Hey ya’ll,
I work for a company that has approximately 50 people connected to our main server at all times. Of that 50, about 10 people are connected via VPN.
We have a 1 GBPS UL/DL dedicated line and whenever we’re on VPN it’s close to 5 MBPS UL/DL. Many of your employees have 1 GBPS UL/DL or 500 MBPS, etc… and we’ve checked their internet speed, so the bottlenecking doesn’t appear to be on their end. Since it’s also happening across many users when connected remotely it doesn’t appear to be on their end. This sluggishness has caused a lot of issues, especially because we work with AUTOCAD and large surveying files. Since we’re moving more and more towards a hybrid/remote workspace I want to get this resolved as soon as possible.
Would anyone be able to assess the above situation and let me know if this is normal and something we should be facing? Is it simple infrastructure that needs to be improved such as an additional dedicated line.
If not or you’ve seen this before, can you share some common solutions/troubleshooting tips.
Edit: we’re seeing the sluggishness when, over VPN, trying to download files locally or upload files to the network from local. Also, if we’re operating a CAD file from the server or other type of large file we see a tremendous amount of delay/lag,etc… even PDFs are weird.
You probably need to provide more detail about the “sluggishness” - as you haven’t really said what’s wrong.
If they’re running local CAD software and accessing remote files over SMB or something you’re in for a bad time.
SMB is garbage over non-LAN latency.
Moving to a VDI style model would be more performant.
additional dedicated line
Check your graphs. If you’re not graphing, time to start. You wouldn’t throw another dedicated line at something without knowing you were stressing the connection you already had right?
Could be a dozen different things (you’ll have to do more investigating to find out exactly what), but one common problem you could start looking into is MTU/MSS issues due to the VPN overhead not being taken into account properly.
Do you know which model watchguard you have? I worked for an MSP that used them. If it’s one of the cheaper ones, it doesn’t surprise me that the VPN connection is slow. Watchguard does make some quality products, but the lower end ones don’t have a lot of processing power.
You’re the man. I appreciate the insight. I’ll definitely investigate this sorry for my naivety, but what do you mean by VDI Style Model (going to google this).
Also, I’d like to ask my MSP to share the graphs, but they may ask me on more info as to what I mean. Can you elaborate? (will google this too, so no worries)
Thanks for your help man
Hey man, thanks for inquiring.
Watchguard Mobile VPN Client with SSL.
what do you mean by VDI Style Model
Basically think RDP.
The workstation is hosted on infrastructure at the DC/in the office where it benefits from low latency and higher speed to storage etc, and the user accesses it using RDP / Citrix / VMWare View / whatever technology - so that the only thing going over the VPN is keyboard/mouse/video.
Can you elaborate?
Not sure what there is to elaborate on.
You mentioned adding another dedicated internet connection. If you don’t know what the utilisation is on the current one there’s no way of knowing if that would help or not. Hence you’d check the graphs.
Information driven decision making.
Anytime man! I actually mean the model of the physical box that is handling the VPN. This is what you’re looking for.
Might be worth looking to use the IKEv2 VPN instead as it’s faster and more secure than the SSL VPN offering.
Thanks man.
Yes, I’ve been looking into a VM environment over VDI. And may build my owner server to Host as I’m hoping it will be cheaper over time.
Thanks again.