Critical Application Balanced
Rip and Replace
With over 30,000 homes built and counting, Keepmoat Homes is a top ten home-builder in the UK who plan, design and develop both large and small-scale developments. More than 70% of Keepmoat homes are sold to first time buyers, making Keepmoat one of the UK’s most experienced organizations when it comes to helping people take their first step on the property ladder.
Keepmoat Homes were rolling out a companywide upgrade to Windows 10 Enterprise and began reviewing a remote access VPN solution to coincide with this. Given the nature of the business, Keepmoat has a very dynamic and mobile workforce with staff working on construction sites, remotely, i.e. at home, or in one of its 10 regional offices across the UK. Enabling staff to easily and securely access key business systems and applications through their devices, no matter where they are located, was a key pillar of focus as part of the broader desktop modernization project.
Having considered a variety of vendors and solutions, Keepmoat Homes decided that Microsoft’s successor to Direct Access – “Always On VPN” was the best fit for its needs, as explained by Andy Walton, Head of Technology & Cybersecurity at Keepmoat Homes. “As soon as you log into your laptop and you have an internet connection, whether at home or elsewhere, the VPN just fires up without any user interaction necessary. Obviously, that makes Always On VPN stand out from other VPN solutions where you've typically got to actively interact with it to connect.”
A load balancing solution was required to eliminate any single point of failure in the Always On VPN architecture which is crucial for ensuring the highest level of availability and productivity for mobile workers. Keepmoat Homes had been using a hardware load-balancing solution from another vendor within its infrastructure, but the opportunity presented itself to replace these with a more flexible and virtualized solution said Andy,“ Because of our transition away from traditional hosting and physical infrastructure, to a more consumption, commoditized based model, I knew straight away I was going to be looking at a virtualized solution to replace our existing one.”
Andy had worked with other load balancing solutions from a variety of vendors previously, but his experience with Kemp stood out for him and the decision was made to deploy Kemp Virtual LoadMasters, “I knew that the product, the interface, the ease of deployment and set-up plus the fact that there are pre-defined templates available to download, would ensure that my team would get to grips with it very very quickly, especially moving away from the existing solution, which I always felt to be a bit convoluted and complicated, creating a significant administrative overhead.”
Keepmoat Homes built its Always On VPN environment from the ground up, creating two Windows 2016 servers with Kemp Virtual LoadMasters deployed in front of them, configured as an HA pair. The Virtual LoadMasters act as a termination point, intelligently load balancing the IKEv2 traffic that flows through the RAS servers which provide the Always On VPN capability.
One unique challenge with load balancing the IKEv2 traffic is that the load balancer must be configured to ensure that both UDP 500 and 4500 from the same VPN client are always forwarded to the same real server to ensure proper operation. Keepmoat utilized the port following feature on the LoadMaster to meet this challenge. Andy commented, “We configured the loadmasters for the port following behavior required, because of our use of NAT-traversal, which uses UDP port 500 for phase one of the VPN setup process, and then switches across to UDP 4500 as part of the continued negotiation process. The great thing was that it just worked.”
Another advantage of using Kemp was the ease of implementation and management, the deployment of the LoadMasters within the Always On VPN environment was completed within a short time frame. “As soon as we got the licenses, we deployed the LoadMasters as a HA pair on our IaaS platform, followed in quick succession by the RAS servers. We went from a very small pilot to a broader roll out, quite quickly and without issue”, explained Andy.
During the implementation process, Andy and his team found the tutorial articles and videos from Enterprise Mobility Expert, Richard Hicks about Always On VPN IKEv2 Load Balancing with Kemp to be very helpful. Richard Hicks is a highly respected voice in the Enterprise Mobility space and has been an endorser of Kemp’s LoadMaster capabilities saying “The Kemp LoadMaster load balancer is an excellent choice for eliminating single points of failure and improving scalability for Windows 10 Always On VPN. It includes all of the advanced capabilities administrators need for addressing the unique requirements for load balancing Always On VPN infrastructure services, while at the same time being easy to configure and manage.”
Keepmoat Homes like many businesses had begun its cloud journey within the last 12 months, moving from a traditional co-located data center model to a new IaaS platform as a first step. Commenting on the next step of this process Andy said, “Now that we've moved all of our business applications and systems onto a new infrastructure as a service platform, there will be a subsequent piece of work undertaken by my team, to evaluate where those workloads are best placed for performance and to deliver the best value to the business. Part of that analysis will be to assess whether or not each of our workloads stay where they are or should move. For example, should we consider a hyperscale cloud environment such as Azure, AWS and/or Google Cloud? So this was another important factor in my decision.”
Choosing Kemp as the load balancer of choice was not a decision based solely on Keepmoat’s immediate requirements but took into consideration the ability of Kemp to fit into their future cloud technology mix. The flexibility of Kemp to be deployed seamlessly across on-prem and multi-cloud environments and deliver a great always-on application experience to end users was a key factor. Andy added, “An important factor with the Kemp LoadMasters was the fact that we can deploy the product into any one of those different hyper-scale environments and receive the same consistent level of service.”
Overall Keepmoat Homes has been very satisfied with Kemp, the ease of use, flexibility and the always-on application experience provided to its employees resulted in Kemp handling a broad range of their critical business applications such as SMTP, Active Directory Federation Services, Secure FTP and several other web applications. Andy concluded, “So we’ve got a real mix of workloads going through Kemp ADCs, and they’re doing a great job.”
I knew that the product, the interface, the ease of deployment and set-up plus the fact that there are pre-defined templates available to download, would ensure that my team would get to grips with it very very quickly, especially moving away from the existing solution, which I always felt to be a bit convoluted and complicated, creating a significant administrative overhead.Andy Walton