Feb 09 2021
Security

How to Ensure a College’s VPN Can Handle the Remote Workload

Ensure that faculty, staff and students have a steady connection with these easy tips.
Karen Scarfone
by

Karen Scarfone is the principal consultant for Scarfone Cybersecurity. She provides cybersecurity publication consulting services to organizations and was formerly a senior computer scientist for the National Institute of Standards and Technology (NIST).

Remote learning and telework were already gaining popularity even before COVID-19 forced higher education campuses to close. Now, they have become the only way that many faculty, staff and students can continue teaching, working and learning.

Under normal circumstances, when a comparatively small group of users works from home on a given day, a school’s VPN performance is probably fine. But when a university’s entire faculty, staff and student population simultaneously works remotely, VPNs may struggle to handle the load and may not be capable of supporting processing and network use for so many people at once. This can cause significant slowdowns and can even prevent some users from connecting to the VPN.

A solid connection is vital to a school’s remote stakeholders, who are using equipment from a variety of sources (including college-issued and personal laptops and mobile devices) to access their institution’s computing resources, such as email, calendars and other applications, along with files, databases and more.

VPNs, the traditional security solutions for remote access, are a critical tool. Try these best practices to ensure that your VPN can adequately support your institution’s students, faculty and staff during times of peak demand.

MORE ON EDTECH: Here's 5 VPN myths your end users need to know.

higher ed insider higher ed insider

Ways to Boost VPN Infrastructure

The obvious way to handle greater VPN use is to increase the capacity of the VPN infrastructure itself. There are several ways to do this (and some can be done simultaneously).

  • Increase network bandwidth for the VPN servers. This usually means ensuring that the path between the internet and each server has enough bandwidth. In some cases, there may also be a need to increase the bandwidth between the VPN servers and the school resources being accessed through the VPN.
  • Deploy additional VPN servers. This not only adds sheer capacity but can also improve VPN availability, especially if the servers are deployed to multiple locations. By implementing load balancing, an institution will create a more flexible and resilient VPN infrastructure that can send users to the server best able to meet their needs at the time.
  • Be proactive with VPN server ­management and security. Make sure to maintain the servers well; for example, keep them fully patched. This reduces the risk of compromise and removes flaws in the VPN software that could impair server performance.

Another proactive step is to use distributed denial of service protection measures so that VPN servers and the networks they use can’t be overwhelmed by attackers.

MORE ON EDTECH: Learn how to secure your VPN, no matter what.

Improve VPN Performance by Separating Traffic Flows

Some network distancing can also ease the flow of traffic. For decades, VPN best practice has been to avoid split tunneling — dividing a user’s network traffic so the portion relying on the college’s resources goes through the user’s VPN connection while the rest of the user’s traffic bypasses the VPN.

Split tunneling was considered too risky because an attacker could abuse it to pass traffic across networks through the less secure device. Most network traffic today, however, is encrypted — and many devices often use two networks at once (Wi-Fi and a cellular network, for example) — so this risk has been re-evaluated, and more colleges are enabling split tunneling.

This can significantly improve performance for users and greatly decrease the volume of network traffic passing through the VPN. For example, with split tunneling, users’ laptops can download large operating system updates directly from vendors instead of passing all those updates through the college’s VPN infrastructure.

Processes That Help Maximize VPN Use

Sometimes, relatively simple changes to how people work and the processes they follow can make a big difference in a VPN’s performance. One example is staggering work hours when possible so that not all staff members are trying to access the VPN at the same time each day.

Another idea is to have remote faculty and staff do certain tasks locally rather than over the college’s internal networks, as they would if they were on campus. Instead of remotely editing a large document over the VPN, a user could download it, edit it locally, then upload it once it’s complete. That should take fewer VPN resources than using the VPN all day while editing the file.

Of course, VPN architects and administrators don’t have the authority to implement changes in how faculty and staff do their work. But they are uniquely qualified to monitor the VPN’s use and look for patterns that indicate bottlenecks, excessive resource consumption and other potential problems. By analyzing those patterns, VPN experts can provide insights to their leadership about what the problems are and how they might be resolved. 

Michael Austin/Theispot

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now