We’ve been very fortunate in being well prepared for the whole organisation working remotely, catering for a new normal of over 1500 staff members using VPN on a regular basis. That’s an increase from the usual 500 or so. On occasions some things have been a little slower than normal for some applications but workable.
However, we’ve also seen a huge transition to Microsoft Teams as the conferencing and collaboration tool of choice for the organisation. Teams use has exploded from two hundred to well over a thousand concurrent users every day, this introduced a few challenges. And we like a challenge.
We saw that that as VPN use increased along with increased used of Teams video conferencing, we began reaching the limits of the VPN solution. The impact of that was a reduction in video quality on Teams, sometimes to the point that video cut out altogether.
This was because the video and audio network traffic is sensitive to delay and other traffic was holding things up, a bit like an ambulance trying to get through a traffic jam at 8am (if you remember what that was like).
We decided that, given the importance of collaboration and face to face communication, we didn’t want to ask anyone to stop using video to reduce the problem. So, the team looked elsewhere and instead decided to implement split-tunnelling on our VPN for our Microsoft collaboration traffic, specifically Teams, Skype, SharePoint and Outlook. We found some excellent information pulled together by Microsoft and several various VPN providers which detailed exactly the split tunnelling solution we were looking for (links below).
Doing this has eliminated the quality issues we were seeing on video conferencing and so far we are seeing reduced utilisation on the VPN in the region of 15% – 22%. From the initial idea to going into full production for all colleagues took us five days.
In the image above from Microsoft, all the traffic from the VPN client is going to the VPN Gateway.
This image from Microsoft shows some traffic going direct to Office 365, and the rest forced to continue through the VPN.