The increasing interconnectedness between the fields of information technology and telecommunications is not new. We all know that these two worlds have grown more and more together and still do (keyword: convergence). On the one hand business communication requires professional telephony and professional routing, but on the other hand, no company, especially in the SME segment, wants to buy only a PBX in order to fulfill their telecommunication needs and no company acquires a router, and let it be as professional as possible, only for routing. The SME segment wants one device for both needs. They are driven by costs but at the same time, they want all professional benefits like larger companies as well.
Besides costs and efforts, deep integration into their technical environment and into their workflows is a must. Standardized interfaces in applications and devices, sometimes even certified by third-party suppliers, are the fundamental requirements for a seamless integration. Further challenges, such as usability, flexibility, security of investment, mobility and as a matter of course security have to be guaranteed at any time. Particularly mobility has stressed the requirement of security lately. Over the last few years the number of private smart phones and tablet PCs has continuously increased and many of these users also take advantage of their devices for business purposes (key word: BYOD or bring your own device). The convenience of eliminating the difference between “in the office” and “on the road” changes daily business while availability and communication use remain unaffected. This balancing act between mobility and security is certainly one of the biggest challenges.
Besides various challenges mentioned above which we have to overcome in the SME segment, we come to the conclusion that it is essential to have some kind of “PBX with business routing” or a sort of “router with professional telephony” for SMEs. It is necessary to find a solution that can cope with telecommunications as well as with information technology in order to fulfill all business needs for SMEs. From the perspective of the customer the crucial question that he asks himself is: What kind of device would be the professional solution? And who is able to really offer both? An IT company selling routers with telephony? Or a telecommunications company offering PBXs with professional routing? Isn’t there a real ICT company which offers both? As a matter of fact, there is. Teldat. Possibly the largest European manufacturer of ICT devices for the business market, offers true convergence. Its Bintec brand stands for professional routing and its Elmeg brand for professional telecommunications solutions. The Elmeg hybird 120 and 130 is the true converged solution to meet all communication demands of SMEs and even freelancers and home offices.
Heidi Eggerstedt: Heidi Eggerstedt is part of the bintec-elmeg's Marketing Department. Within this department she is responsible for Marketing Documentation and Translations
In 2000 the GPRS technology was introduced. It offered the true possibility of transmitting data through 2G cellular networks, by adapting a circuit-switched network, designed to transmit voice, to a packet-based network. Almost a decade and a half ago, the common speed you were able to reach was 40 kbps on the downstream (from the network to the mobile terminal) and 14 kbps on the upstream (from the mobile terminal to the network).
Eduardo Tejedor: Telecommunications Engineer, Teldat V.P. Strategic Marketing
Many of you will probably have heard of a new film that is currently being shown now called “The eye of the storm”, which relates the story of a small town hit by enormous storms one after another including tornadoes and hurricanes. For those of us that may think that there´s a mistake in the post, yes; this is still about technology. But seeing the film the other day, I noticed some facts that somehow reminded me of the routing business we are in.
The film has nothing new to offer. Especially for those of us who may have watched a similar one called Twister in the 80s (and still remember the flying cow!). The interesting thing is that I watched the film in experience mode. This means the theater had set up huge fans and water sprinklers that were coordinated with the different scenes. Thus, when the hurricane hit the people on the screen, the system turned on the fans and a strong wind with tiny water drops would hit your face and body – practically all through the film. So, by the end, and since the film is all about hurricane scenes, when lights turn on you are chilled and wet. I cannot think who thought this would be a good idea! Let´s see:
First of all it doesn´t help a bit to get into the film. You keep wondering when the fans are going to turn on, the strength of the air, and other things that have nothing to do with the story. And by the end you only want to run off to get a towel and a warm drink. Secondly, I am sure that the theater made a great investment in a system that the customers might not like, or is not a real improvement in the experience of just watching the film. And the third point, it´s more expensive to go and see. So many customers would just prefer to save their money.
And here is where this links with the Routing Business (yes, I mentioned this was about Technology). To begin with, we all know that Network Technology right now is exactly in the very eye of the storm. NFV, SND, Security, Mobility needs and such are expected to bring important changes in the way that service providers consider the current network business. But apart from the obvious word games, let´s see why I saw similarities between a vendor manufacturer, the film and the theater experience:
- Efficiency: The necessities of customers when it comes to network equipment are well known. However, many vendors pack their equipment with lots of features that, a) the clients do not need and b) end up draining resources thus lowering the performance of their routers in key features that the customers pay for. In the same way as the film, where the story starts to lose all interest due to the endless storms.
