How to Approach Network Capacity Constraints
There are two issues that need to be considered, says Joel Snyder, a senior partner at Opus One, a Tucson, Ariz.-based IT security consulting firm (and a FedTech contributor). One is capacity to agency data centers, which is what IT administrators likely have running on a VPN. If agencies still have data center-based applications, for example, then they need to backhaul application traffic to the data center, Snyder notes. The second key issue is ensuring that agencies have enough network capacity to handle apps such as videoconferencing.
Most organizations are not running videoconferencing over VPNs, unless they are an office with a very small conferencing system that is used infrequently. “Most enterprises are using cloud-based conferencing solutions, and those that don’t are not using VPNs in any case,” Snyder says.
If agencies are employing a lot of collaboration and videoconferencing right now, they need to be focused on both sides of the coin, says Snyder, “which means giving end users the tools they need to understand their performance and then upgrading if needed at the home side. On the data center side, it’s more of a simpler capacity planning exercise.”
Ensuring Network Capacity and VPNs Are Configured Properly
Network capacity for any agency should be far in excess of internet/WAN connectivity, according to Snyder, “so an upgrade just means calling the internet service provider and having them bump up the speed.”
However, IT leaders need to be careful, since certain speed bumps, such as those of more than 1 gigabit per second, are likely going to incur charges for the agency. If agencies do increase their bandwidth, then they should ensure that they do not have any old 100-megabit-per-second switches at the edge. A capacity bump, however, is the easy part, Snyder says, and agencies need to bear in mind how security appliances impact network traffic.
“You also need to take a look at all the middleboxes, such as firewalls and IPS devices, that may be sitting between end users and the resources in the data center,” Snyder says. “Check specifications with the vendor to be sure your firewall can handle it. If you are on the edge, then look at changing your security policy — such as reducing some types of UTM, such as virus scanning for inbound ‘trusted’ traffic — to gain greater capacity while you wait for a firewall upgrade.”
Agencies may also run into VPN capacity issues, “most often in the form of licenses but also in device capacity,” Snyder says. Such issues “will hit you hard and suddenly, so do a mini-audit to be sure you have licenses and device capacity for your expected increase in use.”