The impact of the novel coronavirus on remote networking

As the new coronavirus spreads widely, many companies require their employees to stay at home and work remotely. Remote network technology has therefore been under greater pressure, and some bandwidth and security issues have also followed.

Over the past few decades, the number of people working remotely has increased by an estimated 4 million as businesses have prospered, and amid the current pandemic, demand for remote work is expected to reach a new peak.

[[320106]]

A study by Atlas, a virtual private network (VPN) provider, shows that between March 9 and March 15 this year, VPN usage in the United States increased by 53%, and will continue to increase. In Italy, where the outbreak started two weeks earlier than in the United States, VPN usage increased by 112% in the past week. Rachel Welch, CEO of Atlas VPN, said in a statement that VPN usage in the United States is expected to increase by 150% by the end of March.

Some companies are trying to evaluate the feasibility of remote work through a one-day test. According to the Chicago Tribune, JPMorgan Chase, Morningstar, and a data analysis startup Arity have tested the stability of the entire office system by having employees work from home for one day.

On the government side, the National Oceanic and Atmospheric Administration and NASA have conducted or plan to conduct network stress tests to assess whether there is enough network capacity to allow thousands of staff to work remotely and the possible impact of remote work. Looking at the entire United States, the number of employees working in US government departments is about 2 million.

In order to avoid congestion on cellular data networks, the Federal Communications Commission has approved T-Mobile to temporarily access the 600MHz spectrum band allocated to other operators. T-Mobile said it "will use this spectrum band to make it easier for Americans to enjoy telemedicine, participate in remote work and learning, and stay connected while maintaining 'physical distance'."

However, some industry insiders pointed out that in some scenarios that have a strong reliance on cellular networks, the "last mile" network access will become very congested.

Alex Cruz Farmer, product manager at network intelligence company ThousandEyes, whose main product is software for LAN and WAN performance analysis, said that the network bottleneck is in some remote rural areas, because the network infrastructure in those areas is relatively weak and they mainly access the Internet through microwave or cellular networks. The biggest challenge is that the bandwidth provided by existing solutions is far from enough.

Alex Cruz Farmer also added that although the duration is not long, there are indeed some failures caused by operator problems or increased network load.

AT&T said it has noticed changes in cellular network usage, but has not made any improvements to network capacity.

AT&T said in a statement that in cities where the coronavirus is most severe, as more people stay at home to work remotely, reducing commuting and crowd gatherings, the peak usage of cellular networks in many specific locations and at specific times has been significantly reduced. They also use some tools to count and monitor network bandwidth. Through these tools, they can more intuitively understand the trend of network usage, and obtain reports on network performance and network capacity, thereby managing the entire communication network.

Verison said that since the outbreak of the new coronavirus, despite the surge in the number of users working from home, the amount of data used has not increased significantly. In a statement, they said: "Verison's network is designed and built to meet future needs, and we are fully prepared for any increase in demand or changes in usage. Although this is an unprecedented social event and the entire situation is constantly changing, we can adjust network resources at any time as we continue to understand the changes in actual demand."

Verison has been monitoring network usage in the most affected areas and has pledged to work with hospitals, medical staff, and government agencies to prioritize the use of network resources to meet their needs. Verison also announced plans to increase spending by $500 million on top of its $17 billion to $18 billion in 2020 to achieve the goal of "accelerating Verison's transition to 5G and helping to support the economy during difficult times."

Security issues of enterprise virtual private network

For enterprises, it is not easy to solve the network and security issues between data centers and remote users, especially when using virtual private networks for remote access, access from the user's home network is almost impossible for the enterprise to control. Tom Nolle, president of CIMI, believes that it is necessary for IT departments to verify whether these connections meet the company's standards (for more of Tom Nolle's views on working from home, you can read here).

Tom Nolle believes that common home network elements such as ISP, DNS and Wi-Fi should be part of the business certification for a remote office network. He found that Google's DNS service can withstand more pressure than the service provided by the ISP, and OpenDNS is also a good choice, which means that users can consider using one of them.

Tom Nolle also said that the security of home Wi-Fi networks is also an issue, and IT departments should require remote workers to submit screenshots of their Wi-Fi configurations to ensure that the correct encryption is used. He believes that many remote workers will bypass some of the security measures set by the company.

