BASF: Increasing Productivity, Recognizing ROI With a Satellite VPN Network

When a corporation generates time-sensitive production information in the field that equates to millions of dollars in sales, it is paramount to have reliable, secure network connectivity. Add the requirements of connecting users and remote field offices using existing network infrastructure while maximizing productivity through company-wide deployment of essential enterprise applications, and you have the scenario facing information technology management at BASF.
BASF, based in Ludwigshafen, Germany, is the world’s leading chemical company with a portfolio that also includes: plastics, performance products, agricultural products and crude oil and natural gas. The company has production sites in 41 countries, more than 81,000 employees and customers in more than 170 countries.
Large companies often have numerous enterprise applications that employees need to access, and the broadband satellite network BASF had deployed was very unfriendly to the company’s applications. Remote user sessions often locked up, timed out or required multiple retransmissions of large data sets. This wide area network (WAN) scenario is not uncommon for multi-national enterprises that must move different types of content among remote sites as well as to data centers.
BASF Information Technology Infrastructure Manager Nick Sierchio is responsible for all of BASF’s remote connections in the United States, Central and South America, and Canada, and it was up to him to find a solution that conformed to corporate security policies while meeting the requirements defined by management and demanded by users. “Satellite kind of fell into my lap,” he says.

The Crisis

Determined to find a reliable, secure, high-bandwidth solution for his remote users, Sierchio chose to explore various network platforms for building a virtual private network (VPN) over broadband satellite. “All remote access goes through me at the North American headquarters in New Jersey,” he says. “What I was facing in 2004 was that roughly 25 of our remote offices were already on the WAN using broadband satellite and our existing terrestrial VPN solution, but there were major performance problems. We were getting lots of complaints from both our field offices and sales staff.”
The satellite system in use at the time, when used in conjunction with either VPN client software on the desktop or the corporate standard WAN security devices, prohibited any advanced application connectivity and created severe latency issues for even the most basic networking tasks. “I also needed a solution that provided an IPSec (Internet protocol security) VPN connection between the remote and data center locations that allowed remote users to actually run their applications, because secure, reliable high-bandwidth connections are critical for employee productivity.”
While a certain amount of latency is inherent to satellite connectivity, latency variation, or jitter, destroys application performance across the WAN. The satellite vendor that Sierchio inherited provided a system that suffered from larger-than-expected latency across the network of 1,500 to 2,000 milliseconds. “Our performance issues were further exacerbated by our standard terrestrial VPN devices, which degraded bandwidth and added crippling jitter problems to the satellite network,” he says. “The more latency you have on the connection at the start, the more pronounced the effects of jitter are on application performance,” he says.
In this case, a particularly bad combination of satellite service and a network security device rendered the satellite network virtually unusable. What started out as a relatively high-bandwidth Internet connection over broadband satellite — 128 kilobits per second up/512 kbps down — resulted in a user experience worse than dial-up. “Application sessions would disconnect or time out because it would take so long to transmit data between the client and server,” says Sierchio. “We even had instances where browser connections to BASF’s most basic intranet Web applications would stall on the screen as they were being downloaded.”
The satellite solution BASF had deployed with its standard terrestrial VPN platform suffered from the typical VPN over satellite performance issues of not maintaining a tunnel, severely reducing bandwidth and crippling application performance. Sierchio went looking for an industry-standard IPSec, satellite-enabled VPN solution. “When I inherited this project, there were a lot of angry users, and I immediately started looking into other viable options,” he says. “Because of the sensitive data that is transmitted from field offices, BASF requires an IPSec encapsulation tunnel for maximum security. IPSec VPNs that use ESP (encapsulation security protocol) are integral to our security policies because this protocol encrypts the whole data packet, including both the header and the data payload, so that no information about the data session is available while the packet traverses the public Internet.”
BASF also needed more bandwidth than dialup connections could offer based on the increasing number of applications being deployed across the enterprise and a couple of bandwidth-hungry applications already in place. “The preferred method of connectivity is at least a DSL/cable modem/wireless connection,” say Sierchio. But many of BASF’s remote sites as well as the sales staff are located in areas where terrestrial or wireless broadband connectivity is simply not available, and BASF management is committed to the productivity gains and business intelligence provided by its enterprise applications. “We had a clear need out there for our remote sites and our field employees. Therefore, I had a mandate from management at the outset,” says Sierchio.
By eliminating the VPN client software method and migrating to a point-to-point IPSec VPN satellite solution, BASF could support multiple platforms on the LAN at the remote site. “Because we are not using VPN clients on the desktop anymore, all users on the LAN can work simultaneously through the VPN as well as access all local devices and network printers needed at the remote site,” Sierchio says. Removing or disabling the VPN software client from the desktop also simplified remote desktop support.

