Keeping data private is a top priority for organizations of all sizes. With so many ways information can be compromised, it is little wonder that virtual private networks (VPNs) have been popular with businesses for decades. A VPN is a secure network connection that helps protect data and information by reducing the risk of online activity being tracked or monitored by third parties. They also encrypt data, helping keep it safe from hackers who want to steal information. VPNs have been a primary solution for providing security and privacy for employees while working remotely, enabling them to access corporate networks with a low chance of being hacked. A VPN can also help prevent unauthorized users from accessing company files and systems.
For all their security benefits, VPNs demonstrate one major drawback; they can be very slow. VPNs create, in effect, a detour between the user and their destination, whether that's a corporate data center or a resource on the Internet. VPNs are an indirect, not-so-scenic route that lengthens an employee's journey. Traffic, in the form of data transfers or application interactions, can be dramatically slowed by taking these longer routes. Encrypting and decrypting data adds more time and can further slowdown the connection.
Of course, these days, the cloud provides a compelling alternative. There are many opinions about which is better - the cloud or a virtual private network (VPN). And while there are some advantages to both, I suspect that the cloud is the better option for most businesses.
For one thing, the cloud can be more secure than a VPN. While VPN data is encrypted, it's still stored on a physical server in a data center that could be a target for hackers. The cloud stores data in secure, remote locations only accessible to authorized users. Better still, when data and/or applications are stored in the cloud, only the encrypted pixel data needed to populate the user's screen is sent. Sensitive project data never needs to be distributed or moved within the traffic, helping boost security.
Packets containing only pixel data are much smaller than the data-laden traffic used on VPNs. Since project data isn't moved from the cloud to a desktop, displays load quickly. Sharing cloud-based data reduces opportunities for synchronization errors; the entire team, company, and trusted third parties are working with the latest data, no matter where they are in the world. And, of course, by providing users with direct access to cloud resources, we eliminate the extra twists and turns along the road that VPNs introduce.
With all that in mind, we set out to measure the difference a remote worker might experience when they access critical data via a traditional VPN versus a cloud deployment. For our testing, we focused on demanding, workstation-class applications which typically rely on large data sets.
The Opponents
To test the VPN configuration, we built a high-end, professional desktop workstation featuring an AMD Ryzen™ 7 5800X 3.8-4.7GHz 8 Core CPU and an AMD Radeon™ Pro W5700 GPU 8GB GPU. The desktop workstation was connected to the Azure cloud via an Azure VPN Gateway to access the "company data pool." As is typical with VPN usage, data was pulled from and uploaded to the Azure cloud, while all work would be done on the remote workstation.
On the cloud side, we configured a Microsoft Azure NVv4 virtual workstation featuring 16 vCPU cores at 2.44GHz and ½ of an AMD Radeon™ Instinct MI-25 GPU. We used Azure Virtual Desktop via the RDP protocol to establish a single-session VM. All VM resources, data, and applications remained in the Azure cloud, transferring no data to the remote desktop.
We chose a variety of widely used applications to test both systems and had each platform run through the following sequence with each application:
Test app 1: Autodesk® 3Ds Max
After opening the application, each system opened the same large, 2GB scene, a typical size one might encounter in content creation, product design, or architectural design settings. Right away, we found that the VPN-based system struggled with latency, with reading latency reaching 43.27ms versus a near-instantaneous 0.7ms for the cloud-based system, where the application and data have almost no travel time. In practical terms, this presented a noticeable but acceptable drag for the system connected to the VPN. Where things became problematic was in the time required to open the sample scene. While the NVv4 setup displayed the model in 4 minutes, the VPN system required 26 minutes, nearly all spent acquiring data, making it effectively unusable in a demanding environment. Since opening the model is a CPU-intensive task, we expect the NVv4 instance would be even faster if configured with a higher base clock-speed CPU. VC-004
Test app 2: Autodesk Revit
Using a model that required a 127MB dataset, typical of AEC environments, reading latency for the desktop workstation went far beyond the level acceptable to any remote professional worker. The VPN-based desktop saw 183.87ms average read compared with just 2.5ms for the NVv4 instance (60ms is generally considered adequate for cloud applications). We also noted a significant performance drop-off as seen through the lens of read I/O counts for the desktop workstation (319.67 IO reads) compared with the NVv4 (1031 IO reads). These two numbers are directly reflected in the user's experience of performance degradation when working with Revit. While the desktop workstation could effectively open the application instantly (.10 mins) compared with NVv4's relatively slow one minute, that advantage is negated by the nearly 3 minutes required to open the sample model on the desktop versus just .20 minutes for NVv4. VC-006
Test app 3: Autodesk Revit® with Enscape™
For this test, we used a 20MB Revit model with a 617MB Enscape dataset we'd expect to see when rendering a typical photorealistic visualization that includes textures and lighting. Here again, read latency for the workstation was triple the acceptable 60-millisecond standard, at 202.87ms, compared with just 2.27ms for the cloud system. The NVv4 system also opened the sample model in just one minute compared with 26 minutes for the higher-performance specified desktop workstation.VC-005
Boosting VPNs with version control software
There is a category of VPN-oriented software that was not tested that can bring important efficiencies to the VPN environment for specific industries. So-called version control software can be colocated at the data center to manage and accelerate data movement via the VPN. These include:
What does it all mean?
