In 2000 the GPRS technology was introduced. It offered the true possibility of transmitting data through 2G cellular networks, by adapting a circuit-switched network, designed to transmit voice, to a packet-based network. Almost a decade and a half ago, the common speed you were able to reach was 40 kbps on the downstream (from the network to the mobile terminal) and 14 kbps on the upstream (from the mobile terminal to the network).
Many of you will probably have heard of a new film that is currently being shown now called “The eye of the storm”, which relates the story of a small town hit by enormous storms one after another including tornadoes and hurricanes. For those of us that may think that there´s a mistake in the post, yes; this is still about technology. But seeing the film the other day, I noticed some facts that somehow reminded me of the routing business we are in.
The film has nothing new to offer. Especially for those of us who may have watched a similar one called Twister in the 80s (and still remember the flying cow!). The interesting thing is that I watched the film in experience mode. This means the theater had set up huge fans and water sprinklers that were coordinated with the different scenes. Thus, when the hurricane hit the people on the screen, the system turned on the fans and a strong wind with tiny water drops would hit your face and body – practically all through the film. So, by the end, and since the film is all about hurricane scenes, when lights turn on you are chilled and wet. I cannot think who thought this would be a good idea! Let´s see:
First of all it doesn´t help a bit to get into the film. You keep wondering when the fans are going to turn on, the strength of the air, and other things that have nothing to do with the story. And by the end you only want to run off to get a towel and a warm drink. Secondly, I am sure that the theater made a great investment in a system that the customers might not like, or is not a real improvement in the experience of just watching the film. And the third point, it´s more expensive to go and see. So many customers would just prefer to save their money.
And here is where this links with the Routing Business (yes, I mentioned this was about Technology). To begin with, we all know that Network Technology right now is exactly in the very eye of the storm. NFV, SND, Security, Mobility needs and such are expected to bring important changes in the way that service providers consider the current network business. But apart from the obvious word games, let´s see why I saw similarities between a vendor manufacturer, the film and the theater experience:
- Efficiency: The necessities of customers when it comes to network equipment are well known. However, many vendors pack their equipment with lots of features that, a) the clients do not need and b) end up draining resources thus lowering the performance of their routers in key features that the customers pay for. In the same way as the film, where the story starts to lose all interest due to the endless storms.
- Investment: When a vendor designs a product roadmap, the return of investment is one of the key factors. So, they invest in features that suit the needs of the majority of their customers or in special features that are demanded from a niche market or special customers. Contrariwise, the investment is useless. Throughout the film, I kept thinking. “Apart from a hurricane film, what is all this investment in this infrastructure valid for?” Because it cannot possibly be reused for any other films (or only for a very small number of them).
- Price: Is the customer ready to pay extra for what you are offering? We live in a world where budgets are tighter each year. And customers try to save as much money as possible in things that are not really necessary. So is it reasonable to charge extra (and risk rising above the market price) for features that the customer may not need, want or even appreciate?
As you can appreciate, I didn´t find the film very interesting (with or without fans), but I reached the conclusion that it makes sense to avoid some extraordinary, even appealing and marketable features, that only raise the cost and do not help to more effectively solve the customer requirements (in this case, the obvious need was watching a good film).
This is what we have in mind in Teldat when we design our routers. How to solve the customer needs as efficiently as possible, at a lower cost. Consequently the first thing we do is to find out what these needs are and stick to them, without adding a lot of features and functionalities that we charge our customers for, but do not necessarily add a significant value. For us in Teldat, this is what competitiveness is all about.
In essence a Virtual Private Network (VPN) consists in using a normally public network (IP) but at such a level of abstraction the said network is only used as a transport mechanism between two ends over which a private network has been constructed. The inherent fact of using a public network requires security, up to the point where both concepts, VPN and security, become one, independently of whether the core of the network providing connectivity is public or private. For this purpose, the connections between the points are often called “tunnels” thus concealing the private information being transported over the public network.
Security being a key element in these communications, it’s essential to know the different VPN techniques, understanding which is the best to apply to each scenario. The problem arises when handling the amount of acronyms associated to the VPN, which on occasions seem as cryptic as the protocol itself it’s referring to (GRE, L2TP, IPSec, DMVPN, GDOI, SSLVPN, WebVPN, etc.).
