Business Office Infrastructure Requirements
As businesses expand beyond their headquarters, they increasingly rely on branch offices, remote workers, and work-from-home employees to drive growth. This distributed workforce model requires a robust and secure network infrastructure that supports seamless connectivity across all locations. The network architecture must prioritize high availability, maintain stringent security standards, and enable efficient remote configuration and management. Key considerations for such an infrastructure typically include:
Redundant Authentication servers to ensure secure employee access
Dual WAN Connection to make sure Internet access availability
LAN to consider multiple VLANs to segment traffic securely
Mesh or Hub-spoke VPN connection for multiple branches
Remote VPN client connection
High-quality video conference
Redundant and load-balanced Radius Servers
When large employment authentication is required, multiple radius servers are needed to balance the traffic and ensure redundancy.
EnGenius allows 3 radius servers to be configured for load-balance and redundancy under Captive Portal configuration for individual SSID
Dual-WAN Connection
Internet access availability is crucial for current business operations. To prevent from ISP link service might go down, usually enterprises will consider to subscribe 2 different ISPs and use a dual-wan Router to connect to each ISP. When all links are healthy, the traffic can go through both ISPs with load-balance configuration or simply use the other lower-speed link as a fail-over.
ESG dual WAN ports and USB-based cellular connection allow Enterprise to configure flexible fail-over WAN connections or load balance algorithms to share WAN bandwidth
VLANs to Segment Traffic
Admins can plan Executive VLAN, Finance VLAN, or RD VLAN to access different networks and sensitive servers. When users are created in the authentication server, different VLANs can be assigned to the user. When users access the same SSID, it should be able to allow multiple VLAN-tag clients or assign different VLAN tag to the clients
EnGenius AP Dynamic VLAN capability allows different VLAN clients to access the same SSID.
EnGenius VLAN Pooling function can assign different VLANs to different clients, so to "balance the VLAN in best effort" to limit the broadcast/multicast traffic
Site-to-Site VPN between branches and headquarters
For multiple headquarters or key branches to build secure tunnels, mesh site-to-site VPN are usually considered and other branches can build hub-spoke VPN to connect back to nearby headquarters (or hubs).
EnGenius ESG security router allows Enterprise to build Site-to-Site VPN connections among multiple branches easily with Cloud-based Auto-VPN function.
ESG also provides VPN fail-over from primary WAN to secondary WAN connection.
Remote Workers
WFH (Work-From-Home) worker percentage will increase gradually from the study (around 22% of American workforce by 2025 – refer to Forbes Advisor report in 2024.) When there are more and more remote workers, cybersecurity becomes the most concerned factor for the executives.
For the remote workers, EnGenius provides SecuPoint client VPN tool for them to install on their devices to connect back to headquarters securely and easily.
Application-Aware WAN connections
More and more SaaS, like Salesforce.com, SAP on-line, Google mail...etc, are leveraged heavily by SMB or Enterprise that IT can consider to have dedicated WAN connection for these business-critical SaaS traffic and be able to fail-over to the other WAN link.
ESG Application aware Policy-base Route allows specific applications like SFDC, Google mail...etc to use dedicated WAN links, while other traffic goes to the other WAN. When the SaaS link is down, the traffic can fail over to the other WAN link.
ESG layer 7 firewall rule can also block certain source IPs NOT able to access specific applications.
High-Quality Video Conference
After the Pandemic, video conferences become daily communication tools even all employees are in the same office due to some native advantages like no physical meeting room booking, meeting recording, transcription, and AI note summaries to increase productivity. As video conferences become one of the most critical business tools, IT needs to ensure the quality of each video conference while everyone shares the same WiFi and wired infrastructure where the traffic might impact the bandwidth required for video conferences.
EnGenius AVXpress technology can prioritize voice or video conference traffic like Teams, Google Meet, Zoom, Webex...etc to have high priority from wireless AP’s to wired Switches across the whole network, with simply a few clicks.
Wireless Intrusion Protection
Enterprise network infrastructure is critical and should be protected from intrusion like MITM, Evil twin to steal sensitive corporate data or RF-jaming attack to disable the WiFi service.
· EnGenius “S” series (like ECW220S and ECS230S) provide AirGuard WIPS/WIDS capability to have dedicated radio to scan the environment to detect rogue SSID, Evil Twin or RF jam, so that users can take auto protection to prevent legal clients to connect to rogue AP’s.
Demands and Features Quick Links
Business Office Application | Leads to Key Features (PRO) |
Create multiple radius servers for load-balance of authentication | |
Same SSID with different VLAN clients | |
Media Player and surveillance traffic prioritization | |
Site-to-Site VPN connections among branches and headquarters | |
VPN connection from remote workers | |
WAN redundancy | |
SaaS services | |
Not allow certain IPs to access specific applications or minotor the traffic | |
WIPS |