Corporate VPN huffing and puffing while everyone works from home over COVID-19? You're not alone, admins

Microsoft and others take steps to handle remote staffer crunch

With the COVID-19 outbreak pushing many companies to keep workers at home, admins are finding themselves having to deal with a crunch of traffic on VPNs and network appliances suddenly overwhelmed with remote connections.

Microsoft on Tuesday issued guidance for admins on how to manage their Office 365 installations with so many employees suddenly making the shift from on-premise to remote work, and how they can handle the traffic crunch as employees run through the VPN on their way to the cloud service.

"The recent COVID-19/Coronavirus outbreak has caused many customers to rapidly enable, or proactively plan for the bulk of their employees working from home," explained Office 365 senior program manager Paul Collinge.

"This sudden switch of connectivity model for the majority of users typically has a significant impact on the corporate network infrastructure which may have been scaled and designed before any major cloud service was rolled out and in some cases, not designed for a situation when it is required simultaneously by all users."

To help with the crunch, Microsoft is advising admins to set up their VPNs with split tunneling to identify traffic (Microsoft provides a list of URLs and IP addresses for its endpoints) and route it directly to the Office365 service.

"The key to this solution is separating out the critical Office 365 traffic, which is both latency-sensitive, and which also puts enormous load on the traditional network architecture," Collinge noted.

"We then treat this traffic differently and use the user's local internet connection to route the connectivity directly to the service."

Microsoft is not the only company making steps to alleviate the remote worker traffic crunch. Box CEO Aaron Levie said that his service will lift user caps for enterprise customers.

Dante Malagrino, chief development officer at Riverbed Technologies, told The Register that his customers have been increasingly trying to get a handle on traffic running through the network as workers go through the corporate VPN on their way to cloud services.

"Most corporate networks were simply not designed to perform under such simultaneous demand, and in the age of cloud-based apps, services and remote workforces," he said.

"As coronavirus has become more widespread globally, we're seeing organizations everywhere take measures to protect the well-being of employees, including supporting larger work-from-home network scenarios." ®

Other stories you might like

  • Pentester pops open Tesla Model 3 using low-cost Bluetooth module
    Anything that uses proximity-based BLE is vulnerable, claim researchers

    Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be hoodwinked by a relay attack, leading to the theft of the flash motor.

    Discovered and demonstrated by researchers at NCC Group, the technique involves relaying the Bluetooth Low Energy (BLE) signals from a smartphone that has been paired with a Tesla back to the vehicle. Far from simply unlocking the door, this hack lets a miscreant start the car and drive away, too.

    Essentially, what happens is this: the paired smartphone should be physically close by the Tesla to unlock it. NCC's technique involves one gadget near the paired phone, and another gadget near the car. The phone-side gadget relays signals from the phone to the car-side gadget, which forwards them to the vehicle to unlock and start it. This shouldn't normally happen because the phone and car are so far apart. The car has a defense mechanism – based on measuring transmission latency to detect that a paired device is too far away – that ideally prevents relayed signals from working, though this can be defeated by simply cutting the latency of the relay process.

    Continue reading
  • Google assuring open-source code to secure software supply chains
    Java and Python packages are the first on the list

    Google has a plan — and a new product plus a partnership with developer-focused security shop Snyk — that attempts to make it easier for enterprises to secure their open source software dependencies.

    The new service, announced today at the Google Cloud Security Summit, is called Assured Open Source Software. We're told it will initially focus on some Java and Python packages that Google's own developers prioritize in their workflows. 

    These two programming languages have "particularly high-risk profiles," Google Cloud Cloud VP and GM Sunil Potti said in response to The Register's questions. "Remember Log4j?" Yes, quite vividly.

    Continue reading
  • Rocket Lab is taking NASA's CAPSTONE to the Moon
    Mission to lunar orbit is further than any Photon satellite bus has gone before

    Rocket Lab has taken delivery of NASA's CAPSTONE spacecraft at its New Zealand launch pad ahead of a mission to the Moon.

    It's been quite a journey for CAPSTONE [Cislunar Autonomous Positioning System Technology Operations and Navigation Experiment], which was originally supposed to launch from Rocket Lab's US launchpad at Wallops Island in Virginia.

    The pad, Launch Complex 2, has been completed for a while now. However, delays in certifying Rocket Lab's Autonomous Flight Termination System (AFTS) pushed the move to Launch Complex 1 in Mahia, New Zealand.

    Continue reading

Biting the hand that feeds IT © 1998–2022