Ways to Boost VPN Infrastructure
The obvious way to handle greater VPN use is to increase the capacity of the VPN infrastructure itself. There are several ways to do this (and some can be done simultaneously).
- Increase network bandwidth for the VPN servers. This usually means ensuring that the path between the internet and each server has enough bandwidth. In some cases, there may also be a need to increase the bandwidth between the VPN servers and the school resources being accessed through the VPN.
- Deploy additional VPN servers. This not only adds sheer capacity but can also improve VPN availability, especially if the servers are deployed to multiple locations. By implementing load balancing, an institution will create a more flexible and resilient VPN infrastructure that can send users to the server best able to meet their needs at the time.
- Be proactive with VPN server management and security. Make sure to maintain the servers well; for example, keep them fully patched. This reduces the risk of compromise and removes flaws in the VPN software that could impair server performance.
Another proactive step is to use distributed denial of service protection measures so that VPN servers and the networks they use can’t be overwhelmed by attackers.
Improve VPN Performance by Separating Traffic Flows
Some network distancing can also ease the flow of traffic. For decades, VPN best practice has been to avoid split tunneling — dividing a user’s network traffic so the portion relying on the college’s resources goes through the user’s VPN connection while the rest of the user’s traffic bypasses the VPN.
Split tunneling was considered too risky because an attacker could abuse it to pass traffic across networks through the less secure device. Most network traffic today, however, is encrypted — and many devices often use two networks at once (Wi-Fi and a cellular network, for example) — so this risk has been re-evaluated, and more colleges are enabling split tunneling.
This can significantly improve performance for users and greatly decrease the volume of network traffic passing through the VPN. For example, with split tunneling, users’ laptops can download large operating system updates directly from vendors instead of passing all those updates through the college’s VPN infrastructure.
Processes That Help Maximize VPN Use
Sometimes, relatively simple changes to how people work and the processes they follow can make a big difference in a VPN’s performance. One example is staggering work hours when possible so that not all staff members are trying to access the VPN at the same time each day.
Another idea is to have remote faculty and staff do certain tasks locally rather than over the college’s internal networks, as they would if they were on campus. Instead of remotely editing a large document over the VPN, a user could download it, edit it locally, then upload it once it’s complete. That should take fewer VPN resources than using the VPN all day while editing the file.
Of course, VPN architects and administrators don’t have the authority to implement changes in how faculty and staff do their work. But they are uniquely qualified to monitor the VPN’s use and look for patterns that indicate bottlenecks, excessive resource consumption and other potential problems. By analyzing those patterns, VPN experts can provide insights to their leadership about what the problems are and how they might be resolved.