blackzheep - stock.adobe.com
The spread of the novel coronavirus caused enterprises to analyze their networks to ensure they can handle increased traffic and support a remote workforce.
But how do enterprises know they're prepared? What services might they need to sustain a productive remote workforce? Where are the potential network stress points? It's a complex picture because many parts are interrelated.
Analyze required services and traffic estimates
The first step in any IT systems change is always to perform a requirements analysis. First, enterprises need to understand which services are needed. Remote workers will need systems to replace the face-to-face interaction in an office. Unified communications (UC) encompasses a combination of interpersonal communications functions, like voice calls, voicemail, video conferencing, screen sharing and IM, for teams and individuals.
Remote workers will also need access to business applications and document storage repositories. Companies that have embraced cloud services may be in a better situation than companies that have yet to make the move to cloud.
It can be a challenge for IT teams to understand the requirements in a new, massive deployment tailored for a remote workforce. They will have to make estimates based on UC usage estimates, employee counts and the network demands of normal business functions. Further, they'll need UC licenses for workers, estimates of bandwidth required per worker and the peak bandwidth of all workers.
Even a rudimentary understanding of the current network traffic volume can provide a basis for the estimates. An easy way to estimate is to determine the volume in each of several traffic classes:
- voice calls;
- real-time interactive video, such as video conferencing;
- streaming video -- for example, watching training videos;
- interactive business applications;
- bulk data applications, such as email and file transfers; and
- unnecessary traffic, such as streaming music and other entertainment.
Some of the traffic estimates won't have much basis, and teams will have to guess and revise after they get more experience.
Network stress points
Once teams have network traffic estimates, they can begin looking at how a remote workforce could stress the network. Below are 12 factors IT teams should monitor for potential network stress.
1. Traffic routing
Supporting a larger number of remote workers will drastically change the network traffic flows. Teams may need to implement routing changes to optimize network performance. They may also need to monitor network traffic paths to ensure traffic traverses the appropriate network security systems.
A lesser-known problem is DNS resolution, which directs a remote worker to a distant service instead of a local service.
2. Internet access
Remote workers will be connecting into the organization via the internet, creating additional stress on internet access links and network equipment, like routers, switches, firewalls and VPN concentrators. Ideally, teams should configure internet-facing routers to provide active-active service, in which each router carries ingress and egress traffic. Don't forget to check the capacity of internet-facing firewalls. Network monitoring systems should be configured to keep a close watch on these critical systems for potential overload conditions.
3. VPN concentrator capacity
The number of remote VPNs will significantly increase, putting more stress on the VPN concentrators at the edge of the corporate network. It may not be feasible to acquire and install physical VPN concentrators. Instead, consider using virtual appliances that can be quickly installed on available x86 hardware platforms. Cloud-based infrastructures are ideal for this type of operation.
4. Inadequate network authentication infrastructure
Many more workers will be accessing the network remotely, and the authentication infrastructure may not be able to handle the increased load. One organization, NetCraftsmen, is working with uses multifactor authentication provided by physical devices that generate one-time passcodes. The company needs to procure many more devices and licenses. A software token generator or text/phone call for the passcode could be a quick option.
5. Video and voice conferencing limitations
During the traffic estimation process for voice and video, try to estimate the number of conference calls, and compare that with the organization's limitations for multipoint control units. Teams may need to investigate alternatives, such as migrating conferencing traffic to a cloud provider in order to reduce corporate internet link requirements. Many vendors have announced free licenses for a few months in response to the coronavirus.
6. Virtual desktop infrastructure
Office workers who primarily use desktop computers may be best supported by virtual desktop infrastructure (VDI). This mechanism transmits an encoded form of the desktop's graphics, so it may not perform well for rapidly changing displays, like high-motion video or computer-aided design and computer-aided manufacturing systems. Don't forget to include the bandwidth requirements of VDI in network bandwidth estimates.
7. Quality of service
Two factors influence quality of service (QoS). First, remote workers will typically connect via the public internet, which does not support QoS. Without prioritization, voice and video may experience packet loss or high latency that garbles voice and pixelates video.
Second, changes in network utilization due to a remote workforce are likely to require updates to existing QoS bandwidth allocations.
8. Phone systems
Corporate telephone call infrastructure may not be able to handle all the calls that need to be forwarded. Even calls between workers may be forwarded if the calling is to corporate phone numbers that forward to mobile devices. A softphone on a remote worker's computer prevents the overload because it becomes an internal transfer instead of forwarding outside the organization.
Remote phones may be subject to high latency or high packet loss over longer paths. Testing tools, like PathSolutions, AppNeta or NetBeez, can help diagnose network problems that affect voice and video.
9. Remote workers' local networks
The network quality at a remote worker's location makes a big difference in overall performance. First, consumer Wi-Fi routers and switches are likely not up to corporate standards. It is common to find Wi-Fi routers that are many years old, using old 802.11b connectivity at speeds down to 1 Mbps.
Poor wireless coverage or interference in a home network can be a major factor. Interference can come from nearby Wi-Fi routers, like in an apartment building or condominium, or it can come from other devices, like microwave ovens and baby monitors, that operate in the 2.4 GHz bands. Bandwidth competition can also come from other family members, particularly if any of those members enjoy video streaming applications.
Finally, older Wi-Fi devices may suffer from bufferbloat, a condition in which large internal packet buffers confuse network congestion avoidance protocols, resulting in significant packet loss and delays.
10. Bandwidth limits at ISP interconnections
Something teams may not consider is the bandwidth of internet service provider (ISP) interconnections. Remote workers may use a residential ISP that has limited bandwidth connectivity to business ISPs. NetCraftsmen consultants discovered this problem when the 2003 SARS virus struck, causing a surge of remote workers and reported problems. With the coronavirus, we saw reports of problems with remote worker connectivity due to internet exchange congestion.
11. Support staff
Some companies may not have enough support staff to get remote workers set up properly with the right systems, credentials and security. Organizations will need to rely on trusted consultants to help make the right choices and enact the right designs.
12. Network security
Organizations that don't use secure remote worker technology will be at risk of malware. It is tempting to do whatever is needed to get workers online, but NetCraftsmen recommends keeping network security tight because bad actors will try to take advantage of security holes. Teams will want to continue to have intrusion detection and intrusion protection systems in place to protect against malware and cyberattacks.
A commonly requested feature is split tunneling, a feature of most VPN clients that enables direct internet access, while a VPN is used to connect to the organization's network. This opens a cyberattack vector, however. Federal regulations -- e.g., NIST 800-53 -- prohibit split tunneling as part of the boundary protection controls. NetCraftsmen recommends not using split tunneling.
Some software-defined WAN (SD-WAN) products incorporate integrated firewalls that can provide restricted access to specific SaaS sites. SD-WAN products may provide value because they can be centrally administered, reducing the network security effort.
Start planning now
Supporting a large remote workforce includes many factors that frequently interact with one another. Getting everything to work well together involves detailed planning and making the right decisions when tradeoffs must be made. Vendors, network testing companies and trusted consultants can help create options that work for your organization.