|
| 1 | +--- |
| 2 | +title: 'Working remotely: Network Virtual Appliance (NVA) considerations for remote work | Azure VPN Gateway' |
| 3 | +description: This article helps you understand the things that you should take into consideration working with Network Virtual Appliances (NVAs) in Azure during the COVID-19 pandemic. |
| 4 | +services: vpn-gateway |
| 5 | +author: scottnap |
| 6 | + |
| 7 | +ms.service: vpn-gateway |
| 8 | +ms.topic: conceptual |
| 9 | +ms.date: 03/21/2020 |
| 10 | +ms.author: scottnap |
| 11 | + |
| 12 | +--- |
| 13 | + |
| 14 | +# Working remotely: Network Virtual Appliance (NVA) considerations for remote work |
| 15 | + |
| 16 | +>[!NOTE] |
| 17 | +>This article describes how you can leverage Network Virtual Appliances, Azure, Microsoft network, and the Azure partner ecosystem to work remotely and mitigate network issues that you are facing because of Covid-19 crisis. |
| 18 | +> |
| 19 | +
|
| 20 | +Some Azure customers utilize third-party Network Virtual Appliances (NVAs) from Azure Marketplace to provide critical services such as Point-to-site VPN for their employees who are working from home during the COVID-19 epidemic. This article outlines some high-level guidance to take into consideration when leveraging NVAs in Azure to provide remote access solutions. |
| 21 | + |
| 22 | +## NVA performance considerations |
| 23 | + |
| 24 | +All major NVA vendors in Azure Marketplace should have recommendations on the VM Size and number of instances to use when deploying their solutions. While nearly all NVA vendors will let you choose any size that is available to you in a given Region, it's very important that you follow the vendors recommendations for Azure VM instance sizes, as these recommendations are the VM sizes the vendor has done performance testing with in Azure. |
| 25 | + |
| 26 | +### Consider the following |
| 27 | + |
| 28 | +- **Capacity and number of concurrent users** - This number is particularly important for Point-to-Site VPN users as each connected user will create one encrypted (IPSec or SSL VPN) tunnel. |
| 29 | +- **Aggregate throughput** - What is the aggregate bandwidth you will need to accommodate the number of users you need to which you will need to provide remote access. |
| 30 | +- **The VM size you will need** - You should always use VM sizes recommended by the NVA vendor. For point-to-site VPN, if you will have a lot concurrent user connections, you should be using larger VM sizes such as [Dv2 and DSv2 series](https://docs.microsoft.com/azure/virtual-machines/dv2-dsv2-series "Dv2 and Dsv2 Series") VMs. These VMs tend to have more vCPUs and can handle more concurrent VPN sessions. In addition to having more virtual cores, larger VM sizes in Azure have more aggregate bandwidth capacity than smaller VM sizes. |
| 31 | + > **Important:** Each vendor utilizes resources differently. If it's not clear what instance sizes you should use to accommodate your estimated user load, you should contact the software vendor directly and ask them for a recommendation. |
| 32 | +- **Number of instances** - If you expect to have a large number of users and connections, there are limits to what scaling up your NVA instance sizes can achieve. Consider deploying multiple VM instances. |
| 33 | +- **IPSec VPN vs SSL VPN** - In general IPSec VPN implementations perform better than SSL VPN implementations. |
| 34 | +- **Licensing** - Make sure that the software licenses you have purchased for the NVA solution will cover the sudden growth you may experience during the COVID-19 epidemic. Many NVA licensing programs limit the number of connections or bandwidth the solution is capable of. |
| 35 | +- **Accelerated Networking** - Consider an NVA solution that has support for Accelerated Networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the data path, reducing latency, jitter, and CPU utilization for use with the most demanding network workloads on supported VM types. Accelerated networking is supported on most general purpose and compute-optimized instance sizes with two or more vCPUs. |
| 36 | + |
| 37 | +## Monitoring resources |
| 38 | + |
| 39 | +Each NVA solution has its own tools and resources for monitoring the performance of their NVA. Consult your vendors documentation to make sure you understand the performance limitations and can detect when your NVA is near or reaching capacity. In addition to this you can look at Azure Monitor Network Insights and see basic performance information about your Network Virtual Appliances such as: |
| 40 | + |
| 41 | +- CPU Utilization |
| 42 | +- Network In |
| 43 | +- Network Out |
| 44 | +- Inbound Flows |
| 45 | +- Outbound Flows |
| 46 | + |
| 47 | +## Next Steps |
| 48 | + |
| 49 | +Most major NVA partners have posted guidance around scaling for sudden, unexpected growth during COVID-19. Here are a few useful links to partner resources. |
| 50 | + |
| 51 | +[Barracuda Enable Work from home while securing your data during COVID-19](https://www.barracuda.com/covid-19/work-from-home "Enable Work from home while securing your data during COVID-19") |
| 52 | + |
| 53 | +[Cisco AnyConnect Implementation and Performance/Scaling Reference for COVID-19 Preparation](https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215331-anyconnect-implementation-and-performanc.html "Cisco AnyConnect Implementation and Performance/Scaling Reference for COVID-19 Preparation") |
| 54 | + |
| 55 | +[Citrix COVID-19 Response Support Center](https://www.citrix.com/support/covid-19-coronavirus.html "Citrix COVID-19 Response Support Center") |
| 56 | + |
| 57 | +[F5 Guidance to Address the Dramatic Increase in Remote Workers](https://www.f5.com/business-continuity "F5 Guidance to Address the Dramatic Increase in Remote Workers") |
| 58 | + |
| 59 | +[Fortinet COVID-19 Updates for Customers and Partners](https://www.fortinet.com/covid-19.html "COVID-19 Updates for Customers and Partners") |
| 60 | + |
| 61 | +[Palo Alto Networks COVID-19 Response Center](https://live.paloaltonetworks.com/t5/COVID-19-Response-Center/ct-p/COVID-19_Response_Center "Palo Alto Networks COVID-19 Response Center") |
0 commit comments