After writing my perspective on workforce productivity through a pandemic, I thought it would be a nice follow-up to demonstrate what I had built and the logic that went into the final product.

In order to rapidly facilitate an enterprise quality edge solution, the design must meet the following enterprise security and operational requirements.

Security
  • Gateway requires Next-Generation Firewall (NGFW) capabilities
  • Capability to configure and enforce policy set by the organization’s security department with granular permissions
  • Solution should be VLAN capable as to segment home traffic from secure business traffic (this may be complex for home use but solution can be designed around this requirement)
  • Device should be able to build dynamic VPN tunnels to company application head-ends
Ease of Installation
  • Zero-touch provisioning to lower upfront costs and speed deployment
  • Virtual appliance for head-ends (datacenter and cloud)
SD-WAN
  • Gateway must be multi-WAN capable
  • Device should make real-time application routing decisions to provide superior end user experience for business-critical applications
  • Device should be able to enforce local QoS to preserve sufficient bandwidth for business application and user
Low Cost
  • Solution must have low capital and recurring expenses
  • Solution must incorporate cloud orchestration to minimize operational expense

Security

In my experience, the quickest way to get organizational buy-in for a solution is to start with security considerations in deciding on a platform. In this use-case, I chose Fortinet, a Gartner quadrant leader in NGFW that also happens to be a low-cost system. Most security organizations require user protection in the form of Antivirus, Intrusion Prevention System (IPS), Web / Email filtering, Data Leak Prevention (DLP), and Application Control. Extending these security profiles to the employee edge offers several benefits over agent-based or even cloud-based firewall solutions:

  • Visibility to all traffic in/out of a home office including East <-> West traffic is imperative to stopping attacks at the source, as well as forensic analysis. East <-> West traffic is traffic that is destined for other corporate resources such as applications and file shares over your SDWAN tunnels.
  • Agent based solutions such as antivirus and host-based intrusion detection systems (HIDS) only protect the system they are installed on and provide limited visibility and reporting.
  • Cloud-based firewalls are built to protect the end user from internet facing sources (North <-> South traffic) but are not designed to protect company applications and file systems.

SD-WAN

Recently, Fortinet matured their SDWAN feature set and included it free in FortiOS, the software behind the FortiGate Next-Generation Firewalls. These improvements include application-aware routing (AAR) and Forward-Error Correction (FEC) which provide options to greatly improve the user experience for critical applications.

Ease of Installation

The ability to direct-ship an appliance to an employee and remotely provision it is critical for a solution to be successful. FortiGate appliances can DHCP a WAN IP and connect through the free tier FortiGate cloud which redirects these appliances to the FortiManager orchestrator where they will be automatically provisioned with your corporate policies. In addition to the home FortiGate the Datacenter and Cloud FortiGates can be deployed with ease. If your organization has available Virtual Machine compute resources available, FortiGate VMs can be deployed without any physical labour or cabling.

Low Cost

Finally, in order to extend the edge to exponentially more locations than previously considered, the solution must be affordable. Of the NGFW based SDWAN solutions Fortinet is certainly the most cost-effective. Their multi-year bundles and powerful appliances give you more throughput per dollar than any other solution on the market. Also, of note, Fortinet includes SDWAN functionality at zero charge while many vendors charge based on aggregate internet link speeds. The cloud orchestration and zero-touch provisioning keep operational and capital expense charges down.

My Productivity Paradise Components

1

FortiGate 40F

with 3-year UTM bundle and 24/7 support which costs about $880 with deal registration
2

Netgear GC108P Cloud Managed PoE Switch

I already owned this but you can purchase online for about $100
3

Netgear WAC540B03 3-pack Tri-band 4X4 MIMO WiFi Mesh Access Points

I replaced my Linksys Velop because I wanted something more manageable with VLAN support
4

Peplink BR1-mini wireless modem with Globalgig AT&T & Verizon SIMs

This is tertiary in my setup, however for home users without a 2nd wireline option I’d highly recommend for resiliency. Can also use a Cradlepoint or even a FortiExtender
5

Comcast Xfinity gigabit broadband 1000/40 Mbps

as part of Triple Play package (capped at 1 Terabyte, I just learned this!)
6

AT&T Fiber 1000/1000 Mbps

added to my wireless bill @ $39.99/month
7

Polycom VVX Phone

provisioned off company hosted PBX
Jamie Pugh - Globalgig CTO
Jamie Pugh
Chief Technology Officer

Globalgig Pugh co-founded Unified Scale which was acquired by Globalgig in early 2019. Pugh joined Globalgig as Chief Technology Officer, responsible for global technology, infrastructure strategy, network architecture, and product innovation. Pugh has over 25 years of experience in networking and information technology. Prior to Unified Scale, Pugh served as the Vice President of Network Engineering for One Source Networks (OSN) and leadership positions at OuterNet and Symbiot.

 LinkedIn

Get in touch with us

Simplify your global communications with a custom plan