Strategies for Managing Network Traffic from a Remote Workforce
Summary
When more of the workforce shifts to working remotely, it puts new and different strains on the infrastructure across different parts of the network. In this post, we discuss strategies for managing surges in network traffic coming from remote employees and share information on how Kentik can help.
When more of the workforce shifts to working remotely, it puts new and different strains on the infrastructure across different parts of the network, especially where VPN gateways connect to the network edge. Without proper visibility, there is no way to know where the issue lies or which resources users are accessing. Kentik provides the visibility you need to ensure the productivity of your remote workforce.
NetOps teams today are contending with a surge in traffic coming from remote employees, and businesses are relying on them to ensure productivity. In many infrastructures, the inflection points are at the network edge, where VPN gateways authenticate and encrypt remote-access traffic. A potential challenge with remote work here is that these users’ devices may become a bottleneck, but most often, it’s the network and not the devices. This could mean the users are saturating the internet connectivity or that they’ve saturated the LAN (or maybe WAN).
One strategy for managing the surge in traffic coming from remote workers is to implement a split-tunneling configuration. As more organizations use SaaS-based conferencing services, such as Zoom, Slack, Microsoft Office 365 (Teams), and Cisco WebEx, this traffic should use the employee internet connection directly, for as much traffic as possible, versus sending all employee traffic through the VPN. This configuration is known as a “split-tunnel” configuration and is set up by rules to exclude specific ports, protocols, or networks. More advanced VPNs can do this by application type. Making this change reduces the volume of traffic being sent to the enterprise network, but also provides a better user experience for the employees, especially as the users conduct more video and audio conferences.
Another strategy is to increase visibility into the traffic flowing between the network edge and VPN gateways and optimize performance. At Kentik, we provide the network visibility that today’s most advanced organizations need, especially when managing and optimizing network connectivity across distributed environments. For example, with Kentik, you can easily see what traffic is being passed to the VPN and tune or change the rules to optimize and secure the traffic while also providing the best user experience.
Kentik provides an easy way to see not only the entire network but also how it’s being used. The richest data sources are from the VPN devices or firewalls. Most often these devices can export NetFlow (or related flow types) or Syslog. Leading VPN solutions also export performance data. Kentik can ingest all three sources as traffic data. Based on the data sources used, these devices can provide deep visibility into the individual user context and session and what resources and types of applications users are accessing.
If the VPN gateways cannot generate flow or Syslog with traffic, the next richest data comes from the edge routers or switches near the VPN devices. These devices can send NetFlow, sFlow, or other flow types to Kentik. When configuring traffic sources, the flow data is sent directly to Kentik over the internet, or it can go through kProxy, a Kentik client that encrypts the flow or Syslog data before sending it over the internet.
Aside from using this traffic data, Kentik also collects information from the network devices using SNMP. This data is used to profile the devices and determine the configuration of the hardware and software. We also collect interface details and metrics using SNMP. This data is useful for Kentik’s automated capacity planning workflows and building topological maps (layer 2 and layer 3 connectivity).
Kentik is the only SaaS platform to provide scalable visibility into any network. We can also turn services up without anyone needing to go to an office or data center. This keeps employees safe at home.
If you have questions, reach out to us at info@kentik.com. We would be happy to answer questions and show you how we can provide the visibility you need so you can ensure the productivity of your remote workforce.