Tips for scaling up VPNs to meet the remote working surge

By Teresa Dietrich

The current Covid-19 pandemic is heralding a seismic shift in the way businesses work. Many companies have been required to switch to wholly remote working practices. This transformation requires a huge change in tools, infrastructure and process, with many businesses facing this challenge for the first time at scale.  

When it comes to working remotely, most people imagine they will need a computer and an internet connection. For an individual employee, that’s enough, but for a company, it also requires a solid virtual private network, or VPN for short. It is arguably the most essential piece of infrastructure. 

So, what’s a VPN? Typically, when employees work remotely, data transferred in and out travels over the same public networks as data from consumer applications such as gaming, e-commerce, streaming services and other use cases.

A VPN is designed to mitigate against the risk of an insecure network that could threaten business continuity or intellectual property issues. It creates what is termed a “tunnel”, or an encrypted link between a device and your work network, enabling your data to move in a secure capacity as if employees were working in the office. As companies move from having a few occasional remote workers to hundreds or thousands, it is vital that organisations get a solid grip on building and scaling a VPN solution effectively. 

At Stack Overflow, we’ve been operating with roughly a 33% remote workforce for a number of years now and went fully remote in early March. From our experience, here’s some top tips on setting up a VPN for scale.

VPN tips: Splitting tunnels and endpoints

Setting up your first VPN, or scaling an existing one, requires consideration of how to manage both work and non-work data flows in light of available bandwidth. Often data from a user appears to be arriving from a specific, pre-set IP address when using a VPN, which is why consumers often use VPNs to avoid geographic restrictions on internet traffic. Having one big stream of data coming through an organisation’s data centres can prove taxing for their internet connectivity and VPN servers, leading to significant latency if left unchecked.

One way to avoid this is to operate a “split-tunnel” VPN approach. Setting up your system in this way allows sensitive, work-related data to be sent through the secure VPN tunnel to your work network, while the latest episode of Narcos on Netflix travels over your ordinary internet connection. Companies with hundreds of employees can use this technique to avoid overwhelming amounts of non-work related traffic entering data centres and overloading bandwidth.

Another way to reduce the load on your VPN servers, particularly if you have offices spread across the world, is to consider your endpoint strategy. Small regional offices or employees based in co-working spaces might not have access to high bandwidth connections, instead relying on internet connections with low throughput and multiple employees.

Deploying a VPN strategy that routes data through to a data centre endpoint allows you to maximise the potential of your network. Built with high bandwidth connections by default, data centres allow you to maximise throughput and reduce the chance of VPN connection drop off. Many data centres also have redundancy built into their systems – power, cooling and backup – which safeguard against potential outages. 

VPN tips: Open source systems and scaling capacity

Using an open-source VPN system for your network can be one of the most effective ways to scale up your VPN. Most open-source projects tend to have deep histories of developers actively contributing to the development of the platform, which increases the likelihood of the system being robust and stable.

Stack Overflow has used many VPN providers over the years, but more recently switched to OpenVPN. We found this improved performance and allowed for much easier scaling to meet demand. It’s also a good fit for companies with enterprise-level customers, as it allows for SOC2 compliance and two-factor authentication as standard security measures. This should enable a smoother approval process when connecting and collaborating with large organisations. 

Thinking about the number of users who will be using the system should also be an important consideration. From experience, moving our workforce from 33% remote to 100% required us to consider the implied limit of how many people can connect to the same VPN.

Too many users and not enough licenses will hamstring your business productivity both now and in the future – for example, if users need to connect to your network from mobile, laptop and a computer. Developers and designers may want to test production software on different devices before pushing it to the public. Many companies are quickly figuring out that speccing out a VPN for a small percentage of remote or travelling people and acquiring one device license per person won’t suffice for an entirely remote workforce. 

Building and scaling a VPN solution effectively has now become an essential part of business IT strategy at a time where remote working is a necessity, rather than a choice. Building a VPN system that incorporates the above tips will help future proof business continuity in a time of increasing need.

Teresa Dietrich is the chief product officer at Stack Overflow, a question and answer site for professional and enthusiast programmers. 

Read more: Coronavirus cybersecurity: Ten tips for secure remote working