Sicra Header Logo
  • Careers
  • About us
  • People
EnglishNorsk
Talk to us
  1. Knowledge
  2. Insights
  3. Customer stories
Customer stories
29.01.2020
min read

Global SD-WAN solution for Wallenius Wilhelmsen

A new SD-WAN solution provides cost savings, increased security, and flexibility.
<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Global SD-WAN solution for Wallenius Wilhelmsen</span>
Editorial staff
Editorial staffAuthor

Wallenius Wilhelmsen ASA (WalWil) is a leading shipping company in the transport of cars and other rolling stock and general cargo. The company operates 60 RoRo ships and has a global operation with 9,500 employees in 29 countries. International communication between the company's 130 land-based offices is critical and has historically been costly and complicated. They are now in the final phase of a global rollout of Cisco Meraki SD-WAN, which brings several positive effects.

The main purpose of the project was to save costs on international data communication by switching from MPLS to SD-WAN. The work started in 2018 after first exploring an SD-WAN solution through a global Telecom provider. After reviewing the proposed solution, it was found that greater effects could be achieved by building the solution themselves. Jan Kristian Osland from Sicra has been the architect of the solution and has been the executing and technically coordinating resource in the global rollout.

In the process, it was decided to also include LAN and WiFi at the locations, so that a comprehensive solution with good visibility for security and operations could be achieved. During the rollout, the latter has provided good security effects and oversight. Devices that are on networks they shouldn't be on are now much easier to detect. Unified visibility over which devices/applications use the most bandwidth, as well as the ability to shape traffic, prevents overload and improves the user experience. Continuous firmware updates also contribute to stability and improved security.

The solution is now operational for over 80% of WalWil's offices. The rollout has taken place at a high pace in all regions, and WalWil has found that the solution more than meets expectations.

What is SD-WAN?

SD-WAN is a concept where a software-defined virtual private wide-area network (WAN) is built using public internet and encryption (VPN tunnels).

About the solution

Cisco Meraki is a cloud-based network managed through a cloud service in a regular web browser. This means that, for example, switches, WiFi, firewall, IDS/IPS, AMP, and SD-WAN are managed and configured from the Meraki dashboard in the cloud. WWL has outsourced the daily operation of the solution.

An important place to start is to create a good basic design; naming standards, templates, security policies, firewall rules, SSIDs, switch port configuration, alerting, and logging. This is to ensure that the solution is clear and easy to manage afterward.

One of the considerations made is whether to use a global provider of internet access or a combination of several local ones. Local providers offer the greatest flexibility but also a lot of administration. Practically, one may also experience that local helpdesks do not speak English. WalWil has therefore consolidated as much as possible with a global provider but supplemented with local ones where practical reasons necessitate this. The SD-WAN concept still brings everything together in one network. A special case is China, which has its own Meraki cloud/dashboard. This is because VPN connections out of the country are not allowed. This must be resolved by using MPLS or another unencrypted connection between China and a location outside China to link the two Meraki SD-WANs. Meraki is currently not available in Russia but may be in 2020.

Some large cloud services use geolocation to route you to the nearest data center, for example, Office365. Since WWL primarily uses a global ISP, and these reuse public IP addresses, there is a risk that the IP address has been used on another continent previously. It is therefore important that the equipment has the correct country code. Ordering all equipment in Norway for forwarding was therefore not optimal. In hindsight, it is seen that the equipment should have been sent directly from Meraki to where it was to be used, to get the correct country codes. Some countries are challenging with customs handling, and therefore local ordering has been adopted. South Korea and China are examples of this.

When switching from a global MPLS network to SD-WAN with local Internet breakout, the DNS design must also be reviewed. In practice, DNS requests must go out locally instead of centrally as previously used. This consideration also applies to previous central proxy services.

In the transition from MPLS to an SD-WAN solution, one of the arguments for buying the equipment themselves, as opposed to buying Meraki as a service from another provider, is to avoid "vendor lock-in." While it is relatively easy to switch an MPLS provider, this becomes much more complicated when LAN and WiFi are included. WalWil therefore considered it best to procure all the equipment themselves and rather outsource the operation after implementation. This avoids "vendor lock-in" and provides much more freedom to negotiate prices/agreements, making it much easier to switch service providers if needed.

One of the reasons for choosing the Meraki solution was that it is leading in terms of security features. This is essential when switching from regional internet access to local internet at all locations. Meraki has Cisco Anti Malware Protection (AMP), IDS/IPS, and URL filtering based on category. This provides effective local access while maintaining a good security level.

What has changed with the new solution?

The following effects have been experienced:

  • SD-WAN provides reduced cost for international communication, increased flexibility, and is not dependent on an ISP.

  • One console for all maintenance and settings for the entire solution. The solution also has a Global change log. This provides insight into who has done what and when it was done, which in turn provides better security and easier management.

  • Greater flexibility in acquisitions or sales of businesses. WalWil has grown through acquisitions over time, and the SD-WAN solution makes it easier to integrate a new business into the common solution. It is also easier and faster to set up or take down an office. It provides great flexibility that all that is needed is an internet connection; in the worst case, a 4G router can provide a connection.

  • Increased security level and visibility for security incidents. Standardization of equipment and firmware.

  • Reduced complexity in managing the solution.

  • An API interface to everything, making it possible to create custom scripts and solutions.

One of the values Jan Kristian has added to the project is combining data from Meraki APIs with WalWil's ship positions, severe weather, and seismic events. This gives WWL a simple overview of its global WAN in a practical operational context. Totto Befring, Head of Global IT Operations at WalWil, says that in this view, he can, for example, see hurricanes rolling into the Gulf of Mexico and follow the consequences for the land-based networks as it happens.

WalWil-Livefeed-768x442-Sicra
One of the values Jan Kristian has brought to the project is combining data from Meraki APIs with WalWil’s ship positions, severe weather, and seismic events. This provides WWL with a simple overview of its global WAN in a practical operational context.
VP Infrastructure Services at Wallenius Wilhelmsen Ocean & Solutions
Totto Befring

Explore more

Oslo Taxi secures the platform with Sicra and River Security
Customer stories

Oslo Taxi secures the platform with Sicra and River Security

Even taxi companies must think like technology companies. For Oslo Taxi, IT security is about more than firewalls – it’s about protecting transactions for large amounts and a premium brand in a changing industry.
Malling wanted a security review of their M365 environment
Customer stories

Malling wanted a security review of their M365 environment

The security review from Sicra provided Malling with the foundation to improve their own security.
Ransomware attack caused headaches for one of Norway's largest chains
Customer stories

Ransomware attack caused headaches for one of Norway's largest chains

Sicra provided both a complete security solution and a comprehensive segmentation plan.
Removed a false sense of security at Montel
Customer stories

Removed a false sense of security at Montel

When Sicra looked under the hood, the top executive got a surprise. This led to new attitudes towards security.

Tailored cybersecurity for institutions and enterprises that allows for innovation, growth, and fearless performance.

Get in touchCall us +47 648 08 488
Stay updated
Receive the latest news

Links
SustainabilityFAQPartnersCertifications and awardsCareerPress & brand
Contact

Tel: +47 648 08 488
E-mail: firmapost@sicra.no

Tollbugata 8, 0152 Oslo. Norway

Follow us on LinkedIn
Certifications
iso27001-white
ISO 27001 compliance
miljofyrtarnlogo-hvit-rgb
Eco-Lighthouse
Sicra Footer Logo
Sicra © 2024
Privacy Policy