Welotec VPN Security Suite
Get a quote for:
Welotec VPN Security Suite
Welotec VPN Security Suite
Welotec VPN Security Suite
- Easy setup of automated VPN infrastructures
- E2E remote access to all machines and end devices in the field, worldwide
- High security standards according to BSI
- REST-API for integration into ERP, Monitoring or SIEM
- On-premise solution
- Compatible with Welotec devices and third-party devices
Add to inquiry wishlist Remove from inquiry wishlist
Get the quote now
Add for demo
More information
Secure Connectivity
End to end encrypted endpoint device access - no restrictions on ports or services.
Docker Container Support
Easy scaling with an own VPN Container Client for devices supporting Docker containers.
High Device Compatibility
Works with third-party-devices supporting OpenVPN. e. g. RTUs, PLCs, routers, industrial PCs, edge gateways.
VPN Concentrator & Firewall
Central Bundling of incoming VPNs, assignment of fixed IPs and handling of routing & NAT.
Integrated PKI
Automated creation of device-specific certificates. All client VPN certificates are signed by a certificate authority.
Device Management
Easy rollout of VPN configurations and certificates to connected Welotec devices (incl. Docker Container).
Data integrity
Deployment as on-premise solution, virtual machine or as a bare-metal installation.
System Integration
Data integration to third-party systems such as ERP or monitoring via REST-API
Remote Access
24/7 access to all connected devices and connected machines, worldwide.
Everything important at a glance!
VPN Security Suite allows the automated setup of encrypted VPN infrastructures. It enables E2E access for you to remotely access all your machines and end devices in the field, worldwide. As security is crucial for this solution, it meets the high security standards according to BSI. The VPN Security Suite consists of 3 essential components – a central VPN concentrator with integrated firewall and access rules, an integrated Public Key Infrastructure (PKI) for the administration and renewal of digital certificates and a device management for the distribution of configurations and certificates. Like the SMART EMS it allows easy operation through a user-friendly web interface as well as the integration into your system via REST API.
Harmonisation of VPN infrastructures
The challenges of connecting distributed devices and machines in the field:
- Different devices and machines.
- Many different types of connectivity.
- Machines with corporate network integration.
- Machines protected by firewalls.
Functionality and relevant components
VPN Concentrator
- Bundling of incoming VPN connections.
- Assignment of IP configurations.
- Handling routing and NAT.
- Managing firewall rules for access control.
Public Key Infrastructure
- Automated creation of device-specific certificates.
- All VPN client certificates are signed by a central CA (Certificate Authority).
- The customer’s own PKI can also be integrated.
Device Management
- Distribution of certificates and VPN configurations.
- Template-based management of firmware and device configurations for Welotec devices.
- Rollout and management of large device fleets.
Automatic end-to-end connection
- Transparent IP communication directly to the end device.
- Machines with the same structure can be mapped – each end device receives an individual IP address.
Various connection options
- Access to end devices with connection via Welotec TK800 router. In case of mass deployment, the rollout can be handled via zero-touch provisioning.
- Access to end devices with Docker Container: Integrated VPN Container Client for a quick setup of virtual VPN infrastructures. Rollout can be done via cloud, Docker Swarm or Kubernetes.
- Access to stand-alone devices via OpenVPN.
Advantages and implications
Setting up VPN infrastructures
Technical details
Appliance-Requirements for Device Management
Appliance
Virtual Machine or Hardware Appliance
Operating System
Docker compatible Linux-OS (e.g. Ubuntu, …)
Software packages
docker.io docker-compose
Processor
64-Bit support (min. 1,8 GHz)
Memory
4 GB RAM (8 GB recommended)
Mass Storage
64 GB HDD (128 GB RAID1 recommended)
Network
min. 1x GBit Ethernet
Target IP or DNS name of the Device Management must be static
External target IP must be reachable by the routers
Port 443 TCP for web access (can be customized)
Port 18443 TCP for router communication (can be customized)
Remark
The resources required depend on the number of connected mobile devices and the duration and size of the log parameters.
Appliance-Requirements for VPN Concentrator
Appliance
Virtual Machine or Hardware Appliance
Operating System
closed BSD Image
Processor
64-Bit support (min. 1,8 GHz)
Memory
4 GB RAM (8 GB recommended)
Mass Storage
64 GB HDD (128 GB RAID1 recommended)
Network
min. 1x GBit Ethernet
Target IP or DNS name of the VPN Concentrator must be static
External target IP must be reachable by the routers
Port 443 TCP for web access (can be customized)
Port 18443 TCP for router communication (can be customized)
FAQ
Can Welotec VPN Security Suite be operated as a virtual machine?
Yes, due to the flexible software approach, operation as a virtual machine is possible. We are happy to provide images for this purpose.
Why is Welotec VPN Security Suite based on OpenVPN?
We deliberately rely on OpenVPN and thus on an open source approach. We see this as a sustainable and future-oriented solution. In addition to the high security standard, we appreciate the continuous contribution and development by the community.
How many VPN connections can be established simultaneously in an infrastructure or how many devices can be connected?
The number of VPN connections or the number of devices is not limited. Restrictions may arise due to the performance of the hardware used or the resources of the virtual machine used.
Are only Welotec Devices supported?
No, any end device that supports Container Runtime or Open VPN can be integrated into the infrastructure. In addition to routers, industrial computers and edge gateways, the direct integration of RTUs or PLCs is also possible.