With millions of employees recently making the jump to remote work, some IT departments are finding themselves on unfamiliar ground, and with newfound stress and pressure.
The stakes seem higher now. IT cannot visit an employee’s desk or stop them in the hallway whenever they encounter an issue, they now have to solve problems proactively and remotely. But for some companies, the switch to remote work has been smooth and painless.
Those businesses are led by IT departments that understand the importance of seeing problems through the eyes of their employees. They have the tools that can let them drill-down into the smallest of details and pull back to see the bigger picture
Of their many technical tricks, one has to do with something we call last local IP—a critical data field that helps IT better identify and support their remote workers, regardless of where they work from.
I can’t help you because I can’t see you
One problem many IT departments are now realizing is that they cannot accurately locate their remote workers.
Most tech teams can’t identify where their employees are located
This can pose a problem for IT if certain web-based apps like Salesforce, Teams, Zoom, and other tools experience issues because of say, network outages or cyber attacks that occur in specific geographic locations. Think of the local IP address like your full home address—without knowing where you truly reside, it becomes virtually impossible for IT to determine if regional IT problems affect you or not.
And right now, IT can only see your router’s address—so that’s like the equivalent of sending mail by post but only listing the recipient’s country and omitting the rest of their contact information.
So what’s holding IT back? Since most businesses are in the cloud, this means that the last IP address for a remote employee working, say in their company’s VPN, will only appear as an external internet address.
For IT this means they can only make a binary decision, which is inherently limiting: if the employee is on the VPN, their device would be assigned an IP from a list of ranges, and if they’re not in the VPN they’d get assigned from a different set of ranges—neither of which show the worker’s true in-network IP address.
Local vs Source IP address
In previous versions, the Nexthink Engines would read the IP address (or addresses) of a device from the header of the IP packets that they receive from the Collector.
Indeed, a field called Source IP Address is part of the header of every IP packet. So, for Engines that share the same network as their monitored devices, reading the IP addresses of devices from the header of the received IP packets makes perfect sense.
But when these tools try to monitor devices in a different network, the routers between the two networks perform what is known as network address translation (NAT) to IP packets in transit, effectively changing the original source IP address on each packet to the IP address of the router in the source network—this change, though minor, limits IT’s capacity during incident investigations to go the extra step and fully determine an end user’s geographic location.
So we decided to break through this limitation.
See what your local network sees, before the NAT process
Fortunately, several IT departments are using Nexthink to push beyond their router’s IP address and adding the IP addresses for their remote employee devices as seen from the local network before those packets are modified by NAT routers.
For example, in the chart below employee devices 192.0.2.10, 192.0.2.12, and 192.0.2.11 would traditionally all register as 184.108.40.206.1 for IT support, but Nexthink pushes beyond the router and passes those internal IP addresses (and their unique digital experience insights) straight back to its engine.
Identify the local IP address of your onsite and offsite workers
And what about multiple local IP addresses? Of course, a single device can have multiple network adapters, each one with a different IP address assigned in the local network. For instance, a laptop may simultaneously have a wired Ethernet connection and a wireless connection to the local network.
In those instances, the Nexthink Collector reports the IP address of the adapter that is used to communicate with the Engine as the Last Local IP address.
Solving real remote work problems for IT
Many IT departments that use Nexthink are starting to realize the added power they have at their fingertips now that most, if not all, of their employees are working remotely.
For example, one IT department within a fortune 500 professional services firm, is using the Last Local IP field (in addition to the rest of the Nexthink platform) to identify 375,000 remote workers and help them avoid disruptions like Skype certificate expirations and track critical digital experience metrics from their company’s web browsing, security, productivity and collaboration tools, business applications, devices, and employee sentiment.
IT can now work more proactively and get ahead of issues with complete insight into their endpoints, regardless of where those workers are located.