skip to Main Content

What is a Virtual Private Network?

A Virtual Private Network, or VPN, allows remote employees to create a secure connection to the corporate network for accessing resources. These connections essentially tunnel from a computer or mobile device through a VPN server, often through the public Internet. VPN technology has been around since the mid-1990s, but its usage is now going mainstream due to Covid. Research done by the team at points out that 68% of US adults today claim to use either free or paid VPN for work or personal use, equating to around 142 million users. As Covid accelerates the work from home or hybrid work culture, it means new challenges for IT to monitor and secure a suddenly remote workforce amidst high business VPN adoption.

VPN Performance Indicators
Continuously monitor VPN performance for the hybrid, work from home, and remote workforce

In this Post

Why Do We Need to Monitor VPNs?

Not all businesses can or want to host their corporate information and applications in the public cloud. A VPN serves as a gateway allowing remote workers to access critical enterprise resources and on-premise apps to perform their jobs. Often the corporate resources might be more secure when access remains on the corporate LAN.

Monitoring the availability, health, and latency of VPN connections via critical metrics ensures reliability and robustness to end-users. By testing VPN access with continuous fetching of Web sites, DNS names, or by sending Internet Control Message Protocol (ICMP) diagnostic requests to the peers, VPN monitoring reveals the reachability of peer devices and servers through constant communication about network connectivity. These provide baselines with which to measure VPN performance on a constant basis and IT teams gain visibility into performance issues and provide remediation efforts when needed.

6 Reasons Businesses Should Use a VPN Service

Investing in a VPN solution can keep employee data and company resources safer for the long term. From traffic encryption to network scalability, a VPN offers businesses and employees a secure tandem relationship outside the walls of a physical corporate office. Ultimately, network, ITOps, and business objectives need to align for successful outcomes.

  • Reduce Security Breach
    Cyber-attacks, including phishing schemes, are up 600% due to Covid. A VPN increases network security by passing data through a secure tunnel and encrypting it, which is useless to attackers. Also, hackers cannot follow the trail to identify end-users and reach their IP addresses. Moreover, specific VPNs provide an alert warning when users download malicious files from the Internet. A VPN provides secure access to necessary SaaS services (Salesforce, HR) hosted in the private cloud and Identity-as-a-Service provider (Azure AD) for streamlined authentication.
  • Remote Network Access
    Employees today need flexibility and a dynamic workplace, meaning the ability to login remotely and access information or applications at any time. Besides offering security and peace of mind, a VPN connection fosters work anywhere, so end users stay productive and efficient.
  • Bypass Geo-blocking
    Certain websites and applications required for business operations may not be available in the country itself. An access request can originate from a non-restricted country with a VPN, allowing resource access and bypassing geo-blocking restrictions.
  • Anonymity
    Connecting to the Internet through a VPN provides online anonymity with the provider’s IP address. After VPN shields the actual client IP address, attackers cannot infiltrate the original IP to target sensitive data.
  • Network Efficiency
    End-users expect improved network bandwidth and throughput after implementing a VPN solution as sometimes ISPs can control traffic and throttle network speed for businesses. By anonymizing IP addresses and encrypting traffic data, a VPN offers remote employees a chance to avoid intentional slowdown.
  • Cost-Effective
    Another benefit to businesses wanting to provide remote corporate resources is the affordability of a VPN solution. Typical market vendors sell the software for less than $10 per month and allow between 2-10 devices. Overall, employees experience a safe and secure Internet experience with budget-friendly options presented.

Conditions Impacting the VPN Performance

Several devices (local LAN router, VPN server or ISP gateway, etc.) sit on a network path between a remote worker PC up to the corporate server machine. VPN Connectivity issues could lie with any endpoint or node so checking every intermediary step matters and saves time for everyone on the support team.

  • Individual Home Network
    Common issues such as incorrect local LAN settings, Poor Wi-Fi strength, outdated cabling, overheating routers, etc., may be preventing users from connecting to a VPN service.
  • Domain Name System (DNS) Server
    DNS servers may be experiencing issues connecting web addresses into IP addresses and being unavailable to respond to requests due to misconfigured settings.
  • Internet as a whole
    Massive internet outages, cable repair, web maintenance, etc., can take down servers and impair the ability to connect to a VPN server.
  • VPN Server
    Failure to connect to a VPN server is the most common issue among end-users. A server can crash due to overloaded requests from WFH employees or trouble routing traffic through the tunnel connection.
  • Corporate Network
    This type of network could be protected by multiple layers of security and thus not allowing new access to machines. In addition, lack of maintenance and ongoing support can make enterprise network access unfeasible.
  • Corporate Machines
    The host or server which serves intranet web applications or local resources may be unreachable from the corporate LAN network.

