How to Improve Your VPN's Infrastructure
The obvious way to handle greater VPN use is to increase the capacity of the VPN infrastructure itself. There are several ways to do this (and some can be used simultaneously).
- Increase network bandwidth for the VPN servers. This usually means ensuring that the path between the internet and each VPN server has enough bandwidth. But in some cases, there may also be a need to increase the bandwidth between the VPN servers and the business resources being accessed through the VPN.
- Deploy additional VPN servers. This not only adds sheer capacity, but also can improve VPN availability, especially if the servers are deployed to multiple locations. By implementing load balancing, a business will create a more flexible and resilient VPN infrastructure, one that can transparently send users to the server best able at the time to meet their needs.
- Be proactive with VPN server management and security. Make sure to maintain the servers well; for example, keep them fully patched. This reduces the risk of compromise and removes flaws in the VPN software that could impair VPN server performance.
Another proactive step is to use distributed denial of service protection measures so that VPN servers and the networks they use can’t be overwhelmed by attackers.
Separate Traffic Flows on Your Network
Some network distancing can also ease the flow of traffic. For decades, VPN best practice has been to avoid split tunneling — dividing a user’s network traffic so the portion relying on the business’s resources goes through the user’s VPN connection, while the rest of the user’s traffic bypasses the VPN.
Split tunneling was considered too risky because an attacker could abuse it to pass traffic across networks through the less secure device. But most network traffic today is encrypted — and many devices often use two networks at once (for example, Wi-Fi and a cellular network) — so this risk has been re-evaluated, and more organizations are now enabling split tunneling.
This can significantly improve performance for users and also greatly decrease the volume of network traffic passing through the VPN. For example, with split tunneling, users’ laptops can download large operating system updates directly from vendors instead of passing all those updates through the business’s VPN infrastructure.
Change How Employees Use the VPN
Sometimes, relatively simple changes to how people work and the processes they follow can make a big difference in a VPN’s performance. One example is staggering work hours when possible so that not everyone in the business is trying to access the VPN at the same time each day.
Another idea is to have remote workers do certain tasks locally rather than over the business’s internal networks, as they would if they were in the office. Instead of remotely editing a large document over the VPN, a user could download it, edit it locally, then upload it once it’s complete. That should take far fewer VPN resources than using the VPN all day while editing the file.
Of course, VPN architects and administrators don’t usually have the authority to implement changes in how a business’s employees do their work. But they are uniquely qualified to monitor the VPN’s usage and look for patterns that indicate bottlenecks, excessive resource consumption and other potential problems.
By analyzing those patterns, VPN experts can provide insights to management about what the problems are and how they might be resolved.