Skip to content
Light Mode Dark Mode
March 10, 20214 min read

How to Reduce Strain on WAN and VPN Links

AdobeStock_256229414 1

There’s no question about it: 2020 has brought new challenges to network managers and IT administrators responsible for the day-to-day support of enterprise endpoint computing environments. Their jobs were never easy, but when an unprecedented global pandemic led a majority of employers to adopt “work-from-home” strategies in the blink of an eye, few corporate networks were ready to face this new test. The resulting strain on virtual private network (VPN) infrastructures and WAN gateways to the public internet has threatened network performance, often forcing admins to delay distributing essential software updates.

The initial challenges of the COVID-19 pandemic centered around maintaining employee productivity. IT teams needed to enable workers to connect to business-critical applications and collaboration tools so that the enterprise could simply maintain operations. But they also needed to achieve this without saturating bandwidth or weakening security — which became an issue when administrators attempted to deliver much-needed patches to large numbers of newly-remote employees, as well as to monitor and maintain devices now located outside the confines of the corporate network environment.

Many enterprises turned to VPNs to meet the increased need for remote access to corporate computing resources. As a result, VPN utilization soared in the U.S., growing by 124% over a single two-week period in March. Few of these VPN infrastructures were built to handle the resulting traffic volumes, and numerous enterprises lacked the VPN licenses, appliances and supporting network elements needed to maintain adequate network performance for their remote users. The immediate results included traffic congestion, performance degradation and unprecedented volumes of help desk tickets. Most administrators had little choice but to put off distributing even the most critical content packets.

The latest iteration of a longstanding problem

Even before the rapid and unexpected shift to a largely remote workforce, however, large-scale content distribution presented a stumbling block for enterprise IT operations. Traditionally, WAN administrators allocated 80% of pipeline bandwidth for business traffic and 20% for content distribution. This static formula was problematic when large content packages, such as Windows 10 updates, which regularly approach one gigabyte (GB) in size, needed to be deployed to thousands of endpoints at the same time, since inadequate bandwidth was available for rapid distribution of this content. But it also led to waste at other times, when bandwidth reserved for content was made to sit idle though it could have served business traffic needs.

In the traditional model, software updates and other content packets were distributed from a primary site server to multiple remote locations and then to distribution points (DPs), from which they’d be sent to endpoint devices. Each of these hundreds or thousands of clients would receive an identical content packet from its DP, meaning an abundance of copies of the same software was being sent across the WAN link. In essence, a significant percentage of bandwidth capacity was being set aside to carry traffic that was largely redundant.

Waste will no longer be an option in tomorrow’s network architectures

The events of 2020 have taught enterprise IT operations teams the necessity of preparing for the unknown. Some portion of the previously on-site workforce will transition into permanent remote positions. These employees will need computing support and reliable content distribution that reaches their at-home endpoints long after the pandemic is behind us. Even enterprises whose employees fully return to the office will need to implement protective mechanisms in preparation for the next global crisis. Everyone will need to move beyond the limitations of traditional bandwidth allocation formulas and VPN infrastructures.

Peer-to-peer: a new paradigm for content distribution

Modern device management solutions that take advantage of innovative content distribution patterns — particularly peer-to-peer (P2P) content distribution — can help leading organizations get past these hurdles. Benefiting from highly distributed computing models, advanced P2P content distribution engines entirely circumvent the local DP server infrastructure, massively reducing the amount of traffic crossing WAN gateways or traversing VPNs.

P2P content distribution solutions take advantage of unused storage capacity on local endpoints to house full copies of enterprise software. These content reservoirs are intelligently shared across multiple endpoints, so they don’t stress the devices’ storage capacities, impact performance or degrade end user experience. The content “lives” near the endpoint devices to which it is being distributed, so thousands of copies need not travel across WAN or VPN links. Instead, a single download will serve all the devices in each subnet. This is accomplished through P2P content sharing: the solution leverages geolocation technology to group endpoints together with their nearest “neighbors,” who then share the content intelligently amongst themselves.

Today’s most advanced enterprise-grade P2P content distribution engines incorporate rigorous security controls. These should include role-based access management and strong integrity validation for every transferred file. With such protective mechanisms in place, security leaders can feel confident that content can be delivered safely, direct from the cloud. This makes it possible for enterprises using split-tunnel VPN architectures to distribute content entirely outside of the corporate WAN or VPN without sacrificing security.

AdobeStock_488605053

Ready to Get Started?

Schedule a one-on-one demo today.

Request a Demo