A many routed network

Necessity proved the mother of invention for Viprinet and this has helped Wits keep key projects online.

30 November 2016
Simon Kissel, Viprinet

There is something very African about the story behind the creation of Viprinet. Founder Simon Kissel was living in Germany in a town where the broadband connectivity was reminiscent of the South African experience – patchy and unreliable. He recalls that he tried a number of channel-bonding solutions in order to get a reliable connection, but none of them really met his needs. The problem he faced was one that is inherent in IP technologies – that packets are expected to arrive at their destination in a specific order and because of this, channel bonding technologies will route specific transmissions across a single circuit, effectively deciding which information will follow which path.

What Kissel wanted to do was to connect multiple channels and allow the information to flow freely across whatever was the best connection at the time. This would effectively allow him to send some information across (as an example) an ADSL line, some across an LTE link and others across a fibre-optic connection, with the system deciding which link was the best option on the fly. The problem he faced was one of latency. Each one of those examples connects at a different latency and whatever system is receiving the packets needs to be able to understand whether a packet is simply late or is not going to arrive at all and has to be resent. The simple answer was to take a leaf out of the data storage handbook and use a technology similar to that used by RAID storage systems, where information is able to be reconstructed by using parity information sent on one line.

Multiple connections

The effect of this is that packets belonging together can make their way between two Viprinet routers using vastly different routes and still come together at the other side. “While my main motivation was to ensure that we were able to get a stable connection, there was a security benefit that has made the product very popular with organisations that prize secure connections above everything,” he says.

The system may be over-engineered in a very German way.

Simon Kissel

Interception of communications relies on the agency being able to intercept and monitor the entire transmission, and in a traditional connection, all the relevant packets will follow the same path, passing through the points, any of which could be used to intercept the information. By distributing the information across multiple connections with individual packets potentially following completely separate routes to their final destination, it makes it next to impossible to intercept and monitor communications. That’s because, according to Kissel, one part of the communication could be going over a cellular connection while another follows a completely different route, thus making it impossible to reassemble the message in its entirety.

“The system may be over-engineered in a very German way,” he jokes. But it is this approach that has made it popular with the military, police and public safety organisations. Viprinet’s route to South Africa is equally interesting. Wits Health Consortium (WHC) came across the technology because it needed to ensure that the many donor-funded projects run by the university were able to connect to the administration back-end, which had been set up to ensure that they were able to comply with the reporting needs of the donors in a cost-effective manner.

Onerous criteria

Alf Farrell, who heads up the WHC, says the company is responsible for providing support services to a number of projects across SADC run by the university, many of which rely on some level on donor funding for their existence. Because government support for these projects is minimal, it’s essential that they make use of shared services in order to survive on the available budget.

WHC employs some 3 000 people and manages a combined budget of R3 billion across 60 divisions, making it a significant organisation. “Foreign donors often have fairly onerous reporting criteria and fulfilling those criteria can prove expensive,” he says. “For that reason, we built a shared backend that automates much of that, but it requires that the administrators of the projects have a reliable internet connection and, in some places, that’s difficult.” He points out that network connectivity is not just an issue in remote rural sites; even in areas such as Hillbrow, it can be difficult to maintain a reliable network connection.

By leveraging the Viprinet technology, it was possible to run the network across multiple connections, including all available cellular networks so that if one connection was down, the network connection would seamlessly reroute across the available connections. Kissel adds that the partnership with WHC is fortuitous because e-health services are some of the key services that Viprinet wants to target. “This could include access to remote healthcare services, something that has been often punted, but where security is critical,” he says. ENDS