In a city where connections are everything, Blake Real Estate is a major player. The Washington, D.C.-based real estate company develops, owns, and manages approximately a dozen commercial properties. Most are located in the "Golden Triangle" of the commercial business district. Tenants include many federal agencies, national organizations and associations, and various businesses that interact with and need proximity to government officials.
Blake needed to tie all of its offices together, including its offices within each property, into a single, secure virtual network. In particular, the company wanted to use VoIP to create a unified telephone system, providing one-number convenience for tenants. When Blake ran into reliability problems, they contacted Capitol Computer, their longtime, trusted network services partner - and also a longtime partner of WatchGuard® Technologies.
The key problem facing Blake was maintaining reliable, secure virtual network connections between their widespread locations. According to Mary Kave, Corporate Secretary, "We have our main office in one of our buildings and our accounting office in another one of our buildings. Also, in each of the buildings that we manage, we have an office for our building manager and chief engineer. We wanted all of our employees to have the features of a sophisticated telephone system and to have the convenience of simply dialing an extension to reach each other. And, we wanted all of our tenants' calls to ring centrally and be answered by a receptionist."
To create a single telephone system that spanned multiple locations, the company installed a voice-over-IP system. But they immediately ran into problems. VoIP calls were being dropped, voices were garbled and overall quality was poor. Terminal services sessions for the business applications were also dropping. Kave called Capitol Computer Exchange, Inc. (CCEX), who investigated the problem. According to Jeffrey Pena, Implementation Engineer for CCEX, the first step was a test that involved moving endpoints to the same ISP. That reduced some of the latency and jitter in the network, but the problems remained.
After further testing, suspicion fell on the equipment. "We looked at the Linksys routers that they had in place," explains Pena, "They were really geared more towards residential use, to handle maybe one or two computers. There was not enough processing power, and no quality of service or traffic shaping built into them. And with voice-over-IP, QoS is really a must. We knew we needed something more geared to commercial use."
Pena replaced the Linksys routers at several of the sites with WatchGuard Firebox® Edge X10e's. They were configured to serve as IPsec VPNs for securing the data and voice traffic, with QoS enabled for prioritizing the VoIP sessions. Immediately, all of the problems disappeared. Kave was amazed at the difference the WatchGuard appliances made, and was thrilled to have the system working properly. They immediately placed orders for more WatchGuard Fireboxes, including a Firebox Edge X20e with extra capacity to handle the accounting office, which housed a dozen employees and several IP phones.
While solving the call-quality problem for Blake Real Estate, Pena was able to take advantage of several features of the WatchGuard devices that proved ideal for configuring and optimizing the VoIP deployment.
"The WatchGuard appliances let us put types of traffic into different categories," explains Pena. "One of the categories is medium traffic for regular everyday use. One is higher priority, which we used for the remote desktop and terminal services traffic. And then, they have this great bucket called interactive traffic. The interactive traffic level is specifically meant for voice-over-IP, video, conferencing, any of those types of protocols. We got a list of all the ports that the voice-over-IP phone system uses, created a service for it, and dumped that into the interactive tab of the WatchGuard Firebox interface." This simple step gave the time-sensitive voice calls the highest priority.
The real-time monitoring on the WatchGuard device allowed Pena to visualize the traffic flowing through the device and fine-tune the system. During the process, he found some undocumented surprises in the VoIP system. "We found that the phone vendor's list of ports wasn't all-inclusive. We picked up the phone and made a call, just to check the ports in use. We could see the packets that were going through on the medium level, on the high level, and on the interactive level, and we found two or three additional ports that weren't mentioned by the vendor." The real-time capability made it possible to tune the system based on actual traffic in production conditions.
Thanks to the business-grade processing power of the WatchGuard devices, the problems with the terminal sessions dropping also disappeared. That was important for productivity, especially in the accounting department. Kave explains: "All of our servers are located at the main office. Our accounting department personnel and our building personnel located in the remote properties all communicate with our servers through Remote Desktop Protocol over the VPN. The dropped sessions were frustrating, and it was a relief to have the problem solved so completely."
For Kave, bringing the WatchGuard appliances online solved a huge problem. "I lost a lot of sleep. It was very stressful, because the VoIP system that we purchased was not working properly. Now our personnel aren't complaining, they're much happier. And that makes me happier, too."
And for Pena? "We've been working with WatchGuard for probably ten years. They're great products. We're also a Cisco partner, but when it comes to needing to open ports and manage an actual firewall, nothing beats the ease of use and robustness of a WatchGuard product. They're a great partner for our business, and we always recommend WatchGuard to our customers."
We've been working with WatchGuard for probably ten years. They're great products. We're also a Cisco partner, but when it comes to needing to open ports and manage an actual firewall, nothing beats the ease of use and robustness of a WatchGuard product. They're a great partner for our business, and we always recommend WatchGuard to our customers.
Jeffrey Pena, Implementation Engineer
Capitol Computer Exchange, Inc.