How to Monitor a VPN with Exoprise

Monitoring a network’s ping response time, traceroute stats, and metrics such as jitter, latency, and packet loss is crucial for analyzing and optimizing the end-user experience. Exoprise CloudReady and Service Watch offer better coverage by proactively monitoring the VPN connectivity in real-time for the hybrid workforce. Information Technology teams are able to quickly detect, diagnose, and troubleshoot issues that impact the uptime and availability of business-critical services.

Common issues seen during a VPN connection are generally slow internet, poor call quality, and inability to visit certain web pages. After deploying CloudReady, the synthetic sensors emulate VPN traffic to a corporate resource to ensure that the data gets transferred through the network without any delay. On the other hand, Service Watch, along with browser chrome extension, provides real user monitoring of the system, network, and applications by collecting advanced desktop telemetryExoprise “Better Together” Digital Experience Monitoring strategy with Service Watch and CloudReady provide IT leaders with a single comprehensive view into the entire VPN network and end-to-end performance.

Installation of Standalone Synthetic Sensors

The prerequisites to effective VPN performance monitoring are that most employees connect to the VPN network for daily work operations. Upon creating a test account with Exoprise, several lightweight sensors are available to IT for quick deployment and monitoring of the VPN infrastructure. Sensors can be installed either on public or private site machines to troubleshoot connectivity and networking issues. Let us look at each sensor to learn more.

  • Ping
    ping sensor to test VPN connectivity
    Ping sensor available in Exoprise CloudReady Inventory

    Ping measures latency and verifies connectivity at an IP level to another TCP/IP network device by transmitting ICMP echo-request packet messages and waiting for a return message. A Ping request returns information on packets (sent, received, lost) and approximate round-trip time in milliseconds. Use the Exoprise ping sensor to proactively monitor the performance and uptime for up to five different network endpoints. For example, if there is trouble trying to access an application hosted on a VPN server, first check the connection with ping to narrow down the issue. As the first primary diagnostic step, an IT analyst can successfully use the ping sensor dashboard to check the connection health of the VPN server. If the ping response comes back faster, the problem most likely is with the server or application.

    Ping sensor to check network connectivity
    Measuring VPN performance through Exoprise CloudReady Ping sensor
  • Traceroute
    Traceroute sensor diagnostics show the path a packet takes from one device to another over a network. Along the way, the packet discovers all routers till it reaches the destination or fails and gets discards. Additionally, admins can view how long each hop takes from router to router. When a website is unreachable within the VPN network, a traceroute effectively determines where the timeouts occurred. The issues could lie with the internet gateway, ISP, global gateway (Internet), or the host machine itself. Use both traceroute and ping in conjunction before contacting ISP to complain.

    Continuous Traceroute to Corporate / VPN Destinations or Gateways
    Continuous Traceroute to Corporate / VPN Destinations or Gateways
  • VoIP (Voice over IP)
    Measure jitter in VPN with VoIP sensor
    VoIP sensors available in Exoprise CloudReady Inventory

    Exoprise VoIP sensor continuously tests the end-to-end network performance between two points (a VoIP receiver and a VoIP sensor) using UDP packets to simulate a SIP or VoIP conversation. Additionally, the sensor reports on the quality of service (latency, jitter, packet loss, etc.) to ensure high-quality collaboration in an organization. With so many employees working from home these days, most VoIP communication (Skype for Business Online, Microsoft Teams, Cisco WebEx, RingCentral) is happening through VPN, which also carries other end-user traffic data. Depending upon how the VPN gateway is set up in an organization and optimized for voice service, IT professionals need to effectively monitor VoIP as it is sensitive to overall network performance. For example, jitter can make a voice call unintelligible as packets may arrive with varying latency or get dropped.

    jitter, packet loss, RTT metric monitoring
    VoIP Jitter monitoring over VPN connection
  • WGet
    Test web performance during VPN connection
    WGet sensor available in Exoprise CloudReady Inventory

    The WGet sensor tests and monitors HTTP web response time and availability by fetching the content. For example, when employees connect through a VPN to access typical web applications (intranet, for example) and cannot download a particular page, IT administrators can quickly check the sensor page dashboard. An HTTP response of 200 OK indicates that the resource page has been successfully fetched and transmitted in the message body. On the other hand, the HTTP 500 status code signals a web server issue. Any unexpected activity error message display under the Errors tab.

