Tip of the Month: Working Over a VPN (Virtual Private Network) and WAN (Wide Area Network) with BarnOwl

August 2, 2022

Did You Know?

That all client server applications (such as BarnOwl ‘Rich’) require a stable and well-performing network to operate and therefore do not operate well on a VPN (Virtual Private Network / Internet connection) or a WAN (Wide Area Network). VPN and WAN networks are inherently unstable and performs poorly in areas such as bandwidth, latency and quality.
A major problem with using a client server application over VPN’s and WAN’s (or any unstable connection for that matter), is that it can lead to data loss, data corruption, and incomplete updating of records. It is extremely difficult if not impossible, to fix incomplete updates and / or corrupt data. It is also very difficult to troubleshoot issues when a client node is connected to the server over VPN or a WAN, as there are many factors to investigate, like the internet service provider, client internet connection, WAN or VPN throughput to name a few. Another problem with working over a VPN is that it is slow.
Client server applications including BarnOwl ‘rich’ are not supported over VPN. The recommended / only way to use a client server application over a VPN is via Terminal Services / Remote desktop. Fortunately, apart from using Terminal Services, BarnOwl provides other alternatives for working over a VPN; such as BarnOwl’s web-based Lite interface, BarnOwl’s offline risk management workshop module as well as BarnOwl’s offline audit functionality.

How does a client server application work?

A client server application communicates with the server all the time to validate data as information is entered into each field. This provides a richer experience for the user as information is verified as it is entered and additional data is displayed as required. This means that there is a continual flow of data between the client (desktop exe (executable)) and the Database Server.
Whenever data is retrieved from the SQL Server, the record set contains a default cursor size of 25 records. This means that when scanning data for reports or lookups or just scrolling through records, the system can be faster as it does not need to obtain data from the server as often. It does however mean that there is often data retrieved and then discarded when only the first record in the record set is needed. This method provides an optimised approach when the performance bottleneck is the SQL Server itself. When the network communication becomes the bottleneck, the additional data retrieved takes longer to transfer to the client and this affects performance.
A break in the data connection or erratic latency (ping) between the Database Server and the client node can cause data corruption. The chance of a communication problem via a LAN environment is low, whilst via a VPN / internet connection the chances are relatively high.

The problem with a VPN?

WAN (Wide Area Network) and VPN (Virtual Private Network) are always slower than LAN (Local Area Network), i.e. the ping time for data to make a round trip is higher. Also the available bandwidth is usually much lower, i.e. how much data can be sent at one time. How good is the quality of this connection? If packets are being dropped due to corruption and have to be resent, the available bandwidth will be decreased by the error correction activities. These factors by themselves will decrease performance when compared to a LAN.
We also need to look at usage of the WAN / VPN connection. What else is the connection being used for? How many other applications are running over the limited connection? For example, the increasing use of VOIP (Voice Over Internet Protocol) technologies. Sending Voice packets uses a reasonable amount of bandwidth, but also prioritizes the VOIP data packets in preference to standard data packets. The reason for this is to prevent the breaking up of the voice conversation to maintain a high quality of service. The downside is that if you are using VOIP on your WAN connection, the bandwidth available for other data is decreased and other data will be delayed when bandwidth is limited.

Why you should not use a client server application over VPN

The consequences of using a client server application over VPN are:

  • Performance / speed
  • Time outs
  • Data quality issues including data corruption
  • Data loss

A break in the data connection between the Database Server and the client node causes data corruption. Because systems update multiple tables when saving a transaction, if the network stalls/ fails during an update, some of the tables will not be updated which results in an incomplete and corrupt transaction. Imagine in simplistic terms having a debit without a credit. It is almost impossible to find out at which point the transaction has failed and which tables were and weren’t updated. Often the only way to fix data is to patch it with a ‘fix’ script and this in itself can fail and / or not fix the problem properly and make the problem even worse.
Client server applications are therefore not supported over a VPN or WAN.

What is the solution?

