The COVID-19 situation has forced businesses globally to close their front doors, forcing staff to work from home. The pandemic has put a huge strain on IT departments as they race to get their colleagues the correct equipment and remote access to applications and services they require to perform their normal business functions whilst working from home.
Business Continuity Plans are being executed and for many, this means setting up the correct secure access for users to access apps and services which are being hosted inside a business LAN (Local Area Network). To allow secure access, VPN (Virtual Private Network) is used.
Read more about Fine-Tuning Business Continuity Plans here.
What does a Business VPN do?
VPN technology uses a variety of different secure network protocols to create a secure encrypted tunnel to route traffic from machines and laptops across the public internet network into their business local networks. The result, users can access business apps and services which are hosted out of their businesses local networks from home or remotely without compromising security.
The image above shows a high-level overview of a Client VPN tunnel.
Although a proven method to access apps and services from home. There are many downfalls with this traditional architecture:
Client VPN configuration is a tedious task to set up and configure. In many instances, they aren’t set up with security in mind. Client machines require a headend device to communicate with, normally a firewall or router which is capable of performing VPN functions being hosted within the business local area network.
VPN profiles are configured to set up access on these headend devices to remote users, however, most profiles are set up to allow users total access into the environment. As a result, the user doesn’t necessarily have the appropriate security permissions and therefore there is no limit on what files or data among other things they can access on the businesses network.
Capacity Planning & Performance Challenges
Capacity planning is required on the headend firewall or routers. As nearly all employees are now forced to work from home an enormous strain is put on these appliances to perform. Many businesses have not planned or expected for the rapid need to enable an entire workforce to work from home/remotely and in result, these appliances are being over-utilized, leading to degraded performance and poor user experience for remote workers.
Headend appliances, such as firewalls and routers, require a user count for licensing to enable client VPN functions. Many businesses will not have the appropriate licensing to allow all staff to access VPN remotely. This could cause an issue for remote workers and some users who try to connect will not be able to connect due to all the licenses being consumed by other remote users.
There can be complications with VPN connection establishment and there can be several factors which stop a successful VPN tunnel from establishing. For instance, upstream firewalls could be blocking essential ports required to establish the client VPN tunnel.
There could also be a secondary device performing the network address translation (NAT) above the VPN device could lead to double-NAT issues if the port forwarding rules are not created correctly.
You can read more about NATs here.
Overall, there are an array of configuration and scalability issues that could arise with VPN being used for enabling a workforce to work remotely.
What can be done to solve VPN issues?
Although the traditional model of VPN client connectivity is still valid there are an array of options now available to overcome the headaches of traditional client VPN solutions. These are:
1. Replace Client VPN Solutions with Teleworker Gateway Solutions
Remote teleworker solutions are now available from most leading networking vendors. These solutions allow users to be provided with or shipped a piece of hardware which they plug into their home network. Once connected, a VPN tunnel is established automatically back to the businesses’ local area network. The users then plug directly into the unit or connect to the same wireless network they would as if they were in the office.
This video gives a great overview of a Cisco Meraki teleworker gateway device.
The teleworker gateway solutions are normally built and designed appropriately. By using this solution, there is no need for a complex configuration of client VPN profiles, worrying about capacity planning or licensing on headend VPN appliances.
In addition, the majority of the leading teleworker solutions offer the ability to perform complex network functions such as NAT-Transversal and cloud management and monitoring to overcome complications that could arise from upstream devices stopping or preventing VPN tunnel establishments!
2. Adopting Cloud First Ways of Working
Migrating legacy applications and services to SaaS (Software as a service) applications can drastically change your businesses’ need to use VPNs. In some instances, it could remove the need to use VPNs at all. This is because instead of housing applications and services on-premise in your own data centre environment, they are instead cloud-based and accessible to authorised devices and users. In return removing the requirement of needing a VPN solution for your end-users to be able to access applications and services while working remotely.
Prime examples of cloud-based tools for working are Google’s G Suite and Microsoft’s Office 365. Both office suites are SaaS applications. The use of G Suite or Office 365, removes the need for users to access business local networks over a VPN as files and documents are created, worked on, and stored in shared drives that are hosted in the Cloud and enable secure remote access by default.
3. Get Remote Working Help
If you’re struggling to set up a remote workforce or not sure if your current solution is allowing for the best performance, security, or cost-savings results for working remotely, reach out to us for your no-obligation consultation.
Our team has experience with network engineering, cloud transformation, and development solutions. Dynamo6 is committed to helping businesses adopt the right technologies and services to enable them to succeed.