Zyxel Nebula and Company Growth

    We continue the story of the system for building and managing distributed networks Zyxel Nebula. This time we will talk about the development of network infrastructure in the branches.

    In the previous article, Zyxel Nebula Supernova, an economical way to security? "we considered issues related to the organization of network infrastructure for small enterprises. This time we will talk about the situation when the company grows and develops.

    How do organizations grow?

    Monostructure - when there is a growth inside a certain uniform infrastructure. For example, the local history community of the inhabitants of the city of N is likely to remain the community of the city of N, even if all residents are included in its composition. The same can be said, for example, of small financial institutions, for example, “N-th Municipal Bank” and so on.

    Sometimes there is a merger of several organizations into one or the expansion of one organization outside the region. In this case, there is a transition to the development of a branch scheme.

    Development under the “center and branches” scheme

    Suppose a wonderful company appears in one of the small towns, and its products are in good demand. For example, "N-sky teapots". These same kettles are selling well in other cities, and now branch offices are required to increase production and sales.

    Here, with the opening of the first branch in another city, the first questions on the organization of inter-network interaction appear on the agenda.

    At the same time, common tasks appear, it is required to adjust the channels of internal corporate communication, the general accounting and management accounting system is being introduced. If this is a production area, the organization of general R & D, development libraries and so on are added to this.

    In the end, everything comes to the fact that you need some extensive network that needs to be managed, to implement monitoring functions and in the end just to have access to control.

    But regardless of what stage the development of the branch network is, the issues of personnel policy will always be quite acute.

    Earlier, we wrote that even one highly skilled network administrator is too much for an average Russian company of more than 100 people. That is, for such a specialist there will not be enough tasks that would justify a high salary and allow you to grow professionally (along with the salary, of course).

    But what to do if we do not even have 100 users in one place, but 5 locations of 20 people each, and even in different cities, not to mention different countries?

    How to connect the branch infrastructure

    Suppose there is a small company with its headquarters. They bought a gentleman's kit for organizing a small office network in the first branch: a hardware gateway, a switch, an access point.

    At the same time, the new network mini-structure should not only provide for the internal needs of the branch, but also have a stable connection to the central office.

    The question arises: who and how will it tune in place?

    As usual, there are several options.

    The first to come to mind is the most expensive option - to contact a large company - a system integrator with good experience in building such branched networks. However, such a service has its own considerable price, which can be very heavy for a small company that has just started to grow.

    You can also try to solve the problem yourself. There are several ways to do this:

    The first is to send an existing network guru on a business trip to the place where the branch network is deployed. For this, it is necessary, firstly, to keep such a specialist on a permanent basis, and secondly, that at the moment there should be no serious tasks at headquarters that need to be addressed.

    The second is to try to make some initial settings at headquarters in order to be able to connect remotely, and then send the equipment to the branch office. And the local IT service will do the installation on its own.

    Third- work with a local IT specialist, if there is one, or simply with an “advanced user” in the “zombie” mode, that is, when the network administrator from the central office provides instructions, and the branch employee directly executes them.

    In practice, a combination of all three methods is often found, that is, equipment with the “correct configuration” is sent first, an employee cannot find out on the spot, then many attempts are made to perform settings in the “zombie” mode and as a result the business ends with a network administrator's trip to the branch office.

    Another option is to turn to an outsourcing company or simply to a “incoming admin” with the necessary qualifications. This option has certain advantages and a whole set of restrictions.

    First, such a company must be found. Far from all regions have outsourcing companies that have a specialist with the required qualifications. Secondly, such a company should have an acceptable price for such services.

    Sometimes there are additional questions related to the qualifications of the contractor’s personnel in the field and interaction with a specialist in the central office. The situation is greatly simplified if there is a specialist in the headquarters.

    It is much worse if “coming administrators” or representatives of different outsourcing companies work from both sides. If they couldn’t find a common language on some issue, then the general adjustment process may be delayed for a long time.

    It is very difficult to predict in advance which of the options will be less costly: an integration project, pre-setting the equipment with a subsequent business trip of a specialist or a contract with an outsourcing company. In assessing, it is necessary to take into account not only the invoice for services, but the time spent, as well as such “delicate matter” as the cost of downtime, lost profit, and so on.

    From life hacking to cloud technology

    If you still choose the option of self-configuration by internal IT departments, you can apply the following technique.

    1. The specialist on site (at the branch office) installs a computer with Internet access in any available way. Although 3G USB modem - in this case it does not matter. The operating system is not so important in principle, but let it be something from the MS Windows family.
    2. A remote control program is installed on the computer, for example, TeamViewer or similar. It is important that the client-server architecture can independently establish communication through the cloud server. In this case, you do not need to configure direct access to the computer. It is enough to know the ID and have a remote client.
    3. Next, this computer is connected to the equipment that is to be configured.
    4. The branch specialist tells the network guru from the central headquarters the ID (login) and password for remote access.
    5. Having gained access, the network administrator from the central office configures the equipment in the branch office.

