Coronavirus challenges remote networking
Coronavirus challenges remote networking
COVID-19 sends IBM, Google, Amazon, AT&T, Cisco, Apple and others scrambling to securely support an enormous rise in teleworkers, and puts stress on remote-access networks.
As the coronavirus spreads, many companies are requiring employees to work from home, putting unanticipated stress on remote networking technologies and causing bandwidth and security concerns.
Businesses have facilitated brisk growth of teleworkers over the past decades to an estimated 4 million-plus. The meteoric rise in new remote users expected to come online as a result of the novel coronavirus calls for stepped-up capacity.
Research by VPN vendor Atlas shows that VPN usage in the U.S. grew by 53% between March 9 and 15, and it could grow faster. VPN usage in Italy, where the virus outbreak is about two weeks ahead of the U.S., increased by 112% during the last week. "We estimate that VPN usage in the U.S. could increase over 150% by the end of the month," said Rachel Welch, chief operating officer of Atlas VPN, in a statement.
Businesses are trying to get a handle on how much capacity they'll need by running one-day tests. On the government side, agencies such as National Oceanic and Atmospheric Administration and NASA have or will run remote networking stress tests to understand their remote networking capacity and what the impact will be if they add thousands of new teleworkers. About 2 million people work for the government in the U.S.
Enterprise VPN security concerns
For enterprises, supporting the myriad network and security technologies that sit between data centers and remote users is no small task, particularly since remote-access VPNs, for example, typically rely on residential internet-access services over which businesses have little control. But IT pros should try to verify that these connections meet enterprise standards, according Tom Nolle, president of CIMI Corp.
The home broadband elements, like the ISP and DNS and Wi-Fi, should really be part of a business certification of suitable networking for home work. We find that DNS services like Google's are less prone to being overloaded than ISPs' services, which suggests users should be required to adopt one of them. OpenDNS is also good.
The security of home Wi-Fi networks is also an issue, Nolle said. IT pros should require workers to submit screenshots of their Wi-Fi configurations in order to validate the encryption being used. Home workers often bypass a lot of the security built into enterprise locations.
Education of new home workers is also important, chief strategy officer with DNS software company BlueCat. There will be remote workers who have not substantially worked from home before, and may or may not understand the implications to security. This is especially problematic if the users are accessing the network via personal home devices versus corporate devices.
An unexpected increase in remote corporate users using a VPN can also introduce cost challenges.
VPN appliances are expensive, and moving to virtualized environments in the cloud often can turn out to be expensive when you take into account compute cost and per-seat cost. A significant increase in per-seat VPN licenses have likely not been budgeted for.
On the capacity side, systems such as DHCP, which doles out IP addresses, could come under stress with increased remote-access use. It doesn't matter if there are enough licenses for VPN if the devices connecting cannot obtain network addresses. Companies must test for and understand choke points and start implementing strategies to mitigate these risks.
Along those lines, enterprises may have to validate the number of SSL sockets their data centers can expose for use, or they could end up running out.
Paul Collinge, a senior program manager in the Microsoft Office 365 product team, raised similar concerns. Network elements such as VPN concentrators, central network egress equipment such as proxies, DLP, central internet bandwidth, backhaul MPLS circuits, and NAT capability are put under enormous strain when all employees are using them. The result is poor performance and productivity coupled with a poor user experience for those working from home.
Enterprises might have to increase the number of VPN concentrators on their networks. This way, remote-user connectivity is distributed across multiple VPN endpoints and not concentrated. If that's not an option, businesses may have to open firewall ports to allow access to essential applications, which would enable them to scale up, but could also weaken security temporarily.
Can VPN split tunnelling help?
Industry players are divided on the use of split tunnelling to minimize coronavirus capacity concerns.
VPNs can be set up to allow split tunneling, where only traffic intended for the corporate network tunnels through the VPN. The rest of the traffic goes directly to the internet at large, meaning it isn't subject to the security controls imposed by the tunnel and by tools within the corporate network, which is a security concern. This could lead to remote users' computers being compromised by internet-borne attacks, which could in turn put corporate data and networks at risk.
Despite this, Microsoft last week recommended split tunneling as a way for IT admins to address its Office 365 service becoming congested due to an influx of remote users. In the advisory, Microsoft offers a list of URLs and IP addresses for its points of access and describes how IT can use that information to route traffic directly to Office 365.
The VPN client should be configured so that traffic to identified URLs/IPs/ports is routed in this way, according to Collinge. This allows us to deliver extremely high-performance levels to users wherever they are in the world.
Increased use of remote access VPNs might call for a review of network security in general. For enterprises that are still using a legacy network security architecture, it may be time to consider cloud-based security options, which could improve performance for remote workers and diminish the overall use of the enterprise’s WAN circuits.
Other related developments:
• The FCC called on broadband providers to relax their data cap policies in appropriate circumstances, on telephone carriers to waive long-distance and overage fees in appropriate circumstances, on those that serve schools and libraries to work with them on remote learning opportunities, and on all network operators to prioritize the connectivity needs of hospitals and healthcare providers. AT&T and others have responded.
• U.S. Senator Mark R. Warner (D-VA) and 17 other senators sent a letter to the CEOs of eight major ISPs calling on the companies to take steps to accommodate the unprecedented reliance on telepresence services, including telework, online education, telehealth, and remote support services. In the letter, sent to the CEOs of AT&T, CenturyLink, Charter Communications, Comcast, Cox Communications, Sprint, T-Mobile, and Verizon, the senators call on companies to suspend restrictions and fees that could limit telepresence options. Related to the nation's broadband gaps, they also call on the companies to provide free or at-cost broadband options for students affected by the virus who otherwise lack broadband access for online learning during the outbreak.
• Vendors including Cisco, Microsoft, Google, LogMeIn, Spectrum and others are offering free tools to help customers manage security and communications during the outbreak.
Reference: Networkworld.com
Your Comment :