Fast VPN Scaling & Continuity During Crisis
VPN scaling: When the COVID-19 pandemic struck, it propelled Intel's global workforce of over 100,000 employees, along with contingent workers and ecosystem partners, to begin working remotely practically overnight. Virtual private network (VPN) connections would be needed for all of these workers, but Intel's global VPN capacity was a fraction of what would be needed. Depending on the geography, Intel IT needed to scale VPN capacity either through a public cloud service provider (CSP) or through on-premises local cloud servers. Either way, as the world cascaded into quarantine, there was no way to procure the necessary VPN gateway appliances. We adapted to the situation and created the needed capacity with virtualized VPN gateways. In the days following Intel's work-from-home order, we not only met Intel's VPN capacity needs but exceeded them. We accomplished this by fine-tuning off-the-shelf solutions based on Intel® architecture-based servers and Intel® Ethernet network adapters enabled with Single Root I/O Virtualization (SR-IOV) functionality. Based on our internal team's deployment, we were able to scale our virtual VPN gateways by 100 to 200 percent of the performance level seen in some dedicated hardware VPN gateway appliances. The solution spotlights the exceptional capabilities of virtualized solutions, SR-IOV, and multicloud strategies for quickly overcoming considerable challenges. One SR-IOV-compliant network interface controller (NIC) can present up to 256 virtual NICs, each of which could operate within a virtual VPN gateway. Thus, SR-IOV enables a relatively limited amount of off-the-shelf server hardware to provide an extensive amount of VPN gateway capacity—which is exactly what we needed in the face of rapid VPN scaling demands. In the U.S., we had high-speed WAN connectivity to a top-tier CSP to handle projected VPN bandwidth needs. For geographies without high-speed connectivity to CSPs, we repurposed suitable servers using Intel® Xeon® Scalable processors, targeting the core scaling and memory capacities needed to maximize performance while benefitting from the processors' integrated encryption acceleration engine, which enables VPN functionality possible at this scale. The bottom line: We nearly tripled Intel's VPN capacity in under three weeks. This use case illustrates the benefits of a multicloud strategy for enterprises. The ability to quickly flow scaling demand out to the public cloud and then back to private infrastructure as conditions and cost pressures dictate was critical to Intel's weathering the pandemic's spread. And note that our solution continues to evolve. After the initial COVID-19 rush, we made changes to our proxy infrastructure and other optimizations that make having a multicloud strategy even more advantageous and will help ensure smooth transitions between platforms in the future. No matter what happens with COVID-19 in the coming months, this virus will not be the world's last pandemic. The need for workforces of all sizes to transition work modes and venues overnight could arise again at any time. Our successful navigation of the COVID-19 transition with Intel Xeon Scalable processors (and their instruction set for encryption processing), SR-IOV, and multicloud point the way toward greater enterprise agility, efficiency, and scalability for whatever challenges await Intel.