Communicate with us

Connecting branches via VPN

Nov 26, 2014

Router cloud para oficinasSmooth-running backup solution via LTE

The requirements for connecting branches or company subsidiaries are not only a technical issue but are also substantially driven by costs. In order to keep up in a global environment chain, operators have to keep their costs low and ensure lean, fast processes. This means basically that branches and subsidiaries have to be managed and administrated centrally. An elementary part is the IT infrastructure connecting all users within the network securely, economically and without great effort.

While simple requirements related to IT infrastructure only mean a reliable and secure data connection to the central headquarters, in order to access centrally managed data or emails, current demands on a branch connection are considerably more extensive. New branch concepts like shop in shop solutions or logistical applications and reverse vending systems including access to external service device providers, lead to an extended complexity within the branches as well as at the headquarters. Accordingly, the number of requirement profiles which have to be taken into account when designing a network and choosing components increases.

In order to enable the mandatory flexibility for effective processes and cost efficiency, a Virtual Private Network (VPN) is recommended.

IPSec VPN: secure and expandable

By using IPSec VPN technologies all demands which branches and subsidiaries are facing can be met without investing in vast and therefore inflexible and expensive “machinery”.

VPN allows all branches a cost-effective connection to the headquarters. The IPSec tunnel protects internal company data against external attacks. In order to guarantee the highest security VPN networks should be protected by a public key infrastructure which means using certificates instead of user name and password.

A further advantage of using IPSec via VPN is the security of investment resulting from choosing the right network components. It is possible to expand the solution at a later point in time and therefore adapt to the company’s growth. Thus, a company can, according to their needs, increase the number of VPN tunnels and connect additional branches to their headquarters.

ALL IP – Magic word for voice and video transmission

If in addition voice data (telephony) should be transmitted via a VPN network to the headquarters, further requirements concerning the network and the devices connected to each other have to be faced. The decisive advantage of voice transmission via VPN compared to conventional Internet telephony is the already installed interception protection. There is no risk of unwanted listeners because voice data is also transmitted in an encrypted form. However, it is absolutely necessary that the administrator tests the already existing infrastructure thoroughly. How much bandwidth does data transmission for email or Internet already require? Is there scope left for a “passing lane” in order to handle data transmission safely as well as telephone calls? Does the available gateway offer QoS functions and can it cope with data prioritization in favor of voice data? If these factors are given, voice quality won’t be a problem. Eliminating echoes, delays or cracking sounds on the phone line would no longer annoy anyone. A highly interesting subject within this context is also the transmission of video surveillance data of a branch office to the security center. Therefore, not needing to install in each branch a recording system will reduce initial as well as running costs.

Key issue – the right device in the branch

A simple VPN gateway is not sufficient in order to cope with the current branch requirements. In this context it is of key importance to choose a VPN gateway which offers more than just certain specific functions such as backup mechanisms or voice data prioritization. Moreover, it is decisive which WAN access technologies are supported by the device. Hence it is important that different WAN interfaces such as VDSL, ADSL, LTE, etc. are available on a device. In this way, using a higher bandwidth technology, such as LTE means that real-time applications, for example Voice over IP, can be used on a cellular network within branches because of its optimized data packet transmission. If the primary ADSL connection fails, LTE would be a perfect mobile backup network, guaranteeing a full connection between the branch office and headquarters.

Furthermore, the integrated LTE interface can enlarge dynamically bandwidth during processes such as updating the cash register system. Bottlenecks for critical applications (eg. EC-CASH) can also be overcome. In addition, mobile connectivity, can be set up between branches and headquarters for a so-called “out of band” connection for maintenance purposes. This saves in most cases, an often expensive and time-consuming onsite service.

Cost-effective installation and maintenance

When choosing components for a planned solution, it is mandatory to select a high-performance tool for the roll out, in order to guarantee high efficiency without manual interventions. Only such an application can ensure the high quality roll out of a VPN infrastructure and is therefore a crucial requirement for an elegant and flexible solution. The network administrator must not configure every device separately. Using a management software he has to have the possibility to make global settings for all devices or for groups of certain VPN gateways. This is the only way that a large number of branch devices can be managed efficiently and from a central point. By means of this kind of management application, it is also easier to add new branches. In this way, an existing profile can easily be adapted to a new device.


Teldat has a vast experience in manufacturing routers and gateways for all types of companies with different sorts of branch scenarios. From the most highly demanding bank branches to public administrations to retail store companies. Our devices and applications cover all of the points mentioned within this article and more.

Related Posts 

Who will manage SD-WAN?

Who will manage SD-WAN?

SD-WAN (Software-defined Wide Area Network) technology makes it easier for businesses and organizations to manage the complexity of the WAN networks they work with, while optimizing connectivity costs and improving the experience of employees and customers in the use...

read more