Dirty appliances: The hidden environmental costs of VPN gateways
Another reason not to like your VPN.
In networking we often discuss routing, packets, protocols and latency. It’s always been our lifeblood and our passion. Another area we are passionate about is hardware. A new router, firewall, switch or network appliance will elicit numerous debates and send us to a world of what if? What if I deployed this box to my network? How would it impact it? Would it make the network faster? Would it make my job easier? Now, one topic we don’t discuss is the “green” impact of this new box.
Our networks are complex, costly and truth be told, they impact the world around us. At Axis Security, we often refer to the journey of Amy in HR. Amy is part of the hybrid workforce. Her day begins in her home office which is located at the kitchen table of her house. Everyday Amy must use the corporate VPN to access the applications she requires to complete her job. Her journey looks like this.
Amy must run a virtual gauntlet of IT network and security hardware appliances. Typically, this may include a series of seven systems each with a redundant twin for high availability.
So, what is the impact of these 14 boxes on our planet? Let’s break it down.
Amy’s point of entry is the data center firewall. Typically the firewall is the second most power consuming device. For our scenario, we will select at Palo Alto Networks PA-5430 firewall. The power ratings for this device come in at 630 watts. Since our design is redundant, we will need two of them. Therefore, the total for the two is 1260 watts.
Next up is the Denial of Service appliance. This time we will go with a product from Cisco Systems. The selection will be a Cisco the Defense Pro 20. Its power requirements are rated at 320 watts. Again, we will need two for high availability so the number is 640 watts.
NAC and ADC are next in the path. While there are appliances in this area, we will leverage Cisco ISE. While we could build this out a number of ways, let’s keep it simple and call it two servers running a dedicated application. Power requirements will come in around 850 watts per server. Again, we need two so 1700 watts is our total for NAC and ADC.
On to the SSL! For the SSL decryption, we will go back to Cisco. The Cisco Firepower 5555 is our most efficient solution at 134 watts at peak. We need two so 268 watts is our number!
Now comes the IPS system. Again, we will go with a Cisco Firepower product, the 9300 appliance. Unlike the Firepower 5555, the 9300 is power hungry at 1000 watts for both.
And we are almost done. One more firewall to go!! Again, we’ll go back to Palo Alto Networks. Add a pair of PA-5430 at 1260 watts.
Now that we’ve completed Amy’s journey from a network and security appliance point of view, let’s add up our power budget and determine the power costs as well as most importantly, the impact on the planet.
The power budget comes to 6,128 watts at peak. Based on a cost of power at .32 per kWh, at 24 hours a day, creating 146 kW/h per day (aka 53,681.28 kW/h per year), our total per datacenter cost comes to $17,178 each year – just in electricity costs. This doesn’t include Manufacturing costs either.
But what is the total carbon impact? We used the free Greenhouse Gas Equivalent calculator provided by the EPA and found that 53,681.28 kW/h per year is equivalent to 25.6 tons of Co2 per datacenter! That is equivalent to what 27 acres of US forests sequesters per year. Check out some other interesting equivalencies below.
A report commissioned by Statistica found that 73% of companies have 3 to 5 data centers in use. 40% of companies have 6 or more!
So if we assume 5 data centers for each Fortune 2,000 company (most will likely have more), the electricity costs alone for the VPN gateway would be $85,890 per year (again only for electricity). The environmental impact would be a whopping 128 tons of CO2 emissions. Times that by 2,000 Fortune companies and that’s 253,475 tons of CO2 emissions. The equivalent to carbon sequestered by 272,129 acres of US forests.
That’s a lot of green, for too much green. It’s time to say bye to hardware based VPN and move to a new software based solution designed using the Security Service Edge framework. It can be delivered from the Cloud from data centers with carbon offsets. Result, better for the environment, better for the planet and likely, lower cost.