info@yenlo.com
eng
Menu
API Security 4 min

Physical connectivity

Peter Gelpke
Peter Gelpke
Project Manager & Scrum Master
Physical connectivity
4 min

Published

July 4th, 2025

By

Peter Gelpke Project Manager & Scrum Master

Categories

Tags

Care to share

This blog discusses physical connectivity, from a project manager’s perspective. Are you managing integration projects? Have you ever been confused by technical jargon that only a few specialists understand? Did you file tickets at various suppliers, which in the end bounced back to you? Then this blog may help you.

In this blog, you will find more information on physical connectivity, which touches on transport level security. A better understanding will help you to maintain an overview, needed to drive a complex issue to a solution. Concepts may be simplified in this blog. Practical challenges are given. For those interested, more detailed information is available online.

Physical connectivity, by site-to-site VPN, or by mutual TLS over Internet

When dealing with integrations and API’s, ‘connectivity’ normally refers to physical connectivity. It is a condition for two applications to ‘speak’ to each other, e.g. through API calls. Physical connectivity does not touch on the underlying data being exchanged, nor on the application identities being used (unless by mutual TLS). Integrations often cross organizational boundaries, requiring connectivity over the (public) Internet, or private connectivity, between the (secure) networks of the organizations involved. Two common connectivity solutions that Yenlo realizes are:

  • site-to-site VPN (transport level & infra)
  • mutual TLS, over Internet (application level).  TLS is also known as SSL/TLS

Other connectivity solutions are available, for example websockets over TLS.

How to secure physical connectivity

Both methods provide encryption of data transmission (i.e. on transport level), ensuring data integrity and data confidentiality. Be aware of the distinct characteristics of each method:

  • site-to-site VPN delivers ‘always on’ connectivity, not necessarily end-to-end (and without authentication of sending and receiving application), typically limited to the ‘bridge’ between two independent, secure networks (sites). This fits when multiple applications between two sites need to speak to each other.
  • mutual TLS is initiated per session, end-to-end, using certificates to authenticate sending and receiving application, or client and server. Mutual TLS is often used to secure traffic over the public Internet. Many security officers regard mutual TLS as sufficiently safe when used over an insecure network, depending on the integration. This approach is typically suitable for those integrations where investing in a permanent VPN solution may not be practical.

Please note: other forms of VPN exist, such as remote access VPN. This is typically used when a client (e.g. laptop) needs to remotely access an office network, through dedicated client VPN software. Also, one-way TLS is an option, in cases where server authentication is sufficient, not requiring client authentication. Finally, VPN and mutual TLS provide a solution between known parties. Some API’s are publicly exposed, which will be covered by a separate blog.

Encrypted physical connectivity, either by site-to-site VPN with IPsec, or by TLS with certificates

Encryption is in practice the standard, and can be realized by TLS, using certificates. However, Yenlo’s preference to secure connectivity between Yenlo Connext (iPaaS) and a customer is through site-to-site VPN, based on IPsec. IPsec is a very common solution to encrypt site-to-site VPN traffic, encrypting data in (low level) IP packets. As such, IPsec implementation interferes on OS level at both ends, i.e. on transport level – not application level. IPsec is a versatile solution and delivers encryption, but keep in mind that authentication needs to be enforced on top of it, i.e. on application level.  

In contrast, TLS does not interfere on OS level. It encrypts data-in-transit, end-to-end, i.e. on application level (and in addition, it enforces authentication). Application level security will be elaborated by a subsequent blog.

Overcome practical challenges in physical connectivity

What situations might occur in practice?

  1. Organizational. Expect throughput time to establish connectivity, even though the technology is well known.  Several parties and skills are involved, when 2-3 months to completion is no exception. For example, a third party network provider may need to be linked up.
  2. Design. Be careful to align stakeholders. For example, the Security Officer needs to agree on security measures. And is a failover VPN required? How to separate production traffic from non-production traffic? For VPN, is static or dynamic routing required?
  3. Realization. An overview of who needs to do what, and in what sequence, enables you to avoid disrupting surprises. The involvement of various skill sets typically implies handover and time-related risks – be aware.  Any ticket may delay due to overload of the team involved. Often, illness or holidays of a key person blocks progress. Without slack in your planning, expect to spend considerable time on replanning once a delay in a tight planning occurs.
  4. Operations. Be aware of potential connectivity issues. For example, a telecom provider ‘forgets’ to announce a simple OS upgrade on a Sunday evening, which may result in a connectivity failure, and subsequently in panic during the following Monday morning. Without a clue, initially, about the root cause.  Therefore, ensure that your support team has access to comprehensive, up-to-date configuration documentation. Don’t let your support team guess whether documentation is outdated, or still actual.
  5. Challenges. All too often, an organization is dependent on that single champion who knows all. Be careful. Next, connectivity comes with a lot of details, requiring alignment between parties. Avoid endless ticket communication. Instead, promote interactive, joint sessions for resolution on the spot.

Summary

Physical connectivity is one of the keys to successful integrations. The technology is well known, but you may encounter challenges. This blog assists you in overcoming such challenges when they occur. Two main instruments have been presented, i.e. site-to-site VPN and (mutual) TLS, each with its own characteristics.

More topics will be covered in subsequent blogs. Continue reading here

CTA: Want to know how to set up secure and stable connectivity for your integration project? Talk to our experts.

Peter Gelpke
About Peter Gelpke

Peter is a certified Project Manager & Scrum Master, with more than thirty years experience in ICT. He has developed a preference for technically complex projects in a multidisciplinary environment, focusing on alignment between business and ICT. Peter has acquired extensive experience in managing integration projects, end to end.

All blogs by Peter

Whitepaper: API Security

wp API Security mockup
Download Whitepaper
Prev
Prev
Why demand forecasting is becoming increasingly important
Next
Application level security and access
Next
eng
Close
What's on our menu
Whitepapers