    HTTP response during VPN connection
    Track Web Performance in a VPN setting

Installation of Service Watch Browser Extensions

Service Watch Visible Browser Popup
Service Watch Browser Extension

While Exoprise synthetics provide proactive low-level network statistics in the background, Service Watch measures application experience from an end-user perspective. And why is that important to IT teams? At Exoprise, the Digital Experience Monitoring solution looks at two sides of the experience spectrum to provide a holistic picture. Due to the pandemic, most of the workforce operating from home or office has different network setups (routers, Wi-Fi, gateway, ISP, etc.). Under these circumstances, application experiences can significantly vary.

real user monitoring and desktop experience score
Service Watch Desktop to track end-user desktop experience score

When IT supported a handful of remote employees connecting through the VPN, that number and scale have today increased expoentially, demanding a solution like Exoprise. When end-users connect to corporate resources over a VPN, Service Watch Desktop (SWD) presents IT with the system, network, browser, application, and endpoint data to diagnose any prevalent performance issues. Deploying Service Watch Browser or Service Watch Desktop for end-users is easily customized..

  1. Configure critical domains and applications that employees need access to in the Service Watch Browser (SWB) chrome extension.
  2. Create a Service Watch Desktop configuration and associate it to a particular SWB extension configuration.
  3. Invite and install SWD to individual users or package the installation for bulk deployment. After deploying, IT gains visibility into VPN experience for the entire workforce with generated scores and network benchmarks.

Here are some additional resources to check out:
How to Deploy Synthetics to Service Watch Desktop
Service Watch Anonymization
What is Service Watch?

Built-in Alarms, Crowd Analytics, and Network Path Performance

Additional features in Exoprise CloudReady and Service Watch can aid support teams during VPN troubleshooting. For example, pre-configured alarms will automatically generate upon detecting error or poor service performance monitored by WGet, Ping, and other sensors. Enable, disable, and tune alarms accordingly. Admins can also receive warnings in the form of email or text messages. When investigating alarms, a key component and unique differentiator within Exoprise is its crowd-sourced analytics capability. Each of the charts comes with this feature and helps IT gauge how an application performs compared to the crowd, reducing troubleshooting time in half. Finally, the network path performance tab visualizes and maps the entire network route with individual/crowd timings from one point to specific IP.

Here are some additional resources to check out:
How to Aggregate Alarms
The Power of Crowd
Network Path Performance Scorecard
How to Configure Dashboards

Your VPN Needs Uptime, not Downtime

The global pandemic continues to make VPN Uptime a critical priority for enterprises. As hundreds to thousands of employees start to take advantage of hybrid work settings, IT is battling to provide secure access to internal resources and keeping end-users productive. Monitoring VPN connectivity, troubleshooting network issues, and identifying root causes ensures smooth network operations. While each home network varies and employees access the Internet, equipping IT with the right toolset is about preparing for the future.

Free 15-day Trial to Monitor VPN Performance

Companies can take advantage of the Exoprise Free trial offer and deploy CloudReady, up to 25 Service Watch Desktop (DXS), and 50 Service Watch Browser (WXS) licenses to monitor VPN network performance. Deploy additional sensors to monitor business-critical enterprise applications such as Microsoft 365, Office 365, Teams, Zoom, Salesforce, AWS, GCP, Azure, and any custom SaaS app. So get started today without needing to provide any credit card details or contacting sales.

Here are some additional resources to check out:
Exoprise Digital Experience Monitoring FREE 15-Day Trial
Exoprise YouTube Page
Exoprise LinkedIn Page
Exoprise Resources Page

Alex Tsukernik

Alex Tsukernik is a lead architect for Exoprise and loves traversing high-level server architectures to low-level instrumentation details in a single bound.

Back To Top