A business expanding to multiple sites requires a way to connect all locations to the network. Employees must be able to access the same systems and data that are available at headquarters without exposing the network to outside threats. You can equip your employees with uninterrupted, secure connectivity by implementing virtual private networks (VPNs) in a multi-site wide area network (WAN).
The VPN creates a secure tunnel between two locations using the Internet. The data is encapsulated in the tunnel, securing it from any threat in transmission. There are two main choices when deciding how to configure VPNs in multi-site WAN:
Hub-and-Spoke: In a hub-and-spoke topology, the infrastructure calls to mind a wagon wheel, with a centralized main office and a spoke coming out to each of the branch locations. A secure and separate tunnel extends out to each site. Any inter-site traffic must travel through the central hub before passing out to the destination.
This is a relatively simple topology that allows employees at branch locations to access network resources at headquarters. It does not work as well for business settings where there are many transmissions between branch locations, because everything must pass through the hub. It is also not ideal for a company that utilizes numerous cloud solutions because all data volume is backhauling to the hub before going out to the cloud solution and can cause congestion in the network.
Mesh: VPN mesh topology enables each VPN router to communicate directly with the other VPN routers. Several secured tunnels extend to all of the other sites, and data can travel between those sites without moving first through the main office.
This topology requires more work at setup because you’ll need to configure each router to communicate with the other routers. In a setting where branch locations extensively communicate with one another, this topology prevents a bottleneck at the main office. It sets up direct peer-to-peer relationships between all branch locations. It also ensures that all other branch locations can continue functioning even if one of the locations is down.
There is a limitation to this approach of using VPNs in multi-site WAN. If the amount of branch locations exceeds a certain number, it becomes prohibitive to use this model, based merely on the number of tunnels that a device can support at any given location.
Other Considerations for VPNs in Multi-Site WAN
Before implementing your VPN configuration, consider the following aspects of how your network infrastructure will best function:
WAN: Your WAN setup is how your VPNs connect to the network that is outside of your physical office. You need to first consider the type of Internet protocol (IP) addresses you received for the location:
- If you have a static IP address in at least one location, a VPN tunnel is simple to establish. This is a public Internet address that can be routed and is not subject to change. You can think of this as a stable dock that would allow you to build a bridge either to another dock or to a boat that is not anchored.
- A situation in which neither site has a static IP address, but instead, dynamic IP addresses, is like attempting to craft a bridge that joins two unanchored boats. It’s a bit trickier because you’ll need to create an anchor by setting up a Fully Qualified Domain Name (FQDN) and register at least one of the sites with a Dynamic Domain Name Server (DNS) service. This will ensure that your router can be reached, even if your IP address changes.
LAN: Your local area network (LAN) setup involves the network that your router connects to inside your physical office. You should not need to make changes to your LAN unless the two sites you’re connecting have the same IP address and you need to ensure that the two ends are not on the same subnet.
When choosing how you’ll implement VPNs in multi-site WAN, it’s important to consider how your sites communicate with one another and how frequently they collaborate. You can set up VPNs, only to find that your hub is congested, which then impacts the performance of your applications and reduces productivity.
You will also want to consider whether your enterprise plans to invest in cloud solutions and digital transformation initiatives, which can significantly increase traffic volume and may also create congestion in a hub-and-spoke topology. A mesh topology makes cloud data transmissions more efficient.
If your enterprise is considering installing VPNs in multi-site WAN, contact us at TailWind. We offer solutions for high-speed broadband connectivity and can handle the project management on your network infrastructure project, allowing you to focus on the core functions of your business.