A business expanding to multiple sites requires a way to connect all locations to the network. Employees must be able to access the same systems and data that are available at headquarters without exposing the network to outside threats. You can equip your employees with uninterrupted, secure connectivity by implementing virtual private networks (VPNs) in a multi-site wide area network (WAN).
A VPN creates a secure tunnel between two locations using the internet. The data is then secured from any threats in transmission within a virtualized network. There are two main choices when deciding how to configure VPNs in multi-site WAN:
In a hub-and-spoke topology, the infrastructure calls to mind a wagon wheel, with a centralized main office and a spoke coming out to each of the branch locations. A secure and separate tunnel extends out to each site. Any site-to-site traffic must travel through the central hub before passing out to the destination.
This is a relatively simple virtualized network topology that allows employees at branch locations to access network resources at headquarters. It does not work as well for business settings where there are many transmissions between branch locations because everything must pass through the hub. It is also not ideal for a company that utilizes numerous cloud solutions because all data volume is backhauling to the hub before going out to the cloud solution, which can cause congestion in the network.
VPN mesh topology enables each VPN router to communicate directly with other VPN routers. Several secured tunnels extend to all of the other sites, and data can travel between those sites without moving first through the main office.
This virtualized network topology requires more work at setup because you’ll need to configure each router to communicate with the other routers. In a setting where branch locations extensively communicate with one another, this topology prevents a bottleneck at the main office. It sets up direct site-to-site relationships between all branch locations. It also ensures that all other branch locations can continue functioning even if one of the locations is down.
There is a limitation to this approach of using VPNs in multi-site WAN. If the amount of branch locations exceeds a certain number, it becomes prohibitive to use this model based merely on the number of tunnels that a device can support at any given location. Learn how to overcome this and other multi-location enterprise IT challenges with the right technology solutions and support in our free ebook.
Before implementing your VPN configuration, consider the following aspects of how your network infrastructure will best function:
Your WAN setup is how your VPN connects to the network outside of your physical office. You need to first consider the type of internet protocol (IP) addresses you received for the location:
If you have a static IP address in at least one location, a VPN connection is simple to establish. This is a public internet address that can be routed and is not subject to change. You can think of this as a stable dock that would allow you to build a bridge either to another dock or to a boat that is not anchored.
A situation in which neither site has a static IP address but, instead, dynamic IP addresses is like attempting to craft a bridge that joins two unanchored boats. It’s a bit trickier because you’ll need to create an anchor by setting up a Fully Qualified Domain Name (FQDN) and registering at least one of the sites with a Dynamic Domain Name Server (DNS) service. This will ensure that your router can be reached, even if your IP address changes.
Your local area network (LAN) setup involves the network that your router connects to inside your physical office. You should not need to make changes to your LAN unless the two sites you’re connecting have the same IP address, and you need to ensure that the two ends are not on the same subnet.
When choosing how you’ll implement VPNs in multi-site WAN, it’s important to consider how your branch locations communicate and how frequently they collaborate site-to-site. You can set up a VPN connection only to find that your hub is congested, which then impacts the performance of your applications and reduces productivity.
You will also want to consider whether your enterprise plans to invest in cloud solutions and digital transformation initiatives, which can significantly increase traffic volume and may also create congestion in a hub-and-spoke topology. A mesh topology makes cloud data transmissions more efficient.
If your enterprise is considering installing VPNs in multi-site WAN, contact TailWind today. We offer solutions for high-speed broadband connectivity and can handle the IT project management on your network infrastructure project, allowing you to focus on the core functions of your business.