Secure Data Transmission in Decentralized Networks

Our team of cloud experts helped SOTEC Software Entwicklungs GmbH + Co Mikrocomputertechnik KG implement a lean and reusable infrastructure solution to solve the challenge of distributed networks using Google Cloud Platform (GCP) best practices.

SOTEC helps companies develop digital solutions in the areas of IoT, ML and cloud technology – from specialized hardware to end-to-end platforms and architectures. Deep practical expertise in IoT, industrial automation, manufacturing, retail and cloud computing enables the company to deliver best-in-class solutions to its customers that meet their individual needs.

SOTEC offers its customers a reliable and audit-proof archiving system to securely store and retain sensitive and tax-relevant financial data. Especially for retail customers with a large network of decentralized branches, it is often a challenge to transfer the data to the archive system. The reason: Many locations are only available within the company WANs. In order to be able to provide the service, VPN routes to the target networks now had to be set up for secure data transfer and these were flexibly connected to the service endpoints. Customer-specific dependencies in the service infrastructure had to be avoided.

First a VPN connection with Cloud VPN was set up and a shared Virtual Private Cloud (Shared VPC) was created in a separate environment. This way, the environment in which the application is hosted is not directly affected. It also provides the flexibility to later use this connection in other systems on the GCP.

A virtual machine of the Compute Engine was set up in the target environment. This was then connected to both the network in that environment and the shared VPC that hosts the VPN connection. The Compute Engine thus serves as the NAT gateway for all services on the system that need to connect to the clients’ network. It also forwards all TCP requests to FTP ports coming from the client environment for processing by the application’s FTP server.

Since the complete configuration of the NAT gateway virtual machine is defined in a script that is executed during startup, it was possible to host this machine in an instance group. This guaranteed that the system would be permanently operational.

Using Cloud Monitoring, it was also possible to set up notification rules that kick in when something goes down on the VPN or NAT gateway components of this system.

“The implemented solution using Cloud VPN and Shared VPC solved the connectivity issues we had with the customer systems. The network infrastructure we had set up for us on the Google Cloud allows us to securely connect to our customers’ systems, driving the success of our archiving solution.”

– Simon Leichtle, Product Owner, SOTEC

Public Cloud Group (PCG) supports companies in their digital transformation through the use of public cloud solutions.

With a product portfolio designed to accompany organisations of all sizes in their cloud journey and competence that is a synonym for highly qualified staff that clients and partners like to work with, PCG is positioned as a reliable and trustworthy partner for the hyperscalers, relevant and with repeatedly validated competence and credibility.

We have the highest partnership status with the three relevant hyperscalers: Amazon Web Services (AWS), Google, and Microsoft. As experienced providers, we advise our customers independently with cloud implementation, application development, and managed services.