PCOIP and double encryption

amigan_99
amigan_99 used Ask the Experts™
on
I am on a new gig where the client has small spoke sites talking to a hub at the data over DMVPN with IPSec encryption. The edge devices at the spoke sites are Cisco ISRs. They complain about the performance of Horizon VDI not infrequently. One thing I was wondering is - what would be the performance knock of their sending their already secure PCOIP traffic over the encrypted DMVPN? It seems they could just send the traffic to the VDI farm without it needing to travel through the tunnel. Might it improve VDI performance from the perspective of the end  to have those connection bypass the tunnel and just traverse the Internet without a second encryption operation.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fractional CTO
Distinguished Expert 2018
Commented:
Tip: Extra layers of security always slow down connections.

Most extra security is pointless, including all VPNs, because no VPN or any other security can better secure a connection than fast technologies like HTTPS + SSH + SFTP.

Better to rip out all except one layer of fast security. This will magically resolve performance problems.

Anytime I have to work on any performance problem, whether it's a slow wire (raw packet flow speed) or a slow Website, my first action is always to strip out every shred of extra cruft except one layer of fast security.
amigan_99Network Engineer

Author

Commented:
Thanks David.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You're welcome!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial