Many of you will probably have heard of a new film that is currently being shown now called “The eye of the storm”, which relates the story of a small town hit by enormous storms one after another including tornadoes and hurricanes. For those of us that may think that there´s a mistake in the post, yes; this is still about technology. But seeing the film the other day, I noticed some facts that somehow reminded me of the routing business we are in.
The film has nothing new to offer. Especially for those of us who may have watched a similar one called Twister in the 80s (and still remember the flying cow!). The interesting thing is that I watched the film in experience mode. This means the theater had set up huge fans and water sprinklers that were coordinated with the different scenes. Thus, when the hurricane hit the people on the screen, the system turned on the fans and a strong wind with tiny water drops would hit your face and body – practically all through the film. So, by the end, and since the film is all about hurricane scenes, when lights turn on you are chilled and wet. I cannot think who thought this would be a good idea! Let´s see:
First of all it doesn´t help a bit to get into the film. You keep wondering when the fans are going to turn on, the strength of the air, and other things that have nothing to do with the story. And by the end you only want to run off to get a towel and a warm drink. Secondly, I am sure that the theater made a great investment in a system that the customers might not like, or is not a real improvement in the experience of just watching the film. And the third point, it´s more expensive to go and see. So many customers would just prefer to save their money.
And here is where this links with the Routing Business (yes, I mentioned this was about Technology). To begin with, we all know that Network Technology right now is exactly in the very eye of the storm. NFV, SND, Security, Mobility needs and such are expected to bring important changes in the way that service providers consider the current network business. But apart from the obvious word games, let´s see why I saw similarities between a vendor manufacturer, the film and the theater experience:
- Efficiency: The necessities of customers when it comes to network equipment are well known. However, many vendors pack their equipment with lots of features that, a) the clients do not need and b) end up draining resources thus lowering the performance of their routers in key features that the customers pay for. In the same way as the film, where the story starts to lose all interest due to the endless storms.
- Investment: When a vendor designs a product roadmap, the return of investment is one of the key factors. So, they invest in features that suit the needs of the majority of their customers or in special features that are demanded from a niche market or special customers. Contrariwise, the investment is useless. Throughout the film, I kept thinking. “Apart from a hurricane film, what is all this investment in this infrastructure valid for?” Because it cannot possibly be reused for any other films (or only for a very small number of them).
- Price: Is the customer ready to pay extra for what you are offering? We live in a world where budgets are tighter each year. And customers try to save as much money as possible in things that are not really necessary. So is it reasonable to charge extra (and risk rising above the market price) for features that the customer may not need, want or even appreciate?
As you can appreciate, I didn´t find the film very interesting (with or without fans), but I reached the conclusion that it makes sense to avoid some extraordinary, even appealing and marketable features, that only raise the cost and do not help to more effectively solve the customer requirements (in this case, the obvious need was watching a good film).
This is what we have in mind in Teldat when we design our routers. How to solve the customer needs as efficiently as possible, at a lower cost. Consequently the first thing we do is to find out what these needs are and stick to them, without adding a lot of features and functionalities that we charge our customers for, but do not necessarily add a significant value. For us in Teldat, this is what competitiveness is all about.
Lola Miravet: Telecommunications Engineer, is the Head of Teldat’s Corporate Marketing Department.
In essence a Virtual Private Network (VPN) consists in using a normally public network (IP) but at such a level of abstraction the said network is only used as a transport mechanism between two ends over which a private network has been constructed. The inherent fact of using a public network requires security, up to the point where both concepts, VPN and security, become one, independently of whether the core of the network providing connectivity is public or private. For this purpose, the connections between the points are often called “tunnels” thus concealing the private information being transported over the public network.
Security being a key element in these communications, it’s essential to know the different VPN techniques, understanding which is the best to apply to each scenario. The problem arises when handling the amount of acronyms associated to the VPN, which on occasions seem as cryptic as the protocol itself it’s referring to (GRE, L2TP, IPSec, DMVPN, GDOI, SSLVPN, WebVPN, etc.).
VPN at the network layer
This consists of the implantation of the VPN at the OSI layer level 3; this means that the devices and the applications at either end of the “tunnel” can see each other (at level 3) in the same way as they can through a direct connection; consequently this type is VPN is transparent to any protocol and application:
- GRE (Generic Router Encapsulation) and L2TP (Layer 2 Tunneling Protocol) are simple protocols that permit you to construct VPNs at the network layer, despite being both proven compatible and standardized protocols, they do not have a sufficient security level developed for them and consequently are not widely used except for an auxiliary protocol for VPN interconnection.