Complete Solution, Single Product

With the go-ahead from upper management, Sierchio began reviewing vendors. BASF chose End II End’s Gateway Security and Optimization software, which includes a satellite optimized AES-256 bit IPSec VPN. “They offered me the service, the solution, the follow-through and support I needed for this project,” he says. “Once I chose to install the End II End solution, I first put a test bench together in our lab here in New Jersey and ran it hard over satellite for three months. Our results showed that End II End’s VPN is seven times faster compared to other VPN alternatives tested. After that, we installed it in one of our remote facilities, and I ran it for six months as a production beta test before we converted our other remote sites.”
After the lab testing and benchmarking, Sierchio began deployment of the End II End solution, but the first site was no ordinary location. Located among the cornfields of Minnesota is one of BASF’s key facilities for hybrid crop research. BASF develops hybrid seeds for its hybrid corn seed in rural Minnesota that are then used to create the seed stock for livestock feed and ethanol production crops in the United States, South America and Europe. These experimental hybrid research plots are planted, monitored throughout the growing season and harvested in the fall to develop the most robust and disease resistant strains in an effort to maximize crop yields for subsequent growing seasons.
“Minnesota was having the most problems of any of our remote sites,” Sierchio says. “It is a critical site for the Plant Sciences division, located in an extremely rural location with harsh weather conditions. Terrestrial broadband services were just not available and dialup connectivity was too inefficient for the researchers to access the databases at the data center. Therefore, it was the perfect fit for us to see how End II End’s satellite VPN solution would perform.”
The primary database for this application is located at a BASF facility in North Carolina. There are about 50,000 entries in the database, which managed by the Minnesota research site. The nature of the application requires entering multiple data points during a single session for a given entity. Any interruption in connectivity that disrupts the data session terminates the application and the user must start over to ensure database accuracy for the data being entered.
This intensive approach to managing data collection, field layouts, maps, inventory and statistical analysis requires entering more than 370,000 data points for the 50,000 entities managed by the Minnesota site. Data entry primarily takes place from June through October, with 80 percent of the data entered in that final month, so it is essential that the researchers be able to access and analyze the research data in a timely fashion.
Contra growing environments such as Chile, Hawaii and Puerto Rico are planted in October and November to reduce the time needed to market the hybrid corn. The business model and research timelines dictate that the strict crop cycle timeline for producing the hybrid seeds is met, otherwise return on investment goes down. The selection of which corn hybrids to advance in the research pipeline is ultimately derived from the cumulative analysis of all the data in the database application. Failure to meet planting deadlines in late April and early May in Minnesota or the October and November plantings in the contra environments will delay the release of a commercial corn hybrid to a farmer by at least one year.
“We only have a narrow window of two weeks to make decisions and plant the next season. Without reliable access to the database, we are not able to met the stringent and non-negotiable deadlines set by business and research management,” says Todd Frank, head of the BASF Plant Sciences facility. Failure to plant the research plots in the narrow windows nature allots will delay the commercial release of the hybrid to the farmer and this translates directly as a fiscal loss of millions of dollars per year for the Plant Sciences division.
When Sierchio inherited the remote site connectivity project, he found that the connection stability and application performance was so poor over the legacy satellite VPN connection that the staff would not even use it. The researchers had resorted to downloading the data onto a laptop and making a 15-minute drive to a nearby town where they could enter the data using another BASF subsidiary’s network connection.
“We were reduced to operating in a very archaic fashion that was very inefficient and time consuming,” Frank says. “We literally had to pick up our office files, printers and laptops to function. The BASF subsidiary we drove to had an Internet connection in their conference room which, when available, only allowed two users to connect simultaneously. Only one member of the staff could print reports in color, and a second member of the research staff could only print reports in black and white, forcing us to reassign job duties and schedule time between sites to accomplish data analysis and printing reports. Unless one was willing to send a runner between sites, we waited until their return to hand over needed analysis reports.
“All aspects of utilizing the database efficiently, because of the legacy satellite VPN connection, took at least twice the time they should have taken,” says Frank. “Because of the poor stability, it took additional preparation time to reassemble our ‘office’ between both sites. We had issues of making the simplest edits in the database because of the unreliable connection. What should have taken an individual two minutes to accomplish took close to an hour. That hour was spent gathering all needed items, driving to the other site, setting up at the other site, doing your work, picking all items up, driving back to our research location and setting back up in your office space. If a database problem could not be resolved over the phone it dictated the need to travel between the sites versus a walk down the hall to answer a question. Our opportunity costs were extremely high, because time lost to the legacy satellite VPN connection took away from the ability to accomplish other important research work.”
The Minnesota site transmits a lot of data in some crucial months, says Frank. During the busiest month, October, the site inputs roughly 300,000 data points into the database. “Imagine having to input an average of 15,000 data points on a daily basis during this busy month and 2 hours of your day are wasted in the office moving process between the sites and being at the mercy of having the connection available because it is in a public room,” says Frank.
The Plant Sciences staff was anxious to have their own working network connection back to the data center. “Even though we were the first site, installation went relatively smoothly given the fact that we are located 100 miles outside of Minneapolis,” says Frank. “We had good technical support and continue to have assistance when needed. There were times that we could not even get our old providers on the phone for assistance.” Once End II End’s solution was in place, the BASF research station could run enterprise applications, streamline data analysis and establish network printing. The days of driving for hours to spend days transmitting data and printing reports from hotel rooms were over. With the enhanced network in place, Frank says that its reliability and performance increased the employee productivity by 20 percent. “The solution is working very well for us,” he says. “Before, the network performance was so incredibly bad most of our staff were not even using the system to the full capacity,” he says.
“That translated into lost productivity, unused network equipment at the remote sites and a negative return on our network investments,” says Sierchio. With End II End’s satellite VPN solution, intranet web applications actually work, all of BASF’s enterprise applications run flawlessly over the satellite, network printing is transparent to the end user, and BASF engineers are working in an optimal computing and networking environment at these remote sites.
With his biggest headache behind him, Sierchio proceeded with deployment to the sales force of the Ag Chem division, the next most dissatisfied group of users. In the sparsely populated areas of the Midwest, where so many of BASF’s agriculture customers reside, the network infrastructure is very weak to nonexistent. “We had many sales people and remote locations, especially out West where we couldn’t even get a good dialup service, let alone a broadband VPN solution,” he says.
While the client VPN software allows BASF’s sales staff to communicate with headquarters while they travel, there are greater connectivity requirements when the sales force is generating forecasts, placing orders, going through training, etc., at either a regional sales office or from their home office. These other satellite-connected sites had the same performance problems as Minnesota site, albeit with different enterprise applications. Instead of serving the goals of increasing efficiency and enhancing employee productivity, the network was the source of much user frustration and dissatisfaction. “Since we deployed End II End’s satellite VPN solution, many BASF employees did not even realize that they were running their applications over satellite. That is an indication of how much application performance has improved since we installed End II End’s satellite VPN solution,” Sierchio says.
With the End II End solution installed at sales offices and home offices, sales people can plug in their laptop and have a seamless, secure connection to the data center. The sales staff can utilize all its enterprise applications to print reports, create forecasts, place orders, etc., with the network delivering this functionality in completely transparent fashion. The optimized performance and ease of use minimizes the time spent in the office and allows the sales staff to spend more time with customers. Once the End II End solution was installed, data transmission rates were greatly improved while providing the network printer connections and true virtual office experience required. All of these elements contribute to BASF’s strategy of increasing the productivity and profitability of its sales force.
Another benefit of End II End’s software solution was BASF’s ability to realize cost savings by reusing desktop personal computers coming out of the refresh cycle and convert them into network devices. Rather than dispose the Dell Optiplex desktops, BASF simply extends the warranty, adds a PCI NIC card and installs End II End’s software to convert these computers into network devices for remote sites. “It was an easy decision for my director to make, given the low total cost of ownership, the ease of configuration and deployment and the support provided by End II End for the whole project,” he says.

Future Applications

BASF was able to improve remote user productivity dramatically with its corporate security policies once they deployed End II End’s Gateway Security and Optimization software in conjunction with their broadband satellite links. While resolving these key issues is more than satisfactory for most information technology managers, Sierchio is looking to deliver additional benefits.
Having converted all the existing satellite connections to the new End II End satellite VPN solution, Sierchio is turning his attention to users who still are connecting via dialup. “When I see expenses ranging from $400 to $700 a month in dialup charges alone for a sales office, I know they are a perfect candidate for a fixed-cost satellite and they will actually get more bandwidth and better performance by transitioning,” he says.
Additionally, BASF uses a number of different terrestrial circuits from traditional telecommunications carriers for failover at most of its facilities. These circuits sit idle, yet in most cases, the same carrier that provides the primary data connection to the warehouse provides the backup connections. This means these circuits are no more than adjacent copper pairs in the same conduit as the primary T-1/DSL connection. In the event of a carrier facilities failure or natural disaster, there would be no terrestrial data connectivity at all, making these backup circuits effectively worthless.
To provide a redundant business continuity solution with two separate paths for the network, BASF is implementing End II End’s business continuity product OptimaLink, which provides a lower-cost, higher-bandwidth backup alternative to the expensive frame relay/dial backup connections in use at BASF’s warehousing facilities. “End II End OptimaLink has provided a flawless failover solution that enables our warehouses to lower the operational cost of an idle backup solution while protecting BASF from business and productivity losses due to no wide area network communications,” says Sierchio.
Whether BASF will look to deploy applications such as voice over Internet protocol and wireless in conjunction with their satellite network, Sierchio could not say. However, one thing is certain, with fewer calls from unhappy remote users, Sierchio has more time to spend thinking of other ways to leverage BASF’s secure, optimized satellite links to improve the corporate network.