At work we have a Windows 2008 Server-based network with over 60 computers. We are planning to set up a Windows 2008 VPN server shortly to provide remote access, and I am wondering what kind of performance loss should we be expecting.
The internal network is 1Gbps and the uplink to the Internet is a 100Mbps line, so our users are used to a high-performance network. Browsing shared folders and opening large files within the internal network is often instantaneous. I am aware that we won't be able to obtain this kind of bandwidth through the VPN, and that, in any case, the VPN user experience will depend largely on what's on their side and, especially, between them and our VPN server.
Still, I would value answers to two particular questions:
- What kind of performance loss should we expect?
- How can we mitigate the performance loss? Is the VPN server hardware really important?
Thanks.
Best Answer
You'll probably implement SSTP which on a purely overhead basis, has a 3.9% overhead (I can't find where I got that from it's the number stuck in my head) however that's per connection as SSL negotiations can add additional overhead. Connecting is also slower than PPTP or L2TP. If at all possible I would consider looking at directaccess, which was introduced in 2008 R2. Take a look at Next Generation Remote Access with DirectAccess and VPNs
As far as hardware goes it really depends on the number of simutaneous connection attempts. Please read that carefully. It's not the number of connected users per se but connection attempts. Each SSL negotiation uses up CPU time so you'll want to monitor that.
I you should also investigate and see if any of the remote worker technologies would help with the user experience (eg offline files/folders, sharepoint workspaces etc.)