As we all do our part to respond to the COVID-19 global pandemic, preparing your infrastructure for remote workers has become a top priority for organizations all around the world. However, many IT teams have come to realize that their infrastructure is not up to the task of 100% of their workforce working remotely.
What does your infrastructure look like?
Even if you’ve migrated to cloud computing for your basic office service and every user has a laptop computer, you may still encounter issues due to overtaxed, and under-provisioned, infrastructure. As you start preparing your infrastructure for remote workers, we suggest you examine the constraints of your infrastructure and add additional monitoring to prevent hitting unexpected capacity limits.
Where are your limits?
One key area where your team might hit maximum capacity is your VPN. Whether you’re working with Juniper, Cisco, or NordVPN, you’ll need to ensure you have enough capacity to keep your remote team working and productive.
Your VPN concentrators and firewalls have limits. Bandwidth constraints, licensed throughput limits and licensed connection counts can all become unexpected limits when we have so many remote workers. Knowing what those limits are ahead of time can save your team some pain and frustration.
Determining your VPN utilization limits:
Are your limits technical?
Once you know your VPN system limits, consider what those limits are, and what they mean for capacity planning. Is it licensed for all the concurrent users you expect?
You can graph this utilization using an SNMP metric to track trends and set up alerts so you will know if you’re approaching your limit. The same is true for throughput caps, as some vendors limit the throughput on the device. You can graph the data flowing through your device to know if you are likely to need an upgrade.
Are your limits policy and procedural?
Next, what is your VPN policy? If your VPN policy forces all Internet traffic from your remote users through the VPN you may hit bandwidth limits on your internet links. The alternative allows for a split tunnel in which only traffic destined for your internal infrastructure is routed via the VPN. You may have security policy or regulatory requirements to route all traffic via the VPN. You’ll need to account for this, and choose the procedure which works best for your organization.
You need to consider your monitoring infrastructure as well. Are you prepared for all the user traffic for remote workers to traverse this part of your network? What happens on Patch Tuesday when all of your remote worker’s laptops attempt to run their updates?
How do you better prepare for this?
If you are monitoring VPN utilization and bandwidth you will be better prepared to answer these questions and make the changes needed to keep your users remote working time productive. Having a set policy and guidelines for your remote workers to follow can also help prevent running into issues with unexpected VPN capacity limits.