How to build a secure WAN

If you have two or more branch office locations you need a Wide Area Network (WAN) to connect them. WAN connections vary in bandwidth depending on your needs, and may be set up as a direct/private connection such as MPLS, and Metro Ethernet or a virtual network connection (VPN) using the Internet. No matter which technology you choose, connecting your locations will enable better and more secure communication within your business.


MPLS network graphic


To get the connectivity you need requires leasing circuits from a telecom provider such as CenturyLink, AT&T, Verizon etc who have the right-of-ways and built out nationwide networks. They will offer a data connection, which provides varying degrees of bandwidth based on connection type and distance. Some solutions are distance sensitive and others are not. For example a point to point Ethernet connection (Metro Ethernet) is a layer 2 connection which means you dont route it unless you want to, it can plug directly into your switches and connect all your offices. All you pay for is access and bandwidth so for example it might cost $300 for 100mb connection per site. However Ethernet uses the local carriers network so if one of your locations happens to be outside of their network footprint such as one office in NYC and another in SLC the distance can be cost prohibitive. However in the same instance another data connection type such as MPLS (multi protocol label switching) allows you to buy access and connect to a carrier cloud where multiple carriers allow traffic to pass through their networks removing the distance sensitivity. The cost is a bit higher but still very affordable. Lastly is VPN which use the public Internet as its transport medium. You simply procure dedicated Internet from the carrier and place an SD WAN box at each location which is connected to a cloud based controller that controls the encryption and network connectivity. It is software based networking using specific hardware on the endpoints as gateways to the controller.


For most of the direct/private connectivity options the carrier provides a pre-configured router that is placed in your existing network. Many carriers use an Adtran or Cisco router and hand off an RJ45 data jack for you to connect your network. Its simple, private and effective. In the case of VPN you will need to select your own hardware. Often times VPNs are done in a Firewall or it can be done with an SD WAN box, in fact sometimes a firewall can do both. Firewall's determine what traffic is allowed in or out of your Internet connection to your network. In order to connect to another location using the public Internet your traffic needs to be encrypted so its not intercepted by hackers. Firewalls create that encryption and set up the pathway to your other sites. You'll need an Internet router and then a Firewall to do VPN.

Its important to understand the trade offs between cost and performance with the various WAN options. There are many ways to integrate the wide area network with cloud -- end-to-end connectivity being, so things all route perfectly and IP addresses connect without issue. The main goal however should be getting the right business value for your business cost. You often get what you pay for so don't be duped by cheap Internet adds. Your business connectivity can be your biggest asset or your biggest headache, so invest wisely.


To learn more about your options for creating a Wide area network click below.

Learn More


To get a free network design and pricing

Get a Free Network Design

Single Post navigation

Recent Articles