VANDA
Secure Cloud-to-Device Connectivity Appliance
A network appliance that bridges cloud infrastructure with field devices — inside networks you don't control, without touching a single firewall rule.
Cloud services that had to reach inside networks they couldn't touch.
The software systems at the core of the project were incompatible with standard cloud hosting — yet the operational model required centralized, cloud-based service delivery. The fundamental tension: how do you run services in the cloud while maintaining direct, reliable communication with devices physically deployed inside customer networks — networks you don't control, can't reconfigure, and must not disrupt?
Traditional approaches required either compromising the cloud architecture, or asking clients to open inbound access on their firewalls. Neither was acceptable in regulated or security-sensitive environments.
How do you run cloud services that communicate directly with field devices — inside networks you don't control, can't reconfigure, and must not disrupt?
A device that reaches out. Nothing reaches in.
Thelis designed and manufactured VANDA: a compact network appliance that automatically establishes an outbound VPN tunnel to the cloud infrastructure the moment it powers on. No client-side configuration. No firewall exceptions. The connection is always initiated by the device — never from the outside in.
Outbound-only tunnel
The VPN tunnel is always initiated by the device itself. No inbound traffic. No firewall exceptions. No infrastructure changes on the client's side — ever.
CRM-authenticated provisioning
Each unit authenticates against a central CRM before receiving any configuration. No manual provisioning step in the factory or in the field — fully automated from first boot.
Multi-tenant isolation
With 400+ active tunnels, rigorous VPN routing isolation ensures no traffic can cross between client networks — not as a configuration, but as a structural guarantee.
Software or hardware deployment
The same stack runs as a physical appliance or as software on existing on-premise servers — covering Xefi servers and Sentinel truck units operating in the field.
400 active tunnels. 800 devices. Zero changes to any client network.
~400 active VPN connections managed across 800+ deployed devices, spanning time management, access control, IT infrastructure, monitoring, and R&D — including remote maintenance on mobile Sentinel truck units operating in the field.
The result is a unified connectivity fabric: cloud services communicating directly with field devices, regardless of what network they sit behind — with no compromise on security, no burden on the client, and no dependency on their infrastructure team.
Key Challenges
Secure serialized production
Scaling from prototype to series production meant solving a non-trivial problem: every unit had to be plug-and-play out of the box while maintaining strong security guarantees from first boot. This required engineering a secure auto-discovery mechanism — each device authenticates itself against the central CRM before receiving any configuration, with no manual provisioning step in the factory or in the field.
Minimal footprint in locked-down networks
Many deployment environments operate under strict network security policies. Integrating VANDA without impacting existing infrastructure meant designing for minimal dependencies, zero inbound traffic, and full control over the access paths — the device reaches out; nothing reaches in.
Strong multi-tenant network isolation
The cloud layer serves multiple end clients simultaneously. Ensuring that one client's network traffic could never leak into another's — even accidentally — required a rigorous isolation architecture at the VPN routing level. With 400+ tunnels active, this is not a configuration detail. It's a structural guarantee.
Hiding complexity without losing control
The platform's users range from network engineers to field technicians with limited security knowledge. The wrong action — misconfiguring a route, granting excessive access — can have real consequences. The UX challenge was to make the system fully configurable for technical users while making dangerous actions invisible or impossible for everyone else.