Network Connectivity Options

Download Report

Transcript Network Connectivity Options

Network Connectivity
Options
Currently offered by Wyless
Option 1: Standard, no VPN
 Mobile-originate traffic only
 Outbound traffic can be filtered by white listing IP
addresses or ports (such as blocking all traffic except
for customer's public-facing server)
 Useful when there is no requirement to initiate a
session to the cellular device
Option 1: Standard, no VPN
Option 2: PPTP VPN
 Requires PPTP client on every host initiating session to
the cellular device
 Slightly less secure than IPsec VPN
 Outbound traffic to internet can be filtered by white
listing IP addresses or ports
 Typically used for development or testing purposes
 PPTP in Porthos account has access to all cellular
connections in that account
Option 2: PPTP VPN
Option 3a: Standard IPsec
VPN
 Only traffic intended directly for customer's LAN goes
over the IPsec tunnel
 Outbound traffic to internet can be filtered by
whitelisting IP addresses or ports
 Most popular and easiest type of IPsec to set up
Option 3a: Standard IPsec
VPN
Detailed View, Option 3a
Option 3b: Default-Gateway
IPsec
 All traffic goes through the tunnel to customer LAN
 Customer can directly monitor/control cellular traffic out
to internet themselves
 Avoids customer IP addressing conflicts with Wyless
network
Option 3b: Default-Gateway
IPsec
Detailed View, Option 3b
Option 3c: GRE over IPsec
VPN
 Alternative to default-gateway IPsec
 GRE allows use of dynamic routing protocols
 “Split GRE” configuration can still allow cellular traffic
directly to internet
Option 3c: GRE over IPsec
VPN
Option 4: MPLS connectivity
 alternative to GRE-IPSec
 Requires customer provided router(s) and circuit(s) into
our datacenter
Option 4: MPLS Connectivity
Option 5: Public Static
Addressing
 Requires use of very limited public IP addresses
 Allows mobile-terminate traffic without VPN
 Least secure of any connectivity option
 Outbound or inbound traffic can be filtered by
whitelisting internet IP addresses or ports
 Device is vulnerable to unsolicited bandwidth usage by
random internet sources
Option 5: Public Static
Addressing