- Investment: When a vendor designs a product roadmap, the return of investment is one of the key factors. So, they invest in features that suit the needs of the majority of their customers or in special features that are demanded from a niche market or special customers. Contrariwise, the investment is useless. Throughout the film, I kept thinking. “Apart from a hurricane film, what is all this investment in this infrastructure valid for?” Because it cannot possibly be reused for any other films (or only for a very small number of them).
- Price: Is the customer ready to pay extra for what you are offering? We live in a world where budgets are tighter each year. And customers try to save as much money as possible in things that are not really necessary. So is it reasonable to charge extra (and risk rising above the market price) for features that the customer may not need, want or even appreciate?
As you can appreciate, I didn´t find the film very interesting (with or without fans), but I reached the conclusion that it makes sense to avoid some extraordinary, even appealing and marketable features, that only raise the cost and do not help to more effectively solve the customer requirements (in this case, the obvious need was watching a good film).
This is what we have in mind in Teldat when we design our routers. How to solve the customer needs as efficiently as possible, at a lower cost. Consequently the first thing we do is to find out what these needs are and stick to them, without adding a lot of features and functionalities that we charge our customers for, but do not necessarily add a significant value. For us in Teldat, this is what competitiveness is all about.
Lola Miravet: Telecommunications Engineer, is the Head of Teldat’s Corporate Marketing Department.
In essence a Virtual Private Network (VPN) consists in using a normally public network (IP) but at such a level of abstraction the said network is only used as a transport mechanism between two ends over which a private network has been constructed. The inherent fact of using a public network requires security, up to the point where both concepts, VPN and security, become one, independently of whether the core of the network providing connectivity is public or private. For this purpose, the connections between the points are often called “tunnels” thus concealing the private information being transported over the public network.
Security being a key element in these communications, it’s essential to know the different VPN techniques, understanding which is the best to apply to each scenario. The problem arises when handling the amount of acronyms associated to the VPN, which on occasions seem as cryptic as the protocol itself it’s referring to (GRE, L2TP, IPSec, DMVPN, GDOI, SSLVPN, WebVPN, etc.).
VPN at the network layer
This consists of the implantation of the VPN at the OSI layer level 3; this means that the devices and the applications at either end of the “tunnel” can see each other (at level 3) in the same way as they can through a direct connection; consequently this type is VPN is transparent to any protocol and application:
- GRE (Generic Router Encapsulation) and L2TP (Layer 2 Tunneling Protocol) are simple protocols that permit you to construct VPNs at the network layer, despite being both proven compatible and standardized protocols, they do not have a sufficient security level developed for them and consequently are not widely used except for an auxiliary protocol for VPN interconnection.
- IPSec (Internet Protocol Security) is an alternative standardized, fully compatible protocol for VPNs over which a suitable security level has been developed, being the standard de facto as a security protocol and VPN and widely used in the routers at the exterior of the network
- DMVPN (Dynamic Multipoint Virtual Private Networks) is a VPN architect based on the simultaneous use of GRE and IPSec. GRE is used for connectivity and IPSec for security. The advantage of using GRE for connectivity is that it allows you to send routing information so the tunnel ends in the private networks talk to each other thus reducing the effort of configuration to construct VPNs for a high number of points. DMVPN is based on a central point (Hub) that all the remote points (Spokes) connect to, and that distribute the routing information between them. DMVPN is based on the RFC 2332 NBMA Next Hop Resolution Protocol (NHRP).
- GETVPN (Group Encrypted Transport Virtual Private Networks) or GDOI (Group Domain Of Interpretation) is an additional mechanism to IPSec that simplifies key management. Also based on RFC and interoperable, this is based on a central server that generates and sends keys to all the points. GETVPN does not construct “tunnels” consequently this only operates if the host addressing is public.
Branch office routers establish VPNs at the network layer which are transparent to the local network devices although it’s also possible to find implementations (typically IPSec and L2TP) in hosts, either as part of the operating system (Windows, Linux, Android, IOS), or as additional network services developed for third parties.
VPN at the application layer
This consists of establishing the VPN without the intermediate routers or the host network stack intervening. The base is SSL (Socket Security Layer) protocol from an HTTP session. In the most basic version (clientless), the SSL server maintains a safe session with the HTTP browser through the public network and presents resources from the internal network (applications, file servers, etc.), in a web format to the client; this is known as HTTP Reverse Proxy.
