The events over the last several weeks have resulted in an unprecedented increase in the number of employees working from home. Since March 11, 2020 VPN usage in the US has jumped over 65% and even more globally! The challenges for the IT team are many, so we’ve put together this post, based upon best practices and experience gleaned from our own implementation of our business continuity plan and conversations with our many customers.
ISP Bandwidth Monitoring
Internet bandwidth is key – Organizations must monitor bandwidth utilization and availability on all ISP connections. Your traffic patterns will have changed with more employees working remotely. The ability to monitor real time bandwidth on the Internet link can help you troubleshoot issues as they occur. It is important not only to monitor bandwidth but to know what your contracted limits are. If you find you are over-subscribing your ISP link, check in with your account rep. Many providers are offering immediate short-term bandwidth increases without contract renewals or extensions.
Monitoring Availability and Capacity of Your VPN Concentrators/Appliances
Key performance metrics include:
- CPU utilization with applied thresholds
- Memory utilization with applied thresholds
- Bandwidth - know the throughput capacity of each VPN appliance
- Number of active users - does your core appliance have a license limit? What is it?
Log Files - be sure you are capturing log information. They can tell you:
- Who logged in, when and for how long
- What IP address was assigned to that user and when
- Errors they may be experiencing
- Failed login attempts - legitimate users and bad actors
- Hardware issues - failed components like fans and power supplies.
- Implement automated tests to determine if VPN connections can be fully established and are passing traffic nominally.
- NetFlow can also be very useful at this time since traffic and usage patterns have changed. Netflow will provide greater insight into what remote employees are accessing and types of traffic that result.
Authentication servers, application servers, domain controllers, DNS servers and any other core business servers should all be monitored for availability, performance and uptime. Don’t forget the applications running on those servers too.
- Power - be sure all your core VPN and networking gear is on UPS, backed up by generators. Then monitor the UPS and generators to know the status of utility power, batteries, and any faults on the generator. All of the bandwidth in the world is no good if you don’t have power.
- Temperature - Since no one is potentially onsite to check, be sure you are monitoring temperature of rooms/equipment. If HVAC fails and you don’t know about it, you could experience hardware shutdown due to an over-temperature condition.
You don’t have to do this all by yourself. iGLASS Networks provides remote monitoring of VPNs, firewalls, network routers and switches, servers, applications, environmentals and much more. We’re available 24x7 to help keep watch over your network and keep you online.