VPN at the network layer
This consists of the implantation of the VPN at the OSI layer level 3; this means that the devices and the applications at either end of the “tunnel” can see each other (at level 3) in the same way as they can through a direct connection; consequently this type is VPN is transparent to any protocol and application:
- GRE (Generic Router Encapsulation) and L2TP (Layer 2 Tunneling Protocol) are simple protocols that permit you to construct VPNs at the network layer, despite being both proven compatible and standardized protocols, they do not have a sufficient security level developed for them and consequently are not widely used except for an auxiliary protocol for VPN interconnection.
- IPSec (Internet Protocol Security) is an alternative standardized, fully compatible protocol for VPNs over which a suitable security level has been developed, being the standard de facto as a security protocol and VPN and widely used in the routers at the exterior of the network
- DMVPN (Dynamic Multipoint Virtual Private Networks) is a VPN architect based on the simultaneous use of GRE and IPSec. GRE is used for connectivity and IPSec for security. The advantage of using GRE for connectivity is that it allows you to send routing information so the tunnel ends in the private networks talk to each other thus reducing the effort of configuration to construct VPNs for a high number of points. DMVPN is based on a central point (Hub) that all the remote points (Spokes) connect to, and that distribute the routing information between them. DMVPN is based on the RFC 2332 NBMA Next Hop Resolution Protocol (NHRP).
- GETVPN (Group Encrypted Transport Virtual Private Networks) or GDOI (Group Domain Of Interpretation) is an additional mechanism to IPSec that simplifies key management. Also based on RFC and interoperable, this is based on a central server that generates and sends keys to all the points. GETVPN does not construct “tunnels” consequently this only operates if the host addressing is public.
Branch office routers establish VPNs at the network layer which are transparent to the local network devices although it’s also possible to find implementations (typically IPSec and L2TP) in hosts, either as part of the operating system (Windows, Linux, Android, IOS), or as additional network services developed for third parties.
VPN at the application layer
This consists of establishing the VPN without the intermediate routers or the host network stack intervening. The base is SSL (Socket Security Layer) protocol from an HTTP session. In the most basic version (clientless), the SSL server maintains a safe session with the HTTP browser through the public network and presents resources from the internal network (applications, file servers, etc.), in a web format to the client; this is known as HTTP Reverse Proxy.
A more advanced version (Full Network Access) downloads in the client applet creating virtual interfaces to intercept private traffic to exchange between the client and the private network, thus efficiently achieving the establishment of a VPN between the host and the private network connected to the server.
SSL is an original Netscape implementation; version 3.0 has been standardized by the IETF, now know as TLS (Transport Layer Security) 1.0, however the standardized part consists of the security protocol but not the reverse HTTP Proxy features nor the applets, which are proprietary.
Which VPN is the best?
This depends on one’s needs. VPNs at the application layer are the solution to individually interconnect a device from any point on the public network outside the branches; for example mobile users that connect their portable devices from Internet (PCs, tablets, telephones, etc.), or even public PCs. The VPN servers at the application layer are usually found at head offices and not in the access routers.
To establish VPNs between different company branches, the solution consists of VPNs at the network layer from the access routers in each branch office, IPSec being the standard de facto.
Teldat is world class leader in VPN technology interoperability for networks (L2TP, GRE, DMVPN, GETVPN), with ample references from large corporations and clients .We offer you all the advice you need about VPN networks. Because the best way to earn your trust, is to offer you the best service.
Whether it’s the residential sector or comprehensive installations within offices, to highly sophisticated applications and even beyond, by now wireless networks can be found in almost all market segments. Wireless LAN has become far more than a mere network to supply wireless Internet connectivity. The technology is now part of a business processes. Due to the large variety of applications, it is hard to mention all of them. Nevertheless, these are the most common applications. The wireless Internet access and e-mail connection are the most common applications for sure. Some companies have even stopped using LAN cabling to a great extent. Retailers often use mobile cash registers connected via wireless LAN. Logistic companies, as well as retailers, register incoming and outgoing goods by wireless barcode scanners. And while we are on the subject of retailers and logistic companies, they nearly always have several locations and hence they are chain stores.
Today’s wireless LAN networks have become increasingly available throughout the entire company infrastructure. Therefore a variety of access points are required for a seamless network and of course, for a central management and monitoring of sometimes numerous access points, wireless LAN controllers are used.
Wireless LAN controller for chain stores and branch offices: Centralized management
We will now describe the suitability of wireless LAN controllers for chain stores in order to facilitate the monitoring and configuration of wireless LAN networks in different branches. Thus the central management and monitoring of all access points in all branches should be prioritized.
Working via a WAN connection a wireless LAN controller in remote operation, secured via a VPN tunnel, has some specific characteristics.
In the graph above the wireless LAN controller located at the central site communicates via a secured VPN connection to numerous access points which are located in several branches.
These access points in the graph above are fat access points. Basically the wireless LAN controller centralizes configuration and monitoring. It is advantageous to process the user data in the various branches locally in order to limit the data volume transferred via the WAN connection secured by VPN. This is the case in many applications. Initially, as a fail-safe operation, a supermarket chain for example, usually processes on site and hence decentralizes the data of the supermarket checkouts and wireless barcode scanners. Only in the evening at closing time data synchronization takes place between the branches and the Head Office.
Wireless LAN controller solutions for remote operations
A further problem which occurs with the remote operation of a wireless LAN controller, is the availability of a WAN connection secured via VPN. Naturally a VPN connection cannot guarantee a hundred percent availability. Even managed VPN services only assure an availability that ranges between 95 and 98 percent. After all this could mean a failure of several days a year.
Hence, it can be said that, only wireless LAN controller solutions that are especially designed for remote operations are suitable for this type of scenario. This includes:
- Traffic limitation between access points and the wireless LAN controller.
- Self-sufficient operation of access points that can run for a specific period of time without being connected to the wireless LAN controller.
- Users should make sure that the data can be processed locally in order to bridge downtimes of the VPN connections.
Bintec WLAN products can deliver a simple and powerful platform that solves common problems such as reliability, security and local/remote management of the whole WLAN network across the WAN and individual Access Points. Total integration with Teldat or bintec-elmeg routers and management platforms is indeed a strong added value for those customers who already have a significant installed base of these devices. Moreover, it is also a great added value for those who plan to deploy a large number of branch office infrastructure and need a complete network solution for wired and wireless connectivity.
Nowadays the whole electric grid is rapidly changing worldwide. Generation quickly becomes distributed through the use of new renewable energy sources (primarily wind and solar based). Consumption also takes new forms, as users develop new needs through the use of electric vehicles and smart appliances able to select the optimal time to operate. The distribution network has to quickly evolve and adapt to the new generation and consumption scenarios in order to continue to provide the level of service that consumers have come to expect and demand.
The increased complexity of the electric grid cannot be managed with traditional setups. In order to face these new challenges the electric network must be better intercommunicated and it needs to be able to provide its operators with precise and current information. This enables informed decisions and guarantees the continued operation of the grid, while preventing failures which could quickly cascade.
By incorporating telecommunication technologies into the electric grid, many new services for clients can also be realized and management of the whole system becomes easier and cheaper. A comparatively small investment to upgrade the network will quickly pay for itself in the form of more streamlined management and new services for customers.
New possibilities for grid operators
- Constant control and monitoring of the electrical substations. Black-outs and overloads can be prevented by monitoring the whole distribution network and watching for signs of problems. Additionally decisions such as when to connect alternative power sources can be taken quickly. Areas with problems are quickly isolated so that they do not affect the rest of the network.
- Reduced operation costs. By remotely monitoring the whole system, electrical companies no longer need to send out personnel in order to carry out certain maintenance tasks or to check the status.
- Offloading part of the generation costs, as consumers self-generate (but are charged for the management of the system and back-up availability).
- Possibility of including new renewable generation sources, with lower OPEX costs and reduced dependencies on varying fuel prices.
- Reduced investment in generation due to more stable consumption pattern along the day. Supply can be more constant and the generation no longer needs to cover extreme demand peaks. This leads to less backup generators.
- Reduced liability to consumers’ compensation for electrical outages.
- A secured communications channel that is immune to security threats and can be used for additional services.
New services for consumers
By upgrading its network, the electric operator can offer (and monetize) new services to its consumers, including:
- High availability contracts for industrial clients, given the increased reliability of the whole network.
- Ability to constantly monitor electrical usage and receive detailed reports. The consumer can invest in more efficient appliances due to a better understanding of their electrical consumption.
- Possibility of using new high consumption devices (ex. electric cars) without putting the electrical installation at risk
- Possibility to self-generate part of the electrical consumption. Thereby being more resilient to electrical grid failures.
- Programming intelligent devices (i.e. washing machine, electrical car, water heater …) to activate in valley consumption periods in order to pay lower electrical prices.
- Under certain circumstances, ability to instantaneously change the capacity of their own network. The electrical company can remotely adjust the client’s meter (network permitting) to allow higher or lower power consumption.
Teldat provides the communications network for electric operators. It empowers the grid owner with new opportunities while safeguarding its data and infrastructure. Teldat employs the same protocols for which it has gained recognition in critical sectors such as banking, thereby guaranteeing a secure network, protected from intrusions.