Author: Eric Vasbinder

We just implemented our shiny, new Vista Cloud environment, featuring VRL, and we're not too happy. Why is it slow when I'm working from home? And why does it get much faster when I turn off my company's VPN?

Client-Side VPN Inefficiency

When you first begin to use Vista hosted in the cloud, you may notice that the performance of the connection to the Vista database improves when you are not connected to your corporate VPN. Often, corporate client-side VPNs are set up using an SSL (HTTPS) VPN client. These clients, such as Cisco AnyConnect, OpenVPN, the built-in Windows VPN client, and many others, have the ability to route requests from your local workstation to the various servers to which you need to communicate. In many cases, corporate IT departments configure these clients to force all network traffic coming from the local workstation to be routed through this client-side VPN tunnel so that it goes over the corporate network first no matter its eventual, final destination.

See the below diagram for an example of what this might look like.

As you can see, when looking at the above diagram, the efficiency of Vista is improved dramatically when a client VPN is turned off. The reason being is that when the client VPN is turned on all traffic that is destined for the Vista server in the cloud is forced to be routed through inefficiently within the corporate network, rather than being directly routed to your cloud Vista server.

The net result of this increased inefficiency when a client VPN is turned on is noticeable lag within Vista, especially when entering data into heavy data entry forms such as AP line item entry and PR Timecard entry.

Increasing Efficiency - Split Tunneling

When a customers end users are located remote, such as when working from home or another facility, turning off a client VPN whenever Vista needs to be used is inefficient and often impractical; the constant switching on and switching off of the VPN would create a difficult end-user experience.

To avoid this situation, there is another option that is available: Split Tunneling.

With Split Tunneling enabled, traffic to the Vista environment in Viewpoint's Microsoft Azure cloud is routed directly to the Internet, rather than being routed through the customers corporate IT network. This can often increase the efficiency of Vista communications by 50% or more. In addition, we can preserve the security of the corporate client VPN infrastructure by enabling this split tunneling method only for traffic that is destined for the Viewpoint cloud environment. In effect, this means that all DNS addresses within the following domains should be routed directly to the Internet, rather than being directed to the corporate network:

• *.viewpointforcloud.com

• *.viewpoint.com

NOTE: Port 443 (HTTPS) is the only port / protocol that needs to be handled in this fashion.

Once this is completed, your network traffic will look like this:

Implementing Split Tunneling

Split Tunneling must be implemented with care, to ensure that only traffic intended for Viewpoint's domains listed above will be routed directly to the Internet. For more information on how to configure your VPN client to utilize split tunneling only for our Viewpoint domains, please consult your VPN vendor's documentation.