Andrew Wertkin, chief strategy officer at DNS software company BlueCat, said that it is necessary to provide appropriate guidance to some employees who have just started working remotely from home. Most employees have never tried working remotely from home, and they may not understand the importance of security. If employees use personal devices instead of company devices to access the company network, problems are more likely to occur.

The surge in the number of people working remotely using virtual private networks will also bring cost challenges to companies.

"Virtual private network equipment is not cheap. If you consider the cost of computing resources and the per capita cost, migrating to a virtual environment in the cloud will bring a considerable expense, not to mention the increase in the price of each virtual private network license," Alex Cruz Farmer admitted.

In terms of capacity, as remote access increases, the DHCP service used to allocate IP addresses will also be under tremendous pressure. Andrew Wertkin pointed out that if the device connecting remotely cannot obtain a network address, it does not matter whether there are enough virtual private network licenses. Enterprises must test these risks internally, understand where the bottlenecks are, and develop strategies to avoid these risks.

Following this line of thought, enterprises even need to verify the number of SSL sockets that can be used for public use in the data center, otherwise they will face the risk of insufficient number.

Paul Collinge, senior program manager of Microsoft's Office 365 product team, expressed similar concerns. In a blog about optimizing remote office traffic for Office 365 employees, he wrote that when a large number of employees access the corporate network at the same time, it will put tremendous pressure on network elements such as virtual private network concentrators, central network egress devices (such as proxies, DLP), central Internet bandwidth, backhaul MPLS and NAT. The ultimate result is poor performance, low productivity, and poor user experience for employees.

Alex Cruz Farmer suggested that enterprises may need to increase the number of VPN concentrators on the network, so that remote users can be distributed on multiple different VPN endpoints to avoid congestion. The next best option is to open certain ports on the firewall to allow public access to specific applications, which can help improve work efficiency but reduce overall security.

Does VPN Split Tunneling work?

Industry insiders have different views on tunneling split.

Andrew Wertkin of BlueCat believes that VPNs can use tunnel splitting technology so that only traffic that needs to access the corporate internal network is accessed through the VPN tunnel, and the rest of the traffic goes directly to the Internet. This means that some traffic will not be subject to the security control of the tunnel and the corporate network, and the user's computer will be exposed to the Internet, which will lead to security risks for the company's data and network.

Despite this, Microsoft last week recommended that IT administrators use split tunneling to ease congestion in Office 365 caused by the influx of remote users. Microsoft provided a list of URLs and IP addresses of relevant access points in the recommendation and guided IT staff on how to route traffic to Office 365 in this way.

According to Paul Collinge, VPN clients need to be configured to route traffic to identified URLs/IPs/ports, thereby providing high-performance services to users around the world.

Alex Cruz Farmer believes that with the increase in the use of virtual private networks, it is necessary for enterprises to conduct a comprehensive review of network security. For enterprises that are still using traditional network security architecture, they should start to consider cloud-based network security solutions, which can not only improve the performance of remote work, but also reduce the use of wide area networks by enterprises.

Other related situations:

• The FCC called on broadband providers to relax data transmission restrictions, telephone operators to waive long-distance charges for users, distance education providers to cooperate to provide distance learning opportunities for the society, and network operators to give priority to the network connection needs of hospitals or medical institutions. AT&T has already responded and taken relevant actions.
• U.S. Senator Mark R. Warner (D-VA) and 17 other senators wrote to the CEOs of eight major ISPs, including AT&T, CenturyLink, Charter Communications, Comcast, Cox Communications, Sprint, T-Mobile, and Verizon, calling on these companies to take measures to cope with the pressure brought by the surge in demand for remote work, online education, telemedicine, remote support services, etc. In the letter, these senators called on the companies to reduce restrictions and fees that may affect remote services, and also to provide free or paid broadband services to students affected by the epidemic, otherwise students would not be able to access the Internet for online learning during the epidemic.
• Vendors such as Cisco, Microsoft, Google, LogMeIn, Spectrum, and others have provided free tools to help users communicate securely during the outbreak.