Are VPNs critical components?
VPNs or Virtual Private Networks have become a cornerstone of every business with IT. Many businesses are using SaaS solutions and hybrid environments. This puts further importance on VPN health. Site-to-Site connections are used by businesses using SaaS environments and cloud providers. In addition to these, the current pandemic has also put unprecedented pressure on client VPNs. Those working from home use client VPNs. So if either one of these two types of connections fails, the business can experience significant downtime. This downtime not only means loss of revenue, but other penalties as well. Therefore, it is essential to monitor these.
In what we hope will be a series of blog posts, we’ll write about how organizations can better monitor these critical connections. We’ll also offer some practical tips. As we are an independent consulting firm, we’ll provide platform neutral solutions.
Many connection types
This time we’ll focus on Site to Site VPNs. These can be based on IPSec, L2TP, MPLS, OpenVPN and even WireGuard for early adopters. SSH tunnels are also used.
Monitoring can occur using different styles. The approach differs by organizations and vendors. Different organizations opt for different solutions based on their own requirements. Ideally, monitoring should involve sending the same type of data over these links as production data. However, this may not always be possible.
What can be monitored?
Here are some central aspects of VPNs:
Your equipment (firewall/VPN appliances):
- Uptime on tunnels (how long has the connection been up)
- Tunnels being active (is the connection up)
- Traffic patterns (measure bandwidth used, in/out rates)
- Netflow analysis (analyze the type of traffic travelling) (Advanced)
Remote endpoints (on the other side of the tunnel):
- Servers
- Are remote servers replying?
- Are services on those servers available?
- APIs
- Are they reachable?
- Are they responding as expected?
But that’s not the whole story
The points above can be a good starting point. The following can also be used as a way to get a better view from your application(s) perspective:
Continuous tests:
- Run real traffic (what your applications need to function)
Heartbeats (Keepalive):
- Data is regularly sent to a database with TTL (Time to live) with a reference, and the monitoring system checks that the data has not expired
More is to come
In conclusion, many aspects of remote connections that can be monitored. What you choose to monitor depends on your application(s) and environment. In addition, the level of detail you need also plays a role. In the next blog post, we’ll be covering how to implement one of these ways of monitoring VPNs.