How NineLab Built a Corporate SD-WAN Platform

Today I want to share the story of how our NineLab team built a commercial-grade SD-WAN platform for secure corporate networking.

We set ourselves an ambitious goal: to create a tool that provides reliable encryption, intelligent infrastructure management, and can serve thousands of users. By moving away from expensive dedicated channels and MPLS, we moved everything to the regular internet through secure tunnels, hiding technical complexity behind a user-friendly control panel.

Key Architectural Decisions

1. Advanced Encryption and Network Threat Protection

To ensure the highest level of security, the platform uses the VLESS/Reality protocol with traffic encapsulation as standard HTTPS. An intelligent incoming connection filter reliably protects corporate nodes: the system automatically distinguishes legitimate connections from automated scanning attempts, redirecting the latter to trusted resources. All traffic undergoes end-to-end encryption with detailed logging and auditing for full information security compliance.

2. Absolute Fault Tolerance and Seamlessness

We implemented a unique feature: each user is issued a single universal access key. If the server is overloaded, a compromise threat is detected, or hardware fails — the system redirects the user to a backup server in real time. The client doesn't even notice problems: the system finds a new path on its own, and there's no need to update the configuration on the user's device.

3. Smart Load Balancer and Rating System

For intelligent load management, we developed a "rating system" — a dynamic indicator of server available capacity. When a new employee connects, their "weight" is subtracted from the node's rating. This allows:

• Achieving high user density on a single server
• Guaranteeing connection quality during peak loads
• Significantly saving on infrastructure costs

4. User-Friendly Frontend Interface

All technical specifics are hidden behind an intuitive cloud control panel:

• For admins: adding and automatically deploying new servers in one click (just specify IP, login, and password). Centralized management of users, groups, and access policies.
• For employees: a clear interface for getting connection configurations and tracking personal statistics. Administrators have access to full monitoring of each employee.

5. Outstanding Performance on Affordable Hardware

6. Complete Corporate Infrastructure Out of the Box

For businesses of any size, we implemented Site-to-Site VPN functionality that connects offices and remote employees into a single private IP space. Our clients get:

• Provider-independent static IPs
• Virtual segments (accounting, IT, marketing)
• Flexible access policies: restrictions by time, ports, and applications
• DNS filtering of malicious sites

Beyond cloud infrastructure, we developed ready-made hardware gateways:

• Basic Gateway (12,000–15,000 ₽): mini-PC/Orange Pi based device with automatic traffic routing for fast office connection out of the box.
• Full Network Gateway (from 50,000 ₽): high-performance device with local firewall, channel load balancing, and autonomous operation when external connectivity is lost.

NineLab Result: We built a system where infrastructure deployment takes minutes, no expensive network administrators are needed, and security and management convenience are at the highest corporate level. If your company needs reliable, easily scalable IT infrastructure — we're ready to give you a personal demo!