Networking Tips to Accommodate a Sudden Work-from-Home Scenario
In this article
Previously, we shared how to enable employees during a sudden work-from-home scenario — the technologies and strategies that can keep them safe and connected even when physical interaction is limited.
But these tools only work when there's network connectivity. Unfortunately, today's enterprise networks weren't designed for a large number of employees accessing corporate resources from home.
Whether your organization is in the midst of a sudden remote work scenario or trying to put a plan in place, here are some areas of consideration when figuring out how to maintain network connectivity.
While your existing internet pipes can support your employees' browsing needs, it's unlikely they will be able to handle the flood of traffic you'll see when newly remote employees are trying to access corporate resources from home. Also keep in mind that you'll see an increase in traffic between security tools and endpoints, many of which now reside outside the corporate network.
If your network already has nodes in colocation facilities, it's relatively fast and easy to turn up internet bandwidth at those locations. Usually it can be done in less than a week. But if your network is without these nodes, you're probably looking at between 90-120 days to turn up more internet through your existing fiber.
Luckily, in either scenario, there are ways for your existing internet to work smarter.
- If your internet access is delivered on a scalable connection, talk with your provider about the time requirements necessary to dial up available bandwidth.
- Consider using readily available services, such as cable internet for general internet traffic like web browsing which will allow you to reserve primary internet access for inbound connectivity.
- Use split tunneling on VPNs to avoid traffic that would traverse the internet connection multiple times for a single session.
- Consider SaaS-based security solutions that can be turned on quickly and protect traffic between users and applications without the necessity of a VPN.
It's incredible to think about the number of SaaS applications that your organization uses. Okta conducted research that showed 129 applications in use per company, and that number only accounts for applications that use Okta single sign-on.
This is why it's critical to get visibility into SaaS applications. How often are they used? Where do they reside?
Answers to these questions will allow you to explore where remote users can connect with SaaS providers directly over the public internet, freeing up bandwidth on your private internet connection.
And generally speaking, the more you can rely on SaaS solutions in this scenario versus legacy applications that reside inside a private data center, the better.
- Profile your top users to understand which applications are used most frequently and where those applications reside in relation to the user.
- Learn which applications may be used infrequently but are mission-critical.
- Review agreements with SaaS providers to determine if traffic between the user and the application is securely encrypted and can be safely routed across the public internet without passing through corporate security devices.
- If it's available, review flow information between your corporate users and application resources. This flow data paint a fairly detailed picture of traffic the same users will be generating from home. During review, be sure to add a margin for overhead created by encryption and tunneling technologies.
Your network will become bottlenecked, even choked, when traffic starts flowing from the home to corporate resources. The most common choke points become the users home internet access and the internet access serving the corporate network.
For instance, in a corporate network, it is common to have a 1 Gigabit link between the users' work desktops and the resources they access in the data center. It is also common to have private engineered links between corporate facilities around the world.
By contrast, many home users will be working with bandwidth measured at rates such as 25, 50 or 100 megabits per second, all of which are less than 10 percent of that provided at their work desks. If users are highly geographically distributed, less-than-ideal internet speeds might be compounded by delays as their traffic is traversing the globe.
In many cases remote users are using VPN technologies that are deployed with a primary and backup hub location. These locations were architected to handle normal traffic flows. During a sudden work-from-home scenarios, normal traffic flows will increase by orders of magnitude.
The goal should be to provide a more regional connectivity model to reduce latency and avoid hair-pinning traffic through network choke points.
Think about where your ingress and egress points to the corporate network exist and ask if they are distributed to provide optimal access for a globally distributed workforce.
- Poll your employees now about the size of their home internet access and where they'll be located to identify potential choke points.
- Consider work-from-home policies that can help offset the cost of larger bandwidth for home users.
- For customers who have global deployments with carrier-neutral facilities, consider distributing the inbound connectivity load across regional points for remote-user connectivity or using a managed VPN service that offers global access points.
- Make sure the flow of traffic between your employees and customers is accounted for when planning.
- Consider opportunities to stagger worker shifts to help decrease peak usage.
When the above measures are in place, you'll still need to monitor network health.
The network provides volumes of information around faults, uptimes and performance. These data and analytics can be directly tied to business metrics such as customer satisfaction, employee efficiency and resource planning.
Unfortunately, most network health tools are focused on the corporate network. With a massive shift of the workforce off the corporate network, these metrics may break or provide highly inaccurate results.
- Audit your network monitoring tools to ensure you are capturing analytics from internet egress/ingress points as well as from remote-access VPN sites.
- If your organization develops most of its own business applications, consider instrumenting the apps with performance monitoring code that can provide granular data about the user's experience and the path between the user and the data.
- Identify instances where your business depends on metrics from your network tools. Understand the impact that dramatic changes to network metrics may have on the business and how to mitigate those challenges.
In this current environment, not only do we have to account for a newly remote workforce, but travel has also been restricted. Services, field engineering and other staff may have difficulties arriving to perform onsite jobs.
Luckily, we live in a time where zero-touch provisioning has made big advances and can serve as a helpful workaround when travel is restricted.
- In situations where physical gear is required to create a remote-worker setup, seek out solutions that make it easy for the end user to plug and play necessary equipment and reduce or eliminate human touches during deployment and configuration.
- Most network-related functions are now available in virtual editions and can be deployed without onsite resources, so consider virtual editions whenever possible.
- For rapid turn-up options, check with your network carrier and any carrier-neutral facilities already incorporated within your network to see what network services they can provide as virtual instances.
Which of these interventions prove most useful will depend on your networking architectures. I hope you will reach out to me with questions about any of the above tips.
Whatever your current situation, we are here to make sure you have the connectivity you need to remain operational, safe and productive.
Thank you to Dr. Justin Collier for contributing to this article.