To all of our fellow colleagues, customers and partners, we recognize what a challenging time this is – not only with regard to people’s health and safety, but also the downstream economic impact created by work-from-home policies. More and more schools are being shut down, and increasingly we experience more city-wide closures around the globe. We are engaged with thousands of organizations to help them with ‘Business Continuity’ and ‘Work from Home’ through various programs.
These Business Continuity programs have put tremendous stress on your IT infrastructures and fellow IT Security practitioners. Organizations are asked to build/scale-out their Secure Access infrastructure at hours’ notice. IT Security teams, unfortunately, don’t have the luxury to follow dev-sec-ops processes and deploy these solutions in a classic ‘phased’ fashion. It is very important that we follow best practices and try to deploy secure access infrastructure right the first time!
Before you plan to scale out your Secure Access infrastructure, here are some basic checks that you should do:
- Before deploying new infrastructure, understand how much additional capacity you can add to your existing Secure Access (VPN) platform (cloud, virtual or physical).
- Make sure you have a DR (disaster recovery) site for your Secure Access solution up and running, in case there is a power/network failure at the primary site.
- If you are running your infrastructure in stand-alone mode, now would be a good time to add HA (high availability) – either in active/active or active/passive mode.
Once you have scaled out the infrastructure, if your capacity/user traffic continues to surge, here are additional best practices that you can follow:
- Explore ‘platform burst’ options (such as Pulse ICE) to address these traffic/capacity surges.
- Configure bandwidth ‘throttling’ per-user to make sure you can deliver ‘essential’ applications to ALL users without any performance degradation.
- Configure advanced features such as ‘split-tunnels’ to limit Secure Access platform usage to only critical enterprise/data-centre applications.