employees to access the systems, including dialup access, Citrix and a traditional IPsec-based remote access client. This combination of remote access had the following problems:
- Poor performance: Some applications, such as PeopleSoft, performed poorly over Citrix.
- Complexity of IPsec solution: The IPsec VPN solution was functionally soundly, but updating the software and maintaining currently levels of antivirus protection proved to be challenging.
- User support issues: Both the IPsec client and the Citrix solution proved to have many support issues.
Invoking the client and ensuring desktop firewall software levels were up to date created many user calls to the help desk. With the combined Citrix and IPsec remote access methods the help desk averaged 100 calls per week.Overall AmeriGas users had functional, but complicated remote access through multiple solutions.
The IT department for AmeriGas was searching for a single solution that could meet all of its remote access needs.
AmeriGas chose a combination of two types of VPNs to meet its networking challenges:
AmeriGas chose the SSL VPN solution from leading vendor Aventail. Unlike IPsec remote access products, SSL VPN does not require client software. Instead, a secure session is created through an end user’s web browser, which creates a simplified access method for the end user. Using SSL VPN for remote access provides AmeriGas with the following benefits:
- Increased performance: Applications such as PeopleSoft performed much better than the Citrix solution.
- Simplified user experience: The clientless solution from Aventail removes the complexity from the end user.
The feedback from the users was that the solution was incredibly simple to use. This decreased the number of help desk calls by 50 per week.
Branch Locations Without Internet Access
For the locations with no internet access, AmeriGas is using a managed broadband-based VPN service from Netifice. The managed VPN service includes a local broadband connection (cable, DSL or satellite) with a premises-based VPN application that creates a secure tunnel back to the AmeriGas network. This creates a permanent VPN connection from the remote location back to the corporate network at a low cost.
The managed Netifice service provides the best price/performance broadband connection available locally, management of the CPE devices and all of the network service provider contracts. Because AmeriGas has hundreds of locations all over the country, it may need dozens of service providers to provide connectivity to all of the sites. By using Netifice, AmeriGas only needs to deal with one service provider.
Branch Locations with Internet Access
AmeriGas chose to leverage the internet access that some locations already had, rather than bringing in the Netfice service. AmeriGas created branch-level access by deploying thin-client terminals that uses the Aventail SSL VPN to connect back to the corporate network.
In essence, AmeriGas made the terminal in the branch location look like a remote user. Users log into a custom web portal to launch the business applications. SSL VPNs are typically used only for remote user access so the AmeriGas combination of thin client, SSL VPN and local internet access was a unique solution for branch office connectivity.The branch office connectivity issues were solved with different solutions but both provided the following benefits:
- Lower communications costs: The real-time connectivity to the branches meant that AmeriGas could start using e-mail and other real-time messaging services instead of costly fax services.
- Real-time communications: The e-mail service enables AmeriGas employees to communicate with each other in real time.
In addition, branch employees can enter and review information within PeopleSoft.
Before the VPN solution, AmeriGas used a mix of dialup service, Citrix, IPsec VPNs and local internet access to connect most of the AmeriGas users and locations. By standardizing on Aventail’s SSL VPN for remote access and part of the branch connectivity and Netfice’s managed service for the remainder of the locations, AmeriGas created an environment with a consistent set of applications that are available to all users, regardless of location. The consistent access to applications has the potential to make all users communicate more efficiently and be more productive. As an added benefit, the solutions are delivered at a lower cost than the previous mixed solution.
Recommendations for Enterprises
- Carefully choose the right flavor of VPN service for the majority of corporate locations and then choose the best carrier and vendor for the job—not the other way around. Many enterprises are simply going with the limited options available from their current carrier and vendor, which may not be the best solution.
- Make SSL remote-access products part of your solution. SSL remote access should be part of a corporation’s overall remote access strategy. Use it for the majority of end users who need file access, e-mail and other business applications.
Power users and network administrators should continue to stick to established security methods and technologies for now.
- Calculate your ROI for each VPN option. Enterprises need to understand the economic impact of switching to a new service by comparing their current network costs to the available options. An effective ROI analysis should take into consideration installation costs for new equipment, time and expense of removing the old network, staffing considerations, improvements in network resiliency and connectivity charges, among others.
Aventail is the best-of-breed SSL VPN product company and the authority on secure application access technology. Aventail delivered the first SSL VPN solution in 1997, and today, Aventail meets the secure communication needs of more than two million end users in over 75 countries.
Aventail’s family of SSL VPN appliances increases productivity for end users and IT professionals, while maximizing security and lowering costs. Aventail appliances are built on Aventail’s proven platform, which leads the industry in End Point Control, policy management, and transparent, easy-to-use access options to the broadest range of applications. Aventail is the SSL VPN of choice among leading enterprises and service providers worldwide, such as AT;T, DuPont, IBM Global Services, MCI, Netifice, Office Depot, Sanyo, and TNT. Headquartered in Seattle, Washington, Aventail has an extensive global network of channel partners and sales support offices.
For more information, go to http://www.aventail.com
About Netifice Communications, Inc.
Netifice Communications is a global provider of flexible IP VPN solutions that enable businesses to lower costs, increase scalability and expand the deployment of enterprise applications and communication systems. Netifice customizes its clients IP VPNs using the widest selection of access, security and communication options, combined with advanced systems for managing and monitoring their IP VPN.
Customers can easily deploy expansive networks so that their corporate headquarters, regional offices, remote workers, and retail outlets can communicate with each other as if they were in the same location. Netifice is recognized by customers for delivering the highest quality service and support with industry-leading Service Level Agreements that guarantee site-to-site performance and reliability.For more information go to http://www.netifice.com or call 1-877-NETIFICE.Shannon MappPR ManagerAventail Corporation E: [email protected] T: 206.438.7214