Virtual networks, usually referred to as “virtual private networks” (VPNs) have grown considerably in popularity for both consumers and enterprises. All VPNs are mechanisms intended to add some control to the open-connectivity model of IP. The very mechanisms that make VPNs useful can also impact customer experience management (CEM) in a negative way, and most enterprises aren’t taking that into account.
For enterprises, VPNs have largely replaced the practice of using routers and digital trunks to build true private IP networks. Operators started offering VPNs based on MPLS decades ago, and technologies to extend enterprise VPNs have made them even more useful – and created more of those challenges.
Consumer VPNs are a more recent service. Originally, they were intended to offer encryption services to prevent traffic interception for privacy reasons, but advances in the Internet access protocols and in HTTP have largely eliminated the benefits VPNs used to convey. Instead, modern consumer VPNs focus on a different kind of privacy -- anonymity – by disguising user IP addresses, even to the extent of making it appear the user is somewhere other than their real location.
VPNs impact CEM in two ways. First, they raise the question of whether an IP address actually represents a user. Second, they introduce at least one more layer of network handling, which may be more difficult to monitor and may also limit the ability to troubleshoot what’s underneath. Since that “undernet” is the real network moving the traffic, this can make things like QoS control, troubleshooting, and SLA enforcement more difficult.
Address assignment is an essential part of any network; every ISP assigns an address to users and resources, which is what makes Internet connectivity, web browsing, content delivery, and other services work. Today, almost every user’s Internet address is transient in a sense, meaning a user has the address for a period of time, after which it might change, but how authoritative an address is depends on the type and implementation of the VPN.
It’s critical for enterprise VPNs to accommodate address variability in their own VPNs, both to ensure that security tools that rely on a predictable user-address relationship aren’t defeated, and to troubleshoot user reports of network problems. However, all enterprise VPN technologies in use today still allow the enterprise to set the IP address rules, which means it should always be possible to link users, resources, and addresses authoritatively.
The situation isn’t as clear for consumer VPNs. The technology, protocols, and features of these VPNs differ between providers, and the rules for address assignment are also different, and often opaque. An enterprises customer base might be using any of those providers, or no VPN at all. Some users even turn VPNs on and off depending on their situation; VPN use is typically higher for users connecting via a public WiFi hotspot than in their home, office, or via their cellular data service.
The behavior of consumer VPNs creates both direct and indirect problems in CEM. Location spoofing, a common feature of consumer VPNs, means that using a customer’s IP address to determine the closest company facility or to steer them to a retail channel may create a bad recommendation. Even where a customer has the option to enter a location, the option to detect location automatically is nearly always offered. For streaming content, address/location relationship is often used to determine what local TV stations are offered, or even to detect password sharing among users. In these cases, spoofing may cause a service problem that the provider’s support practices will have to resolve. And, when support is contacted, it may be difficult to determine whether there’s a VPN problem, a network problem, a problem with the user’s system, or a real problem with the enterprise’s software or infrastructure that support should deal with. An interesting point here is that a bit more than a quarter of enterprises said they told their own employees not to use a consumer VPN at work, or when accessing applications remotely.
CEM issues attributed to a company’s own VPN might seem unlikely at this point, given decades of VPN use and the fact that customers weren’t “on” that VPN to begin with, but customers present themselves in person to workers using the company VPN, and new VPN technologies can impact how well company information can flow to these workers and on to the customer. This point is already clear to enterprises who are considering replacing MPLS VPNs in some locations where costs are high, with new SD-WAN VPNs.
SD-WAN builds an extension to the company VPN using the Internet as its underlayment, so it’s a best-efforts service and one that’s vulnerable to the reliability/availability issues of the ISP beneath it. Of 403 enterprises making comments to me on the SD-WAN concept, service reliability, availability, and QoS issues were listed by all as the top issues with SD-WAN. For those who had rejected migrating sites from MPLS VPNs to SD-WAN, all listed these issues were their number one reason.
Cloud use, in any form, has an impact on CEM similar to that of SD-WAN. Inside the cloud, your application workflows use the cloud provider’s own virtual network. In addition, SD-WAN can often be hosted in the cloud to link customers and workers from the Internet with the company VPN. SASE combines SD-WAN features with additional security tools to support this same application. SD-WAN (inside or outside the cloud), SASE, and even basic cloud usage, have a common impact on CEM, and that’s the additional complication of another network in the content-to-user pathway, a source whose performance and availability may be difficult or impossible to assess, and for which SLAs may be unobtainable. It’s not a disqualifying problem, as increased usage for all these things demonstrates, but it’s still something to be considered.
Fewer than half of enterprises say they take any specific steps to address the way virtual networks could impact CEM, and a significant majority of those who do say they took action because of changes in their own VPN tools. Reactions to consumer VPN use has been driven by support experience, and have been largely limited to changing support databases and automated chat tools to question VPN use and recommend disconnecting any VPN service as part of troubleshooting.
T enterprises who have taken proactive steps about the CEM issues related to virtual networks recommend the following:
VPN use is inevitable, and so is at least some impact on CEM and CEM practices. It’s clear that enterprises are coming to realize this, but equally clear they’re not making it the priority they should. Get ahead of issues with tests and procedures to assure you’re in control of your customers’ experience.