As mentioned previously, cloud environments such as Azure NVv4 instance can provide all the security and data protection companies have come to expect from VPNs. In addition, VDI dramatically reduces the amount of proprietary data shipped around to remote systems compared to VPNs.
When employees set out to get their work done from remote locations, Cloud deployments typically offer substantially better loading times than VPNs. VPN connections introduce significant latency and loading times due to the need for transferring large, complex data files. In our study, delays in reading latency, I/O operations, and loading times all underscore the benefits offered by the fast interconnects and short paths between apps and data found when using a cloud solution such as NVv4 when compared to desktop workstations.
More resources:
George Watkins is a Product Marketing Manager for AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied. Third party marks are for informational purposes only and no endorsement of or by AMD is intended or implied.
DISCLAIMER
The information contained herein is for informational purposes only, and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale. GD-18
VC-004 – Testing conducted by AMD Performance Labs as of 28/02/2022 on live Azure Cloud VM instance types (NVv4, sessions-based). Azure host based in Germany. Standard NV16as_v4, Windows 10 Pro v1809, 16 vcpus, 56 GiB memory, 1/2 fractional/virtualized) AMD Radeon Instinct MI25 w/ 8GB VRAM, AMD/(MSFT customized) graphics driver version Radeon-Pro-Software-for-Enterprise-19.Q4.1-TP, using Windows® 10 OS and Azure Virtual Desktop. Remote protocol is RDP. Local machine used was Whitebox desktop workstation, with AMD Ryzen 7 5800x CPU 16core, 64 GiB memory and AMD Radeon PROTM WX5700 w/ 8GB VRAM. Using Azure VPN Gateway and connected to the same cloud storage as the cloud instance. Application used was Autodesk® Max® 2021 software running a custom AMD workload with a data set size of 2GB. All test results drawn from composite, average, AMD internal test sequence scores over 3 runs.
VC-005 – Testing conducted by AMD Performance Labs as of 28/02/2022 on live Azure Cloud VM instance types (NVv4, sessions-based). Azure host based in Germany. Standard NV16as_v4, Windows 10 Pro v1809, 16 vcpus, 56 GiB memory, 1/2 fractional/virtualized) AMD Radeon Instinct MI25 w/ 8GB VRAM, AMD/(MSFT customized) graphics driver version Radeon-Pro-Software-for-Enterprise-19.Q4.1-TP, using Windows® 10 OS and Azure Virtual Desktop. Remote protocol is RDP. Local machine used was Whitebox desktop workstation, with AMD Ryzen 7 5800x CPU 16core, 64 GiB memory and AMD Radeon PROTM WX5700 w/ 8GB VRAM. Using Azure VPN Gateway and connected to the same cloud storage as the cloud instance. Application used was Autodesk® Revit® 2021 and Enscape® software running a custom AMD workload with a data set size of 617MB. All test results drawn from composite, average, AMD internal test sequence scores over 3 runs.
VC-006 – Testing conducted by AMD Performance Labs as of 28/02/2022 on live Azure Cloud VM instance types (NVv4, sessions-based). Azure host based in Germany. Standard NV16as_v4, Windows 10 Pro v1809, 16 vcpus, 56 GiB memory, 1/2 fractional/virtualized) AMD Radeon Instinct MI25 w/ 8GB VRAM, AMD/(MSFT customized) graphics driver version Radeon-Pro-Software-for-Enterprise-19.Q4.1-TP, using Windows® 10 OS and Azure Virtual Desktop. Remote protocol is RDP. Local machine used was Whitebox desktop workstation, with AMD Ryzen 7 5800x CPU 16core, 64 GiB memory and AMD Radeon PROTM WX5700 w/ 8GB VRAM. Using Azure VPN Gateway and connected to the same cloud storage as the cloud instance. Application used was Autodesk® Revit® 2021 software running a custom AMD workload with a data set size of 30MB. All test results drawn from composite, average, AMD internal test sequence scores over 3 runs.
Performance may vary based on use of latest drivers. Cloud performance results presented are based on the test date in the configuration and are in alignment with AMD internal bare-metal testing factoring in cloud service provider overhead. Results may vary due to changes to the underlying configuration, and other conditions such as the placement of the VM and its resources, optimizations by the cloud service provider, accessed cloud regions, co-tenants, and the types of other workloads exercised at the same time on the system.