Strained VPN capacity: a must-solve with a remote workforce

Technology makes it possible for many businesses to remain operational as they’ve had to shift their workforce to a remote setting in due to COVID-19 and social distancing guidelines. For some organizations, this shift has not happened without technical challenges: an increase in the number of employees working from home has strained VPN (virtual private network) capacity. This has significantly impacted the ability to reliably and securely connect remote staff to company networks. As a result, some individuals are combining personal technology with the professional tools that they have available to work around the issues caused by inadequate VPN capabilities. While this may enable work to continue in the short term, it also leaves companies more vulnerable than ever to cybercrime.

Even large-scale players are experiencing significant disruptions. CNN reported that the Air Force’s VPN software can only support 72,000 people at once. The Air Force employs more than 145,000 in-house civilian workers and 130,000 full-time contractors.

As businesses send their employees home to work, some companies have been forced to handle VPN capacity issues in a “trial by fire” as they respond to the disruption caused by the coronavirus pandemic.

If your business is experiencing problems with VPN scale and capabilities, here are some tips as recommended by Microsoft:

  • Use split tunnel VPN to save load. Send networking traffic directly to the internet for “known good” and well-defined SaaS services like Teams and other Office 365 services. Sending all non-corporate traffic to the internet is ideal if your security rules allow.
  • Collect user connection and traffic data in a central location for your VPN infrastructure. Use modern visualization services, like Power BI, to identify hot spots before they happen, and plan for growth.
  • If possible, use a dynamic and scalable authentication mechanism, like Azure Active Directory, to avoid the trouble of certificates and improve security using multi-factor authentication (MFA) if your VPN client is Active Directory aware, like the Azure OpenVPN client.
  • Geographically distribute your VPN sites to match major user populations. Use a geo-load balancing solution such as Azure Traffic Manager, to direct users to the closest VPN site and distribute traffic between your VPN sites.
  • Know the limits of your VPN connection infrastructure and how to scale out in times of need. Things like total bandwidth possible, and maximum concurrent user connections per device will determine when you’ll need to add more VPN devices.
  • If using physical hardware, have additional supply on hand or a rapid supply chain source. For cloud solutions, knowing ahead of time how and when to scale will make the difference.

Responding to the technological challenges caused by a black swan event like COVID-19 requires agility and creativity for organizations of all sizes. If you’re having issues with VPN capacity, and you want to employ some of the tips above but don’t know where to start, we can help. We can provide advisory assistance to guide you in the right direction, and even help with choosing the right software to meet your organization’s needs.



Clark Schaefer Consulting
Get In Touch With An Advisor

Subscribe To Get CSH Guidance
Delivered To Your Inbox