- IPSec (Internet Protocol Security) is an alternative standardized, fully compatible protocol for VPNs over which a suitable security level has been developed, being the standard de facto as a security protocol and VPN and widely used in the routers at the exterior of the network
- DMVPN (Dynamic Multipoint Virtual Private Networks) is a VPN architect based on the simultaneous use of GRE and IPSec. GRE is used for connectivity and IPSec for security. The advantage of using GRE for connectivity is that it allows you to send routing information so the tunnel ends in the private networks talk to each other thus reducing the effort of configuration to construct VPNs for a high number of points. DMVPN is based on a central point (Hub) that all the remote points (Spokes) connect to, and that distribute the routing information between them. DMVPN is based on the RFC 2332 NBMA Next Hop Resolution Protocol (NHRP).
- GETVPN (Group Encrypted Transport Virtual Private Networks) or GDOI (Group Domain Of Interpretation) is an additional mechanism to IPSec that simplifies key management. Also based on RFC and interoperable, this is based on a central server that generates and sends keys to all the points. GETVPN does not construct “tunnels” consequently this only operates if the host addressing is public.
Branch office routers establish VPNs at the network layer which are transparent to the local network devices although it’s also possible to find implementations (typically IPSec and L2TP) in hosts, either as part of the operating system (Windows, Linux, Android, IOS), or as additional network services developed for third parties.
VPN at the application layer
This consists of establishing the VPN without the intermediate routers or the host network stack intervening. The base is SSL (Socket Security Layer) protocol from an HTTP session. In the most basic version (clientless), the SSL server maintains a safe session with the HTTP browser through the public network and presents resources from the internal network (applications, file servers, etc.), in a web format to the client; this is known as HTTP Reverse Proxy.
A more advanced version (Full Network Access) downloads in the client applet creating virtual interfaces to intercept private traffic to exchange between the client and the private network, thus efficiently achieving the establishment of a VPN between the host and the private network connected to the server.
SSL is an original Netscape implementation; version 3.0 has been standardized by the IETF, now know as TLS (Transport Layer Security) 1.0, however the standardized part consists of the security protocol but not the reverse HTTP Proxy features nor the applets, which are proprietary.
Which VPN is the best?
This depends on one’s needs. VPNs at the application layer are the solution to individually interconnect a device from any point on the public network outside the branches; for example mobile users that connect their portable devices from Internet (PCs, tablets, telephones, etc.), or even public PCs. The VPN servers at the application layer are usually found at head offices and not in the access routers.
To establish VPNs between different company branches, the solution consists of VPNs at the network layer from the access routers in each branch office, IPSec being the standard de facto.
Teldat is world class leader in VPN technology interoperability for networks (L2TP, GRE, DMVPN, GETVPN), with ample references from large corporations and clients .We offer you all the advice you need about VPN networks. Because the best way to earn your trust, is to offer you the best service.
Marcel Gil: graduated in Telecommunication Engineering and Master in Telematics (Polytechnic University of Catalunya), is a SD-WAN Business Line Manager at Teldat.
Whether it’s the residential sector or comprehensive installations within offices, to highly sophisticated applications and even beyond, by now wireless networks can be found in almost all market segments. Wireless LAN has become far more than a mere network to supply wireless Internet connectivity. The technology is now part of a business processes. Due to the large variety of applications, it is hard to mention all of them. Nevertheless, these are the most common applications. The wireless Internet access and e-mail connection are the most common applications for sure. Some companies have even stopped using LAN cabling to a great extent. Retailers often use mobile cash registers connected via wireless LAN. Logistic companies, as well as retailers, register incoming and outgoing goods by wireless barcode scanners. And while we are on the subject of retailers and logistic companies, they nearly always have several locations and hence they are chain stores.
Today’s wireless LAN networks have become increasingly available throughout the entire company infrastructure. Therefore a variety of access points are required for a seamless network and of course, for a central management and monitoring of sometimes numerous access points, wireless LAN controllers are used.
Wireless LAN controller for chain stores and branch offices: Centralized management
We will now describe the suitability of wireless LAN controllers for chain stores in order to facilitate the monitoring and configuration of wireless LAN networks in different branches. Thus the central management and monitoring of all access points in all branches should be prioritized.
Working via a WAN connection a wireless LAN controller in remote operation, secured via a VPN tunnel, has some specific characteristics.
In the graph above the wireless LAN controller located at the central site communicates via a secured VPN connection to numerous access points which are located in several branches.
These access points in the graph above are fat access points. Basically the wireless LAN controller centralizes configuration and monitoring. It is advantageous to process the user data in the various branches locally in order to limit the data volume transferred via the WAN connection secured by VPN. This is the case in many applications. Initially, as a fail-safe operation, a supermarket chain for example, usually processes on site and hence decentralizes the data of the supermarket checkouts and wireless barcode scanners. Only in the evening at closing time data synchronization takes place between the branches and the Head Office.
Wireless LAN controller solutions for remote operations
A further problem which occurs with the remote operation of a wireless LAN controller, is the availability of a WAN connection secured via VPN. Naturally a VPN connection cannot guarantee a hundred percent availability. Even managed VPN services only assure an availability that ranges between 95 and 98 percent. After all this could mean a failure of several days a year.
Hence, it can be said that, only wireless LAN controller solutions that are especially designed for remote operations are suitable for this type of scenario. This includes:
- Traffic limitation between access points and the wireless LAN controller.
- Self-sufficient operation of access points that can run for a specific period of time without being connected to the wireless LAN controller.
- Users should make sure that the data can be processed locally in order to bridge downtimes of the VPN connections.
Bintec WLAN products can deliver a simple and powerful platform that solves common problems such as reliability, security and local/remote management of the whole WLAN network across the WAN and individual Access Points. Total integration with Teldat or bintec-elmeg routers and management platforms is indeed a strong added value for those customers who already have a significant installed base of these devices. Moreover, it is also a great added value for those who plan to deploy a large number of branch office infrastructure and need a complete network solution for wired and wireless connectivity.
Hans-Dieter Wahl: WLAN Business Line Manager
Nowadays the whole electric grid is rapidly changing worldwide. Generation quickly becomes distributed through the use of new renewable energy sources (primarily wind and solar based). Consumption also takes new forms, as users develop new needs through the use of electric vehicles and smart appliances able to select the optimal time to operate. The distribution network has to quickly evolve and adapt to the new generation and consumption scenarios in order to continue to provide the level of service that consumers have come to expect and demand.
The increased complexity of the electric grid cannot be managed with traditional setups. In order to face these new challenges the electric network must be better intercommunicated and it needs to be able to provide its operators with precise and current information. This enables informed decisions and guarantees the continued operation of the grid, while preventing failures which could quickly cascade.
By incorporating telecommunication technologies into the electric grid, many new services for clients can also be realized and management of the whole system becomes easier and cheaper. A comparatively small investment to upgrade the network will quickly pay for itself in the form of more streamlined management and new services for customers.
New possibilities for grid operators
- Constant control and monitoring of the electrical substations. Black-outs and overloads can be prevented by monitoring the whole distribution network and watching for signs of problems. Additionally decisions such as when to connect alternative power sources can be taken quickly. Areas with problems are quickly isolated so that they do not affect the rest of the network.
- Reduced operation costs. By remotely monitoring the whole system, electrical companies no longer need to send out personnel in order to carry out certain maintenance tasks or to check the status.
- Offloading part of the generation costs, as consumers self-generate (but are charged for the management of the system and back-up availability).
- Possibility of including new renewable generation sources, with lower OPEX costs and reduced dependencies on varying fuel prices.
- Reduced investment in generation due to more stable consumption pattern along the day. Supply can be more constant and the generation no longer needs to cover extreme demand peaks. This leads to less backup generators.
- Reduced liability to consumers’ compensation for electrical outages.
- A secured communications channel that is immune to security threats and can be used for additional services.
New services for consumers
By upgrading its network, the electric operator can offer (and monetize) new services to its consumers, including:
- High availability contracts for industrial clients, given the increased reliability of the whole network.
- Ability to constantly monitor electrical usage and receive detailed reports. The consumer can invest in more efficient appliances due to a better understanding of their electrical consumption.
- Possibility of using new high consumption devices (ex. electric cars) without putting the electrical installation at risk
- Possibility to self-generate part of the electrical consumption. Thereby being more resilient to electrical grid failures.
- Programming intelligent devices (i.e. washing machine, electrical car, water heater …) to activate in valley consumption periods in order to pay lower electrical prices.
- Under certain circumstances, ability to instantaneously change the capacity of their own network. The electrical company can remotely adjust the client’s meter (network permitting) to allow higher or lower power consumption.
Teldat provides the communications network for electric operators. It empowers the grid owner with new opportunities while safeguarding its data and infrastructure. Teldat employs the same protocols for which it has gained recognition in critical sectors such as banking, thereby guaranteeing a secure network, protected from intrusions.
Daniel Alvarez Wise:
Perhaps this question has to be clarified somewhat.
Indeed, slower and more mature cellular lines 2G and 3G lines are already main line connections in certain scenarios, especially in those segments which are not so dependent on large bandwidth, but at the same time are extremely dependent on mobility. A typical example is that of remote cash point machines deployed across the world in all sorts locations (shopping malls, airports, sports centers, etc.). Many banks came to conclusion some time ago that the difficulty of connecting these machines to a wired connection, made cellular connectivity much more viable.
In which cases can 4g and LTE be a good alternative to fixed line connection?
However, the real question that needs an answering today is; can 4G/LTE become an alternative to WAN (Wide Area Network) fixed line connection? Starting from the bottom upwards, we could say, yes it can be that alternative, because there are many vertical markets that require broadband on the one hand and cellular connectivity on the other.
Retail is a market which is definitely changing and could benefit from 4G/LTE. Haven’t we walked into department stores which frequently seem to be changing their sales items’ layout on the shop floor? Such mobility makes the use of wired connection difficult and if they use applications such as digital signage among others, which are becoming increasing popular, a large wireless broadband is necessary for correct functionality.
Also within the retail sector, pop up shops and kiosk are prime candidates to have 4G/LTE as their main line connectivity. They always need fast and temporary deployment accompanied with the increasing requirement to connect to the central sites for reasonably large amount of data flows.
Public transport can hugely benefit from 4G/LTE main line connection. Many cities are installing security cameras onboard buses, trains and similar forms of transport. These images cannot only be stored on the vehicles, but with 4G/LTE live connections can be established with the city control rooms, increasing employee and traveller security. Moreover, once 4G/LTE is installed on public transport, many authorities use the opportunity of having cellular broadband onboard to offers its clients Internet connection and hence increase customer satisfaction and loyalty to public transport. Hence, staying away from private transport which most cities want to reduce.
Healthcare is another important cliente of 4G/LTE main line connectivity for its emergency vehicles (ambulances, etc.). Not only to track the vehicles, as in the transport sector, but also to have its medical equipment onboard connected to the Hospital with the specialists. So in extreme cases lives can even be saved, when critical patients haven’t the time to arrive at the Hospitals. On a more routine scenario, rural areas can clearly have their doctors’ consultancies or even individual patients, connected to their specialists who are located in the more urban parts of their country.
Although these vertical markets are of interest, and very much so, there is a common business set up, across most of the world today that can use 4G/LTE as main line connectivity. That is, the branch office scenario in its different shapes, types and sizes.
The role of 4G/LTE on a global scenario
It is true that in highly wired cities there would be a good debate as to whether 4G/LTE would be a better option for branches located in these areas. However, as soon as we move away to smaller towns and especially the more rural areas, then the 4G/LTE alternative would be quite convincing, basically because if available, the bandwidth would be wider on 4G/LTE in these areas, than what a wired connection can probably offer.
Moreover, we must bear in mind that what can be classified today as a “branch office” spread across a nation’s geographical terrain, may be many more establishments than the traditional local bank branch or post office. Companies are developing mini-branch sales offices with perhaps only one or two employees, but they need them to be connected and able to work on all the type company applications. These applications require a broadband with significant width. For this scenario, 4G/LTE would fit perfectly.
From a different perspective, there are many traditional establishments which before would not be classified within the branch office / head office connected scenario, but now do fall into this category. For example, many public sector establishments, such as schools, doctors’ consultancies, etc. are now becoming more and more connected to their “head office”. All of these “new branch office scenarios” need to be connected to their central site or simply to the cloud, from where they require to establish data flows in both directions.
Routers, VPN and Security
However, independently of fixed line or 4G/LTE connection, we do have to remain cautious in all scenarios as always, else the standards that we are accustomed to will not be maintained. Hence, whether the connection is being made from a larger city branch office on wired connection or from a much smaller rural office on 4G/LTE, we need the VPN to be as secure as always. The same router types and operating systems should be used for fixed line or 4G/LTE connections, else the economies of scale achieved within the ICT department will be lost and the data being routed around the countries and the world would viable to hackers, etc..
Teldat not only has years of experience in manufacturing cellular routers from the beginning of 2G technology through the entire 3G development, but already has excellent devices with proved and successful deployments of cellular 4G/LTE scenarios in different parts of the world. Do not hesitate to contact us and we will help you solving all your doubts!
Javier García Berjano: Online & Corporate marketing manager at Teldat. Javier manages the web, blog and other social media, as well as corporate marketing areas in collaboration with the different Teldat business units.