The VPN traffic jam

The VPN traffic jam
(Image credit: Pixabay)

As lockdown restrictions across the world are only lightly beginning to lift, huge numbers of the global workforce will remain working remotely for much of the year – and beyond. For those used to commuting and now find themselves working from home, the lack of a daily commute may have initially given the impression of having more time. In reality, they have simply traded waiting in one traffic jam for another.

About the author

Kurt Glazemakers, SVP Engineering, AppGate.

Instead of idling in car traffic and listening to the radio, employees are now feeling frustrated by having to wait in line to connect to their company network. Research from Zen Internet found that poor connectivity can cost employees up to 72 minutes a day, 14 minutes more than the average UK commute takes. To make matters worse, employees are also having to waste time connecting and disconnecting in a vain attempt to avoid overloading the system. The culprit for these problems? Virtual Private Networks (VPN).

Selecting a VPN may make sense for many businesses on the surface given its perceived ability to add security, but the trade-offs in lost time and productivity can be huge. For employees working from home, the pace of business needs to continue and productivity must remain high. The last thing an employee or business needs during this time is the additional stress of being unable to access their network. The shift to working from home which was seen as a boom for VPNs, has actually turned out to be a bust as businesses realize its inherent limitations.

Business life in the slow lane

For decades, firms have been using business VPNs to allow their employees to connect to internal systems. However, they are not without their problems and were never intended to handle the sheer volume of traffic that comes from mass remote working and today’s bandwidth-hungry applications.

The problem with traffic comes from the majority of VPNs needing users to connect and authenticate directly to a shared VPN access point. However, when faced with a high number of users, it is extremely hard for new connections to be established, resulting in users waiting in a ‘traffic jam’ as others also try to connect. If the VPN is then overwhelmed as a result of too many people trying to connect at the same time, they can seize up and crash – just as if it were reacting to a Distributed Denial of Service (DDoS) attack. As more people than ever are trying to connect via their VPNs while working remotely, this temperamental connectivity is exactly what is being experienced.

Compounding the problem, even more, is the news that VPNs typically require the connection to be stable, something which is largely impossible for many right now. Without a stable connection, the transmission control protocol (TCP) session is lost and subsequently, the connection between the user and the VPN is cut off. Users must then carry out the laborious process again to reconnect and reauthenticate. The likelihood of a stable connection while working from home is being put under further strain as family members all connect at once to data-hungry program such as virtual classrooms and video calls.

Lastly, as a result of the recent mass remote working initiatives, VPNs are suffering from a brutally slow connection. Due to the centralized architecture and limits on the number of appliances that can be grouped together, many VPN systems have internal scaling limitations. So, even if a remote worker can make and successfully maintain a connection through their VPN, when there is a substantial increase in usage (as is the case in the current climate), that connection is most likely to be incredibly slow.

Finding an alternative route

For businesses to truly combat the current connectivity challenges presented by large numbers of employees working from home and enabling workers to effectively connect to their organisations network at scale, an alternative approach is required. One that avoids VPNs altogether.

Designed to micro-segment network and application access, a Software-Defined Perimeter (SDP) dynamically creates secure one-to-one connections to multiple locations simultaneously between the user and the resources they have authorization to access. This completely eliminates the possibility of having to wait in a connection traffic jam. 

SDPs also separate the control channel from the data channel, reducing load and further preventing the congestion of users trying to access the network simultaneously as is the case with VPNs. In addition, as SDPs are designed to be massively decentralized, they can dynamically scale directly to handle huge numbers of concurrent users.

Finally, SDP’s can be quickly and easily set up whilst seamlessly integrating with existing routers and switches. By working across both traditional internal networks, as well as remote, SDPs can ultimately help businesses operate more efficiently and securely while working from home and when they return to the office too.

Congestion free business operations

In the rush to get entire workforces connected remotely in response to COVID-19, many organisations turned to VPNs as the default means of ensuring connectivity. But with hundreds, if not thousands, of people trying to simultaneously connect to their network via VPNs, the inherent functionality flaws of the outdated technology are being revealed. Simply put, VPNs are failing.

However, by moving to a SDP solution, organisations can quickly and easily overcome many of these challenges. Working remotely is a new, and for many businesses, challenging adjustment but it is not one that needs to be ineffective, inefficient or impossible. With the correct tools in place to suitably support connectivity at scale, businesses can feel reassured that they can successfully maintain their pace of continuity and ensure employee productivity.

Kurt Glazemakers

Kurt Glazemakers is the SVP Engineering at AppGate. Kurt is responsible for defining the strategy, development and roadmap of the next generation of AppGate's flagship Software-Defined Perimeter solution. Glazemakers was the independent technical expert within the Medina Capital investment team that exercised due diligence prior to the acquisition of Cryptzone in April 2014. Glazemakers is renowned for his extensive knowledge of software development, especially in the Software-Defined network and storage area. Prior to joining AppGate, he served as CTO of CloudFounders, a developer of advanced private cloud technologies for IT as a service (ITaaS) solutions.

He also served as Terremark’s CTO Europe (now part of Verizon), where he was responsible for the development of Enterprise Cloud. Throughout his career, Glazemakers has focused on the development of innovative solutions that increase the availability, security and scalability of mission-critical infrastructures.