Optimizing request denial and latency in an agent-based VPN architecture

Agent-based virtual private networks architecture (ABVA) refers to the environment where a third-party provider runs and administers remote access VPN service for organizations that do not want to maintain their own in-house VPN servers. This environment presents interesting management challenges for an ABVA provider. In this paper, we consider the problem of connecting users of an organization to an optimal VPN server location so that request denial probability and latency are balanced. Because of the bandwidth requirement of a user to be met when connected to a server, this system has the appearance of a standard loss system. However, due to latency perceived by a user from its current location to a VPN server and to allow for servers to be located in a distributed fashion, this environment is not a pure loss system. By considering a finite population, this environment can be approximately represented using the Engset model; however, this does not address the latency issue either. We present a number of strategies regarding which VPN server is to be selected and the number of attempts to be tried so that request denial probability is minimized without unduly affecting latency. Through computational results, we show that the clustering with directional hunting (CDH) strategy provides the best result. However, in the heterogeneous case of users with differing data rates ("traffic classes"), request denial observed by each class is different leading to unfair treatment. We have proposed a reserved capacity based add-on feature with CDH, which allows service classes with different data rates to be treated fairly.