    With this approach, the local IT specialist’s functions in the branch office are limited to physical maintenance: rack mounting, cabling, equipment on-off at the request of the network administrator, and so on.

    Note . In this article, company names and product names are used only as their identification. The names of products and companies (TeamViewer, MS Windows, Zyxel Nebula) mentioned in this publication are trademarks of their respective owners.

    Figure 1. Using a third-party cloud service to create a connection.

    This is a great method that initially contains several limitations.

    1. Commercial use of TeamViewer or its analogs is not free. That is, you will need to purchase a license with an annual subscription, registering it in the accounting department, and so on.
    2. This scheme is not entirely secure, as in the case of unauthorized access, it makes it possible to access all resources of the branch, for example, a file server, and so on. That is, if someone from the staff tries to connect to this computer from home, he will get access to everything that is in sight.
    3. Well, this scheme is intended more for a one-time setup. Functions such as monitoring, statistics collection, incident notification remain unfulfilled.

    Therefore, this workaround is more suitable for performing one-time work on the connection and initial setup of equipment, but not for permanent use. In this case, you still need to buy a license on an ongoing basis.

    Do not forget that the issue of monitoring, collecting statistics, alerts remains open.

    Note. Variants of illegal use of software or bordering on illegal are not considered in principle. If an organization from the very beginning of its existence allows the use of dishonest schemes, its future is very unenviable.

    And here, as usual, before the creators of the network infrastructure arises the question: "Why reinvent the wheel, is it not easier to search for a ready-made inexpensive, and even better, ready-made free solution?"

    Zyxel Nebula - cost-effective solution for branch infrastructure

    It turns out that Zyxel Nebula is the very solution that does not require the presence of a network technology specialist on the site.

    Zyxel Nebula is a cloud component that allows you to connect to remote devices, just as TeamViewer helps you communicate with a remote computer.

    IT IS IMPORTANT! All the critical features for setting up controls in the Zyxel Nebula are FREE. The difference of the paid version lies in a more expanded number of functions, ease of use, a longer period for storing statistics, and so on.
    At the same time, in the first year after using the device, and this is the most important period of testing and trial operation, during this period the FULL SET of paid features of the Enterprise level is also available FREE OF CHARGE.

    To continue using the full functionality or to switch to the free version, such a choice will be required only in the second year.

    Differences between different use cases can be found here .

    All devices designed to work with Nebula already contain a client program for communicating with the cloud service.

    That is, you do not need to think about any computer to connect to the network, an additional Internet channel, or software. Everything is already in the "piece of iron" from Zyxel.

    Figure 2. Connecting and working via Zyxel Nebula.

    Please note that Nebula client devices establish an outgoing connection to the cloud. That is, there is no need to additionally open ports, forward an incoming connection, as is required when setting up in the traditional way (local access).

    Of the additional features that facilitate the configuration and installation of equipment, it is worth noting easy to learn web-interface, ready access policies and configuration settings.

    And of course the possibilities of monitoring and collecting statistics, allowing to evaluate the work and adapt the settings based on the results of the observation.

    Connecting your device to the Zyxel Nebula

    Connecting a device to the Nebula cloud is the apotheosis of simplicity and grace. Just one employee who knows how to use a smartphone connected to the Internet is enough.

    Initially, an enterprise account is created and registered on the Zyxel web page. In each enterprise there can be one or several sites - in this way it is possible to register the headquarters and all the branches, at the same time having fulfilled the necessary access rights and so on.

    In the web-interface of Nebula, users who can bring devices to a particular site are brought up.

    Then everything is simple. An employee of the branch receives login details, installs the Zyxel Nebula program on his smartphone or tablet and registers in the cloud.

    Calls up the function of adding a device through the menu.

    Figure 3. Adding a device to the cloud management environment.

    It remains to scan through the camera of the smartphone the QR code from the device case. And the device is automatically registered in the cloud Zyxel Nebula.

    Figure 4. Adding a device to the cloud management environment.

    After that, the added device will appear in the list.

    Figure 5. Added device in the list of available for management.

    Everything, the smartphone can be disconnected from the Internet, for Nebula in this case it is no longer needed. The device is now available through the cloud and a network administrator at headquarters can connect to it for management.

    At the same time, there is no difference whether the device is located at the border of the exit to the Network, in the DMZ or inside the network perimeter. The main thing is that it can make an outgoing connection via the HTTPS protocol. Everything else will do Zyxel Nebula.


    As you can see, working with Zyxel Nebula is not easy, but very simple. This service is designed to help solve the problem of building and managing a complex multi-branch network.
    Built-in statistics collection and monitoring can provide good support when servicing a network infrastructure.


    [1] Part one of the Zyxel Nebula series “The Zyxel Nebula supernova cloud - an economical way to security? »
    [2] Zyxel Nebula page on Zyxel website
    [3] Team Viewer website

    Only registered users can participate in the survey. Sign in , please.

    SDN / SDWAN services on your network:

    Also popular now: