Description
With the rapid rise in remote working, IT teams need to be able to measure the strain on their remote access infrastructure as well as monitor user behavior. This bundle includes dashboards that provide critical visibility for remote and distributed workforces, including large numbers of employees working from home.
Key Use Cases
- Monitor traffic and performance for remote VPN users, including drill downs
- Aggregate VPN traffic metrics (throughput, RTT, etc)
- Classify and track user-IP mapping, active users, top talkers, VPN client device types, etc.
- Track traffic for WebEx, Zoom, GoToMeeting, etc.
- Detect unexpected and bad VPN behavior
- Validate expected VPN behavior (such as split-tunnel)
Watch the video below for an overview of the bundle. For discussion about this bundle including FAQs, visit our WFH-VPN forum post.
Deployment
- Make sure Network Localities are properly configured as they are used for Internal vs Internet traffic.
- Create a custom device for all of the VPN subnets
- Modify the VPNs Dynamic Device group criteria to capture the VPN custom device. By default, the dynamic device group looks for all devices containing "VPN" which may not match your custom device naming scheme, or may capture unwanted devices in your environment.
- The trigger has three modifiable flags
- ad_bundle_active – Leave set if the AD bundle is active and you are going to use the IP-User mapping in that bundle. If set to false, the bundle will currently not perform any user mapping, though the code is in place to expand how users are determined.
- Other flags for teleconferencing and to commit records. See the forum post for more information, or reach out to your field team or ExtraHop Support if you need help.
- Modify the Active Directory trigger and set the flag
const storeUserInSessionTable = true;
(Line 50 in the trigger "Active Directory" deployed by the "Active Directory (RX -v1.2)" Bundle)