Dealing with remote network connectivity during COVID-19

By - April 21, 2020

COVID-19 (coronavirus) is forcing more employees to work remotely.  While many companies have remote access capabilities, they were never designed to support the entire workforce all at the same time.  For other companies, providing remote access capabilities is a new concept, and they don’t have the luxury of time to architect, acquire, and deploy remote access technologies. RSM has been assisting clients who are facing these issues on a daily basis, and we would like to share some ideas with companies still struggling with remote access capabilities.

While we take this time to focus on connectivity, now is not the time to exclude proper security controls from your remote access deployments. Cybercriminals are using the pandemic as an opportunity to exploit organizations. As employees are moved outside the boundaries of the traditional office network security controls, the cybercriminal’s mission is easier.  Here are a few ideas to keep your mobile workforce safe.

Enabling VPN Access

Just because an organization is not using VPN (virtual private network) technologies today, that doesn’t mean the capability doesn’t exist within their current platforms. Most firewall devices include this feature in some capacity, and configuring this feature can take less than a couple of hours. Once VPN is configured on your firewall, employees can connect using their web browser or a VPN software client that can be loaded onto their workstation.

While providing the remote connection can be relatively simple, understanding which systems and applications will be accessed across the VPN is another matter. Before turning on VPN capabilities, an organization should determine which assets they will allow to connect to their network, which applications they will use, and what risks are associated with these new exposures.

Increasing VPN Capacity

Organizations are running into performance problems with current VPN deployments that were never intended to handle everyone working remotely at once. These are the most common bottlenecks organizations have been experiencing with current VPN deployments:

  1. User licenses: Organizations are exceeding their license counts on certain devices preventing users from getting connected.
  2. Bandwidth: As more users connect to the VPN, bandwidth constraints make it slow for everyone connected and often result in application timeouts or errors.
  3. Platform capacity: The sheer volume of VPN traffic is exceeding the physical capabilities of the VPN hardware.

Here are some ways you can address these common capacity constraints:

User licenses

  • Request a license upgrade through your partner or purchasing channel. Some manufacturers are offering free licenses during the pandemic. We have seen very quick turnaround times, since these licenses are electronic and can be downloaded upon request or are sent via e-mail once purchased.

Bandwidth

  • Upgrade your bandwidth by contacting your local carrier, who can provide many services remotely. Be sure to pay attention to your upload speeds, as you may have an asymmetrical service where your upload speeds are a fraction of your download speeds.  The upload speed to your remote workforce is now the total of what they can download. We have seen many carriers offering free upgrades in response to the pandemic, but don’t assume they are turning them on automatically – call them to confirm your options.
  • If a bandwidth upgrade isn’t a good option, take an inventory of all available Internet services you may have deployed for backups to a primary connection method. Many organizations have backup Internet lines and firewall equipment at remote branches that could have VPN features enabled in short notice. As branches close, that bandwidth could be sitting nearly idle and could provide another point of connection to your network.
  • When bandwidth and firewall resources are simply not available, you may consider deploying a cloud-based firewall within AWS or Azure. Most firewall devices are available in a virtual instance from either of these cloud providers and can be deployed relatively quickly. Once deployed, build a site-to-site VPN between your physical device and the virtual device within the cloud. Utilize the cloud provider’s bandwidth to offload your user’s Internet traffic, thereby freeing up your local resources to handle traffic destined for that site over the site-to-site VPN.

Desperate Measures

The pandemic has uncovered some major dependencies on remote access to local facilities that even the best cloud computing strategies failed to accommodate. Remote access VPNs work great on workstations, laptops, and mobile devices, but lack the ability to easily connect phones, printers, scanners, and other peripheral devices organizations rely on for payroll or document imaging. At a time when buildings are closing and people are being told to shelter in place, some employees are still required to go to the office to run their payroll checks. Sending these peripherals home with employees isn’t an easy option for many organizations, as they aren’t natively compatible with remote access VPNs.

Organizations facing this challenge or other challenges that require native enterprise access at an employee’s home may have some options that, while certainly not traditional, could be used in a pinch, including:

  • Site-to-site VPN: Purchasing a small router or firewall for an employee’s residence can allow peripheral devices to be connected to the corporate network from the residence. Some devices will even provide Power over Ethernet (PoE) to power the device, such as a phone. These devices can range in price, but availability will be diminished given the demand for these product types. If you can get your hands on these devices, they are probably your best option. If not, see our next point.
  • Wireless access points: If you have access points that integrate with an on-premise wireless controller, they could be used to provide wireless access to a remote site with the traffic tunneled over a CAPWAP tunnel. Peripherals that are configured to connect to the wireless network would have access to the corporate network wherever that access point is deployed. One key component necessary for this unconventional connection is a PoE injector or power brick, as chances are your access points are powered by a PoE switch.  As of this writing, PoE injectors are still in stock across several resellers.

Ultimately, there are many ways to keep your employees connected during these unprecedented times.  Work with your IT personnel and departments to define what people need to access.  You won’t know everything and additional requirements will surface as more people work remotely over longer periods of time. Understand the risks associated with remote access and identify ways to reduce those risks.  Explore non-traditional ways to utilize your existing resources, as you may not have the resources available to complete major overhauls to your remote access capabilities.

To learn more about how RSM can support your networking needs, please visit our website, call 800-274-3978, or email us. To learn more about the many ways RSM can help during the COVID-19 pandemic, please visit our Coronavirus Resource Center.

Scott leads the national network and unified communication solutions team, which encompasses network cyber-defense technologies, transport systems and unified communication platforms. Prior to joining RSM in 2003, Scott worked for a software company as a senior network engineer where he was responsible for the design and implementation of data and voice networks to support financial transactions in excess of over $1 million every minute and up to 800,000 online traders. Scott also has an extensive background in network design and architecture. He has designed infrastructures to support both front and back-office financial transactions with a variety of firms. Scott has great discipline in the field of network documentation and operational procedures. He has created web-based systems to capture network-based move, add and change requests, and a live documentation management system. He also has detailed experience for the implementation of network monitoring and management tools from a variety of vendors. In order to accommodate government regulation of financial-based networks, Scott has designed networks for five nines of availability. During his employment with a software company, the core network designed by Scott was able to switch all 800,000 users and over a dozen back-end connections to a remote recovery facility in less than three minutes. Switching services to the remote facility was performed once per month to ensure clients of the business continuance plan.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Receive Posts by Email

Subscribe and receive notifications of new posts by email.