Jul 02 2020

How to Ensure a Business’s VPN Can Handle the Work-from-Home Workload

Ensure that employees have a steady connection with these easy tips.

Telework has been gaining in popularity among businesses for at least 10 years, as the technology to support it continues to improve. But this year, for many organizations, working from home became the only way employees could do their jobs for months at a time.

Under normal circumstances, when a relatively small number of employees are working from home on a given day, a business’s VPN performance is probably fine. But when an entire team is working remotely, VPNs may struggle to handle the load and may not be capable of supporting processing and network use for so many people at once. This can cause significant slowdowns and can even prevent some users from connecting to the VPN.

A solid connection is vital to remote workers, who are using equipment from a variety of sources — company-issued laptops or their own computers — to access organizational computing resources, such as email, calendars and other applications, as well as files, databases and more.

VPNs, the traditional security solutions for remote access, are a critical tool. Try these best practices to ensure that your VPN can adequately support your workforce during times of peak demand. 

How to Improve Your VPN's Infrastructure

The obvious way to handle greater VPN use is to increase the capacity of the VPN infrastructure itself. There are several ways to do this (and some can be used simultaneously).

  • Increase network bandwidth for the VPN servers. This usually means ensuring that the path between the internet and each VPN server has enough bandwidth. But in some cases, there may also be a need to increase the bandwidth between the VPN servers and the business resources being accessed through the VPN.
  • Deploy additional VPN servers. This not only adds sheer capacity, but also can improve VPN availability, especially if the servers are deployed to multiple locations. By implementing load balancing, a business will create a more flexible and resilient VPN infrastructure, one that can transparently send users to the server best able at the time to meet their needs.
  • Be proactive with VPN server management and security. Make sure to maintain the servers well; for example, keep them fully patched. This reduces the risk of compromise and removes flaws in the VPN software that could impair VPN server performance.

Another proactive step is to use distributed denial of service protection measures so that VPN servers and the networks they use can’t be overwhelmed by attackers.

Separate Traffic Flows on Your Network

Some network distancing can also ease the flow of traffic. For decades, VPN best practice has been to avoid split tunneling — dividing a user’s network traffic so the portion relying on the business’s resources goes through the user’s VPN connection, while the rest of the user’s traffic bypasses the VPN.

MORE FROM BIZTECH: The networking needed for widespread remote work.

Split tunneling was considered too risky because an attacker could abuse it to pass traffic across networks through the less secure device. But most network traffic today is encrypted — and many devices often use two networks at once (for example, Wi-Fi and a cellular network) — so this risk has been re-evaluated, and more organizations are now enabling split tunneling.

This can significantly improve performance for users and also greatly decrease the volume of network traffic passing through the VPN. For example, with split tunneling, users’ laptops can download large operating system updates directly from vendors instead of passing all those updates through the business’s VPN infrastructure.

Change How Employees Use the VPN 

Sometimes, relatively simple changes to how people work and the processes they follow can make a big difference in a VPN’s performance. One example is staggering work hours when possible so that not everyone in the business is trying to access the VPN at the same time each day. 

Another idea is to have remote workers do certain tasks locally rather than over the business’s internal networks, as they would if they were in the office. Instead of remotely editing a large document over the VPN, a user could download it, edit it locally, then upload it once it’s complete. That should take far fewer VPN resources than using the VPN all day while editing the file.

Of course, VPN architects and administrators don’t usually have the authority to implement changes in how a business’s employees do their work. But they are uniquely qualified to monitor the VPN’s usage and look for patterns that indicate bottlenecks, excessive resource consumption and other potential problems.

By analyzing those patterns, VPN experts can provide insights to management about what the problems are and how they might be resolved.

Prykhodov/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.