System-Engineering | 4 min read

Work remotely and stay safe

ngworx Team
March 2020
written by Maciej Zurawski
Senior Network Engineer

In the current unique situation and dire times, as we see, there are two commodities that are very much like must-haves, to safely pull it through.

One would be, as it seems from current trends, toilet paper and the second one is secure access for employees to the company resources. Former is physical, so we are bound to the supply chain, the latter can be virtualized. This means it is within reach of companies of any size, provided that they have a capable infrastructure or an existing cloud.

Our weapon of choice

Our weapon of choice, to tackle remote access scenarios is Pulse Secure Appliance (PSA), as we already used it successfully for customers and on our own backyard. Of course, VPNs are not only useful for the remote teleworkers, it as well gives you the opportunity to extend some of the company resources outside of your local data center through a secure (encrypted) channel, where it would be internal tooling, switching to hybrid cloud model or even retrieving data which needs to be quickly accessed during a meeting with potential customers. Of course, PSA is not limited to provide only VPN termination, it also offers a full-blown NAC solution, which can be used anywhere in the network, even as an authentication server for wireless.

There are multiple flavours for the PSA, which differ in the number of supported concurrent sessions. Below is an extract from datasheet comparing various options.

What are the advantages of a virtual appliance? Of course, there are many, but most important ones for the sake of this article, are speed of deployment and flexibility. We don’t have to wait and rely on long supply chains to deliver physical appliance, provision physical space, cabling and power. Virtual appliances can be instantiated as soon as required licenses are in place and there all required resources are available, which as well mean that it is easier to upscale such deployments. As seen in the previous image, virtual PSA is supported on different hypervisors: VMware, KVM, Hyper-V and is as well build for the most popular cloud providers. Since there is still needed a physical infrastructure to run a virtual environment, there are a set of requirements which need to be fulfilled for our new powerful access enforcer. To enable some skilled engineers to improve your company NAC you would need to secure at least 2 CPU cores and 8 GB of RAM to run the least powerful appliance. Of course with the higher traffic demand, comes higher resource usage, which means that:

  • PSA3000-V would require 2 CPU cores and 8 GB of RAM
  • PSA5000-V would require 4 CPU cores and 8 GB of RAM
  • PSA7000-V would require 8 CPU cores and 32 GB of RAM

The virtual appliance would require around 40GB of precious disk space to host itself and the required databases. It is important to check if the environment on which appliance would be deployed has support for hardware virtualization (e.g. Intel VT-x or AMD RVI).  When all of the above requirements are met, we are able to provide solutions for remote VPN access within short time notice, of course for the virtual appliance, since they are not delayed by the physical device delivery. Acquiring a license typically takes about two working days and from there is just a small leap toward full implementation. Since client software has to run on various hardware specs and operating systems, there can be occasionally some interoperability issues with the network drivers, but they can be quickly resolved with the tuning of the virtual network adapter settings, based on our experience.

On the personal side note, I think working from a home office is a test of trust and personal motivation, of course, there are far more things to be tested if you have kids. Some general rules apply the same way as you would work from the office, it just lacks social interaction and daily commuting, but one still has to take refreshing breaks and stay in an environment with good conditions (and mood setters) and try to avoid distractions. And one last thing, don’t get caught in the trap of working longer just because you are not changing surroundings, you still need to maintain a work-life balance 😉otherwise one of the two would consume you.

Stay safe, live long and prosper 🖖

ngworx Team
March 2020
written by Maciej Zurawski
Senior Network Engineer

Most Popular

Network-Engineering | 8 min read

Junos upgrade – filesystem is full

Not enough storage during Junos upgrade (EX2300 and EX3400). An extension of Juniper's article…

Read more