The coronavirus lockdown has made everyone a mobile worker. IT strategies and policies relating to mobile working, laptops, security and mobile network access have had to scale across every business. Approaches that have worked well in the past, when a small proportion of employees needed mobile connectivity, have often proved lacking when IT departments try to scale up remote working to support the majority of employees.
For years, IT departments have relied on virtual private networks (VPNs) to provide remote access to the corporate network for remote workers. But when measures to contain the coronavirus resulted in many businesses switching from office-based work to remote working, every employee became a mobile worker and VPNs proved woefully inadequate.
Along with providing secure networking, IT managers have also needed to consider how to deliver access to line-of-business applications to employees to enable them to work from home long term.
While a VPN provides a secure point-to-point connection between a remote worker’s device and the corporate network, it does not offer direct access to any cloud-based applications. Every single packet of network traffic needs to be routed through the VPN servers, which makes connectivity to internet-hosted business applications very inefficient.
Enterprise-grade connectivity for home workers
In a recent blog post, Agus Abdullah, chief of product and services office at Telkomtelstra, discussed why software-defined wide-area networks (SD-WANs) have become a key component in providing remote access.
Given that systems and business applications for remote work systems require good network resilience, Abdullah wrote that unlike VPNs, which are not designed for peak capacity when there is a surge in network traffic, SD-WANs are scalable, especially during periods of high surges in network traffic.
“If a company only relies on local VPN servers, these tend to become overloaded with the number of connections and the amount of traffic needed to support a very large increase in workload,” he wrote. “Of course, this causes the network to become slow and less than optimal, which then negatively impacts employee performance and business productivity. This is even more apparent with video-conferencing and cloud-based video collaboration platforms that require large networks and capacities to reach dozens of people in real time.”
In another blog, Silver Peak warned that a VPN’s most significant shortcoming is that it does not provide adequate quality of service (QoS) controls.
“Which is more important: your Zoom conference with a client or your teenager’s Ariana Grande infatuation? Business use of your limited internet resource are clearly more important. But what about your kids’ schoolwork? Now it’s a balancing act,” Silver Peak noted in the blog post.
As Computer Weekly has previously reported, IT departments have been increasingly looking at using SD-WANs to provide remote access during the Covid-19 crisis.
Gartner describes an SD-WAN as edge infrastructure, which provides network connectivity from distributed enterprise locations to access resources in both private and public datacentres, as well as the cloud, via infrastructure as a service (IaaS) and software as a service (SaaS).
In its Magic quadrant for WAN edge infrastructure report, published in November 2019, Gartner forecast that by 2024, to enhance agility and support for cloud applications, 60% of enterprises will have implemented SD-WAN, compared with fewer than 20% in 2019.
The SD-WAN is seen as the best way to deliver network connectivity to branch offices. Now, with the coronavirus, every home worker has required a micro branch office with access to the corporate network, which has led to growing interest in using SD-WANs to support remote workers.
According to analyst firm Forrester, most organisations do not have the skills to deliver an SD-WAN across the business. It often makes sense to use a managed service provider (MSP) instead. Forrester recommends that such a contract needs to be considered more like a SaaS agreement than a traditional networking contract.
As part of any evaluation of an SD-WAN MSP, Forrester advises IT departments to evaluate the bandwidth requirements and security needs of business applications.
In the Forrester report, Evaluate SD-WAN services based on branch office goals, not hardware data sheets, Forrester principal analyst Andre Kindness wrote: “You need to identify your line-of-business applications and traffic patterns. This will help you set the right security levels and architecture while ensuring that application performance isn’t affected. On-site versus cloud-based security can affect applications in different ways. The decision to use security features within SD-WAN can play a role in this as well.”
As in a branch office connection, when working from home the weakest link is the last mile and the local area network Wi-Fi. Unlike branches, home workers have to connect their corporate devices to networks that may also be used for streaming games, videos and music.
The quality of service available from the home router may not be sufficient to run unified communications services like Microsoft Teams or to enable employees to participate effectively in Zoom calls.
The simplest way to overcome this bottleneck is for home workers to connect their laptop directly to the router using an Ethernet cable. This eliminates network contention on the Wi-Fi network, but does not improve the quality of service, if bandwidth-heavy services are being run by other members of the household while a business conference call is taking place.
Some businesses, such as those operating in regulated industries, have gone as far as providing separate broadband networks for home workers. Depending on mobile data reception, a corporate mobile phone could also be used to provide a decent wireless hotspot for corporate laptops.
Rewiring traditions
The coronavirus has projected unified communications and video conferencing into the spotlight, as businesses turned to services like Zoom and Microsoft Teams to keep their staff connected.
It is amazing how quickly video conferencing has been accepted as part of the daily routine. Such is the success of services like Zoom that CIOs need to reassess priorities. In a workforce where people are working from home regularly, remote access is not limited to a few, but must be available to all.
Mobile access and connectivity for the mobile workforce needs to extend to employees’ homes. Traditional VPN access has scalability limitations and is inefficient when used to provide access to modern SaaS-based enterprise applications. To reach all home workers, some organisations are replacing their VPNs with SD-WANs.
There is also an opportunity to revisit bring-your-own-device (BYOD) policies. If people have access to computing at home and their devices can be secured, then CIOs should question the need to push out corporate laptops to home workers.
While IT departments may have traditionally deployed virtual desktop infrastructure (VDI) to stream business applications to thin client devices, desktop as a service (DaaS) is a natural choice to delivering a managed desktop environment to home workers. For those organisations that are reluctant to use DaaS in the public cloud, as Oxford University Social Sciences Division (OSSD) has found (see below), desktop software can easily be delivered in a secure and manageable way using containers.