Page 1 of 2
NetMotion XE vs Cisco AnyConnect
Key things regarding about Cisco AnyConnect
- This is Cisco's new VPN client - can switch between SSL & IPSec
- It can do persistence, but only for a short amount of time - unlike Mobility XE which can persist across a shift (or even a week)
- It can be configured to run as a process, but it is not easy to do this - unlike Mobility XE
- It is not easy to use, and from a user perspective when the link fails for any length of time, it breaks! (Unlike Mobility XE)
- One needs to install and evaluate both with real end users to appreciate the productivity savings
- Where Cisco has problems - end users see an error message upon connection failure, unlike the seamless transparency of Mobility XE
- Test the solutions side by side - one needs to install and evaluate both with real end users to appreciate the productivity savings. Test the following and see the difference
- Moving from an internal network to an external network
- Suspend/Resume in production.
- Persistence for more than a few minutes
- Repeated persistence, the more the device has to persist with Cisco the longer it takes to recover.
- Cisco is complex to set up, switching back to IPSec is not always simple and consumes much more airtime, slowing down applications
- With Cisco fail over/load balancing is costly
- NetMotion Mobility XE focuses on a more complete solution for all aspects of mobile applications usage. Cisco AnyConnect focuses on just offering a VPN - it offers no analytics to detail mobile usage, Cisco's Network Access Control (NAC) is a completely separate product, and Cisco offer none of the control that is offered by Mobility XE's policy engine
- Effective Secure Mobile working in the Public Sector is about managing costs - end user productivity savings, ease of use, cellular costs, IT costs in ensuring total control over mobility and wireless usage. NetMotion Mobility XE's in-built Analytics, Network Access Control (NAC) and Policy Management enables any public sector organization to prove this to themselves with a no cost evaluation for up to 100 user devices.
Secure Mobile Working enhancements for Cisco AnyConnect users
Our end users see a significant difference in application performance, productivity and ease of use as demonstrated by our no-cost evaluation; I wanted to point to a few areas.
The focus here is on the larger, ongoing expense, namely our cellular air cards and usage. It is NetMotion Mobility XE's solution that works to give the best possible return on that expense, every month. We have 500 air cards at about £40 per month on average - this is about £20,000 each month.
The driver for the comparison of the functionality and differences between AnyConnect and NetMotion is about improving the end users experience with cellular usage and providing IT with the control and visibility into that £20,000 expense every month.
A) Reporting and Analytics on Cellular Usage: Cisco AnyConnect will not provide any details into how well our cellular vendors are doing, what applications our end users access via cellular and how much usage we are consuming via cellular, which users have cellular modems or are using cellular modems. As we have seen - cellular bills can get expensive after the threshold is breached on our "Unlimited" model. With 500 air cards at about £40 per month we spend about £20,000 each month on cellular access. We need a way to monitor, control and report on how we are managing and bringing down that expense.
B) Application Persistence - An SSL solution will not provide a consistent stable reaction to changes in the network, click on the link below for a typical example of what an end user of Cisco AnyConnect would see
(our users will never get this message from NetMotion Mobility XE, no matter what network interface is used).
At first look persistence seemed to work with AnyConnect, but we then performed this quick test :
- Start up the cellular Air Card connection using Cisco AnyConnect
- Launch the SSL VPN
- Sign onto several applications
- Disconnect or manually break the connection.
- Go and get a cup of coffee, or make a phone call, go to a meeting or to go to lunch
- Come back and see the results
Similar results will occur, when you suspend or hibernate the device, or want to seamlessly move from cellular to Wi-Fi, or to an internal fixed network (like broadband ADSL or Ethernet LAN).
Page 2 of 2
Now do the same test with NetMotion Mobility XE.
This may seem trivial for those seated at headquarters with typically good internet access, but the time spent while away from the office by all 500 cellular GPRS and 3G users to get secure access to the applications to run our business will simply be much longer with AnyConnect, with more application failures and slower throughput - adding up to real hours per month that could be spent doing productive work.
C) Centrally controlled security - Turning the VPN on and off - Remember there is no concept in NetMotion Mobility XE's solution related to an end user turning the security on or off. Security with NetMotion is under central administrator control and is always on - unless the administration decides otherwise. This means one less distraction for end users from their task at hand, one less thing our end users need to do or to remember to do before they get connected. Also this is one less step to train end users on how to get secure access from mobile or cellular connections. From a security/cellular usage standpoint, with NetMotion Mobility XE, end users cannot use their device without being under central control. There is increased confidence from a security perspective, knowing that the default is that the Mobility XE VPN is always on, impossible for users to run outside the VPN tunnel and expose their device to unwanted ingress by doing what they want on the air card. With NetMotion we can control in detail what applications our end users are allowed to access per network interface (public, private, broadband etc. ).
D) Failover and load balancing - in the Cisco offering this means we have to purchase another appliance and twice the licenses to support two systems. With NetMotion Mobility we just spin up more real or VM instance of the server software to implement the server software licenses you ordered. NetMotion server load balance automatically and fail-over is automatic and transparent to end users also.
E) Prioritizing business applications in the tunnel - NetMotion Mobility XE Quality of Service (QoS) can ensure the applications that drive revenue for will always be at the top of the list when it come to access over the cellular interface within the VPN tunnel. Policies to block/allow only critical business applications can help ensure our end users do not get in trouble by inadvertently running heavy duty applications when on cellular and are always on the correct usage plan from our cellular vendor.
F) Compression and optimization - NetMotion has been designed for improve performance over cellular networks, many of our clients see a compression rate over 50%, this means half or a third of data usage going over the cellular card. Not only does this potentially lower data costs, and allow more applications to be used whilst on cellular, it also means and a much better end user experience. We do not get this with AnyConnect.
In summary, our big expense here is your cellular usage, about £20,000 per month, NetMotion's solution is designed to give the best return on this investment. From our no cost evaluation we can show that the cost of NetMotion can be paid for in just a few months in end user productivity savings together with savings from the billing from our cellular vendor.
Here are the key areas where we find NetMotion Mobility offers us facilities that we require from a management perspective which are either not possible or less desirable with the Cisco solution:
- We would like to move to a smaller usage plan for our Air Cards, and need visibility into what our current cellular usage is
- We need to run reports to see how Cellular vendor A compares to Cellular vendor B, in dropped packets, retransmitted packets, dropped connections etc.
- We need to control and prioritize applications' usage over the cellular interface to ensure the most effective solution for end users to lower operating costs
- We need to improve the performance of our business applications in a cellular wireless environment, and provide access to applications which simply do not work over the Cisco VPN as it is more bandwidth-hungry that NetMotion Mobility XE
- We need to be able to monitor abuse or overages on the devices that use expensive cellular cards, and raise automated alerts when threshold have been exceeded to allow proactive management follow up.
- We need to identify specific users who are using cellular air cards and are not on the corporate approved cellular plan
- We need to ensure business applications that run our business always have the highest priority over the cellular interface, and are not hampered by other network traffic
- From our evaluation we require the compression and optimization to enable more applications to be used over cellular and improve our end users experience over cellular
In conclusion, NetMotion's solution is more than just a VPN, it is a productivity/management tool to get the best possible return from our expense every month of 500 Air Cards as proven by our team installing a no cost evaluation of the Mobility XE software for 100 users to allow us to measure the benefits and get input for our business case.