The following are various access options when using BarnOwl over a VPN
BarnOwl Rich over Terminal Services / RDP
Should you wish to use a client server application such as BarnOwl ‘rich’ over a VPN, it needs to be run over Terminal Services / Remote Desktop Protocol (RDP). Using RDP means that the application (the exe) is actually running on the server and that no data is transferred over the network; all that is communicated over the network to your desktop (client) is a screen image from the server and keyboard & mouse data from the client. With technologies such as compression and bitmap caching the traffic can be reduced even further. A break in communication, might cause a disconnect or a bit of garbage on the screen or a delay, but there is no risk of data corruption.
However, Terminal Services / Remote Desktop Protocol can add a layer of complexity and add some costs to your IT environment. BarnOwl provides alternative ways to work over VPN including BarnOwl Lite’s web-based interface, the BarnOwl offline risk management workshop module as well as the BarnOwl audit offline functionality.
BarnOwl Lite (web-based risk management)
BarnOwl Lite is a web-based interface (intranet) which is platform independent (e.g. Intel based or Apple based), browser independent (e.g. Edge, Chrome, Safari etc.) which performs well over a VPN with no chance of data corruption as transactions are performed directly on the application / database server. Performance is also significantly enhanced.
BarnOwl version 11 is imminent and boasts a brand new, modern look and feel, web-based interface utilising the latest state of the art web-based technologies. BarnOwl has huge depth in terms of functionality, so initially, only the risk management module will be upgraded to the new look and feel, however the compliance and audit modules will follow.
BarnOwl Workshop module (online or offline)
The BarnOwl workshop module is designed for a user to work online or offline (usually a single business unit at a time) either in stand-alone mode or in a workshop environment where multiple participants are able to vote on risks and controls using keypads. Registers (usually a single business unit) are copied into the workshop and any changes made in the workshop are not live until the workshop is complete and ready to be synchronised / updated back to the live system. This synchronisation includes the updating of existing risks and controls as well creating any new objectives, risks, contributing factors, controls and action plans captured in the workshop.
BarnOwl Audit offline
The BarnOwl audit module provides full check-in and check-out functionality enabling a team of auditors to work offline and to synchronise their work back and forth to the server as and when required. An option exists where synchronisation can be done via a BarnOwl BTF (BarnOwl Transaction File) which is created locally on the auditor’s desktop and then copied to the server where it is synchronised directly on the server thus preventing any data loss.
BarnOwl’s free web-based Action Plan portal
Action plans enable an owner to update the progress of his / her action plan at any time including the ability to upload / attach evidence. In addition, all action plan progress is recorded in an audit trail. The action plan portal also gives the user a link / context to view the object the action plan is linked to. Please note, that in the case that the ‘Action Plan Type’ is an audit ‘Finding’, the finding will be attached in the document tab of the action plan.
Whilst BarnOwl sends out email notifications, reminders and escalation emails to action plan owners and managers, including the option for a monthly consolidated email of all action plans, the owner does not need to wait or rely on these emails to access his / her action plans. The action plan portal is available at all times for owners to view and update their action plans.
BarnOwl’s free web-based Risk & Control Self-Assessment (RCSAs) portal
BarnOwl enables a ‘Rich’ user to build a risk or control self-assessment vote based on your risk and control registers and send these RCSAs out to the relevant risk and control owners. The control owners receive an email with a link to vote using a simple web-based interface. The owners are able to save their votes as they go as well as attach evidence and submit their final vote when finalised. In addition, each owner has access to BarnOwl’s web-based portal in order to access his / her outstanding RCSAs.
Once the control owners have submitted their votes, the reviewer (e.g. process owner) can review the votes and capture comments where required. RCSA results can viewed and exported into Excel. In addition, graphical, drill-down RCSA dashboards are available when using the BarnOwl Business Intelligence (BI) module.
BarnOwl’s free web-based Survey / Checklist portal
BarnOwl enables a ‘Rich’ user to import simple checklists from Excel and send a web-based survey to the relevant participants within your organisation. The participants receive an email with a link to complete / answer the checklist using a simple web-based interface. The participants are able to save their answers as they go as well as attach evidence and submit their final checklist when complete. In addition, each owner has access to BarnOwl’s web-based portal in order to access his / her outstanding surveys.
Survey results can viewed and exported into Excel. In addition, graphical, drill-down Survey dashboards are available when using the BarnOwl Business Intelligence (BI) module.

Useful links

We have used the following article as material for this tip of the month:
How to use action plans in BarnOwl (YouTube video clip)

About BarnOwl:

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by close to 200 organisations in Africa, Australasia and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.
Please see www.barnowl.co.za for more information.