If an army “marches on its stomach,” enterprises counting on employees working from home thrive or fail by the performance of their VPNs. As the number of remote employees surpasses anything we’ve seen before, corporate VPNs are being challenged to keep up.
During a recent webinar, we polled attendees to find out what areas are experiencing the greatest impact due to remote working.
The responses aligned with conversations we’ve been having with our customers, with about half of respondents noting connectivity/VPN, latency, and home network issues as top challenges.
In this post, I will highlight some of the VPN issues our customers have experienced and their resolutions. I hope these stories will help you troubleshoot or anticipate common VPN pitfalls for your organization.
But first, I’d like to share what I’ve found to be a successful strategy for managing increased VPN demand. These steps are based on scenarios I’ve witnessed over the past several weeks as companies have adapted to enabling greater access to corporate resources for home users.
Steps for a Better VPN Rollout
A successful strategy for planning for or reacting to the sudden increase in remote workers is to:
Anticipate the number of simultaneous VPN connections required to be supported.
Understand the bandwidth requirements for the aggregation of those connections.
Optimize VPN connections to ensure only the traffic that is required to flow through the corporate tunnel actually does.
Diagnose application to VPN conflicts.
Provide troubleshooting assistance for poor or overtaxed home wireless networks and ISP connections.
VPN Troubleshooting Stories
The following scenarios are ones that I’ve gathered from my own experiences and those of my colleagues when working with clients. Each is an example of how a common VPN pain point can be resolved through data-driven analysis.
Freed Up Bandwidth
The IT team for a global airline discovered high bandwidth usage that was causing poor performance for end users. Acting on this information, the team decided to enable split tunneling to direct traffic destined for Office 365 applications away from their corporate network. Doing so allowed them to free up VPN bandwidth for secure corporate traffic only.
Prevented Future Crashes
Frequent VPN crashes can be extremely disruptive for your remote workforce and are also a fairly common issue. In fact, I have three separate stories to share with you, each with a unique root cause and solution.
For one large global company, VPN crashes were so severe that some were even resulting in BSODs. While investigating the problem, the IT department found that a conflict between a critical application and the corporate VPN was to blame.
Another client experiencing disruptive crashes correlated the problem with a related remote work concern. For them, it was highly variant wireless network strength over the course of the business day that was causing their VPN issues.
Finally, a large global consulting company correlated crashes to a need to update their laptop biometric drivers (for fingerprint authentication) on their workstations. By pushing out a driver update, the IT team was able to stabilize VPN performance and improve end-user experience.
In the poll results I mentioned earlier, latency was the #1 shared concern IT pros had around remote working, and for good reason.
At a large global entertainment/news organization, the IT team pinpointed very high connectivity latency related to usage of their VPN. The team was able to trace the problem to bad routing table mappings, which resulted in some sites using the wrong VPN servers. By properly configuring the VPN to use the right target servers, the team cleared up this problem.
Prevented an Unnecessary VPN Upgrade
As we’ve seen, sometimes the problem is the VPN, but sometimes it’s something else entirely. When a midsized global architecture firm started experiencing poor VPN performance, the assumption was their budget VPN solution was to blame.
In the end, the team proved the performance issues were not due to the VPN, but issues with users’ operating systems. Additionally, IT identified errors due to incorrect activation of the VPN inside office buildings along with some routing problems. In one case, users in New York were accessing internet gateways over 1,000 miles away in Florida.
This is a perfect example of how IT can use data to combat human bias. Rather than upgrading to a more expensive VPN solution, the team saved the business money and addressed the true problems.
How to Measure and Improve VPN Performance
What tools and techniques did the above organizations use to resolve their VPN woes?
Lakeside has worked extensively over the past several weeks to assist companies with their remote worker projects, both at the planning phase as well as ongoing remote monitoring. A few lessons learned are presented below along with how SysTrack was used to help diagnose and mitigate the root causes of several client support issues.
What are the required connections?
Observed concurrent 7-day user behavior, i.e. what is the peak number of users throughout the week at any point in time?
An out-of-the-box visualization of a typical week of user activity. This identifies the kind of concurrent connections required to keep a remote workforce productive.
How much bandwidth is required?
Observed actual bandwidth load on a per application basis.
Cumulative bandwidth requirements are easily determined by knowledge of the daily use of applications and their network requirements.
How can we optimize VPN configurations?
Used SysTrack Resolve* to keep the traffic flowing as required.
*Resolve is real-time analysis tool used to troubleshoot system and/or network issues.
NIC (Network Interface Card) connection history and real-time use can be viewed in a timeline to see which NICs were active when/if issues arise.
How can we troubleshoot VPN conflicts?
Used SysTrack AppVision* to observe application faults, shared VPN/application .dlls and/or runtime modules to identify conflicts which cause abrupt application crashes or connection losses.
*AppVision provides detailed analysis on a given application.
SysTrack Resolve’s Black Box Data Recorder showed the history of every connection to/from the end user’s device(s). Also, wireless signal strength variations were viewed to determine the overall health of the wireless environment. Additional SysTrack tools assisted in determining if the home network is saturated.
With multiple users of the home network, bandwidth saturation and wireless device conflicts are common. Most corporations don’t have tools to diagnose home networks or the resources. SysTrack can provide an easy, non-intrusive, high level view of what’s going on with the network.
Getting Started with VPN Performance Monitoring
I hope you find these stories helpful in jumpstarting your own VPN performance investigations. We are here to assist your company in this time of increased stress on the workforce and the IT resources trying to support them.
For current SysTrack customers: If you have not already, we encourage you to import the free remote work SysTrack Kits containing dashboards and reports that surface critical insights for delivering a positive digital experience for your remote workers.
For non-SysTrack customers: Lakeside is offering a free cloud trial of SysTrack with additional dashboards for remote work monitoring and support. To learn more, visit our remote work page.