A more advanced version (Full Network Access) downloads in the client applet creating virtual interfaces to intercept private traffic to exchange between the client and the private network, thus efficiently achieving the establishment of a VPN between the host and the private network connected to the server.
SSL is an original Netscape implementation; version 3.0 has been standardized by the IETF, now know as TLS (Transport Layer Security) 1.0, however the standardized part consists of the security protocol but not the reverse HTTP Proxy features nor the applets, which are proprietary.
Which VPN is the best?
This depends on one’s needs. VPNs at the application layer are the solution to individually interconnect a device from any point on the public network outside the branches; for example mobile users that connect their portable devices from Internet (PCs, tablets, telephones, etc.), or even public PCs. The VPN servers at the application layer are usually found at head offices and not in the access routers.
To establish VPNs between different company branches, the solution consists of VPNs at the network layer from the access routers in each branch office, IPSec being the standard de facto.
Teldat is world class leader in VPN technology interoperability for networks (L2TP, GRE, DMVPN, GETVPN), with ample references from large corporations and clients .We offer you all the advice you need about VPN networks. Because the best way to earn your trust, is to offer you the best service.
Marcel Gil: graduated in Telecommunication Engineering and Master in Telematics (Polytechnic University of Catalunya), is a SD-WAN Business Line Manager at Teldat.
Whether it’s the residential sector or comprehensive installations within offices, to highly sophisticated applications and even beyond, by now wireless networks can be found in almost all market segments. Wireless LAN has become far more than a mere network to supply wireless Internet connectivity. The technology is now part of a business processes. Due to the large variety of applications, it is hard to mention all of them. Nevertheless, these are the most common applications. The wireless Internet access and e-mail connection are the most common applications for sure. Some companies have even stopped using LAN cabling to a great extent. Retailers often use mobile cash registers connected via wireless LAN. Logistic companies, as well as retailers, register incoming and outgoing goods by wireless barcode scanners. And while we are on the subject of retailers and logistic companies, they nearly always have several locations and hence they are chain stores.
Today’s wireless LAN networks have become increasingly available throughout the entire company infrastructure. Therefore a variety of access points are required for a seamless network and of course, for a central management and monitoring of sometimes numerous access points, wireless LAN controllers are used.
Wireless LAN controller for chain stores and branch offices: Centralized management
We will now describe the suitability of wireless LAN controllers for chain stores in order to facilitate the monitoring and configuration of wireless LAN networks in different branches. Thus the central management and monitoring of all access points in all branches should be prioritized.
Working via a WAN connection a wireless LAN controller in remote operation, secured via a VPN tunnel, has some specific characteristics.
In the graph above the wireless LAN controller located at the central site communicates via a secured VPN connection to numerous access points which are located in several branches.
These access points in the graph above are fat access points. Basically the wireless LAN controller centralizes configuration and monitoring. It is advantageous to process the user data in the various branches locally in order to limit the data volume transferred via the WAN connection secured by VPN. This is the case in many applications. Initially, as a fail-safe operation, a supermarket chain for example, usually processes on site and hence decentralizes the data of the supermarket checkouts and wireless barcode scanners. Only in the evening at closing time data synchronization takes place between the branches and the Head Office.
Wireless LAN controller solutions for remote operations
A further problem which occurs with the remote operation of a wireless LAN controller, is the availability of a WAN connection secured via VPN. Naturally a VPN connection cannot guarantee a hundred percent availability. Even managed VPN services only assure an availability that ranges between 95 and 98 percent. After all this could mean a failure of several days a year.
Hence, it can be said that, only wireless LAN controller solutions that are especially designed for remote operations are suitable for this type of scenario. This includes:
- Traffic limitation between access points and the wireless LAN controller.
- Self-sufficient operation of access points that can run for a specific period of time without being connected to the wireless LAN controller.
- Users should make sure that the data can be processed locally in order to bridge downtimes of the VPN connections.
Bintec WLAN products can deliver a simple and powerful platform that solves common problems such as reliability, security and local/remote management of the whole WLAN network across the WAN and individual Access Points. Total integration with Teldat or bintec-elmeg routers and management platforms is indeed a strong added value for those customers who already have a significant installed base of these devices. Moreover, it is also a great added value for those who plan to deploy a large number of branch office infrastructure and need a complete network solution for wired and wireless connectivity.
Hans-Dieter Wahl: WLAN Business Line Manager