This two-part blog series offers strategies to ensure VPN performance and safety. Read on for tips on performance and tune in next week to learn about DDoS protection.
Are our business applications performing well for employees? Is VPN gateway capacity sufficient for our remote workers? While the questions are familiar, they take on unprecedented urgency when asked within the context of the current COVID-19 pandemic.
Companies have implemented unprecedented global work/learn-from-home policies, making VPN gateways a critical business lifeline. After all, employees that cannot access key business applications cannot do their jobs. But this crucial link is also vulnerable to performance issues driven by high user demand. Today, building a robust VPN support strategy needs to go well beyond adding VPN capacity and internet link bandwidth to alleviate degradations to performance and access. Rather, IT teams must be able to quickly analyze resource consumption, prioritize essential services, and rapidly solve performance issues. Here’s what NETSCOUT recommends:
- Institute bandwidth and throughput quotas. IT should institute policies to manage remote access, starting with sensible quotas on per-session bandwidth and throughput. As part of this, make sure that termination capacity, bandwidth, and throughput can scale according to demand.
- Communicate and enforce acceptable use polices. IT can help manage overburdened VPNs by making it very clear to remote workers which systems require VPN access and which do not. Many office productivity applications, for example, don’t need VPNs. And non-business applications, such as online gaming and streaming video platforms like Netflix, are definitely verboten. Split-tunnel VPNs, which direct all internet traffic through local home networks, can be effective alternatives.
- Use the right access controls. Make sure you have implemented the access controls specific to your VPN concentrator. For example, a generic SSL/TLS-based VPN concentrator will have different network polices than an IPSEC-based remote-access VPN concentrator.
- Regionalize remote-access infrastructure. For companies with geographically dispersed employee pockets, regionalized remote access network infrastructure can help distribute internet access and intranet network loads related to remote access, while at the same time ensuring increased resilience to attack or other potential service interruptions.
- Use network traffic for analytics. Packet-level network visibility tools such as NETSCOUT InfiniStream/vSTREAM products implemented within the public-facing network infrastructure provide holistic as well as granular data that helps teams accurately diagnose issues and better allocate bandwidth or build specific services to alleviate problems.
Hildebrand is a senior strategic marketing writer at NETSCOUT.