Looking for Advice on IT Infrastructure Optimization

spiceuser-wour · 2025-06-15T20:02:11.603Z

Hi everyone,

I’m reaching out to the community to get some insights and recommendations on optimizing our current IT infrastructure. As our organization grows, we’re noticing increased strain on our systems—especially in terms of network speed, data management, and endpoint performance.

Here’s a quick overview of our setup:

User base: Around 150 employees (mostly remote)
Current environment: Windows Server 2019, VMware ESXi, Office 365, and a mix of cloud and on-prem storage
Pain points:
- Slow VPN connections
- Difficulty managing remote endpoints
- Backup and recovery inconsistencies

We’re looking into potential solutions—maybe SD-WAN, updated endpoint management tools, or cloud-based alternatives—but I’d love to hear what’s worked for you.

Questions:

Have you implemented any tools or strategies that significantly improved performance or reliability?
Any pitfalls to avoid when migrating infrastructure components to the cloud?
Are there affordable options for smaller teams that still offer robust security and remote support?

I appreciate any tips, tools, or case studies you’re willing to share. Thanks in advance for your help—this community has always been an incredible resource!

Rod-IT · 2025-06-15T20:24:16.369Z

spiceuser-wour:

Slow VPN connections

What are you using as your VPN product and be aware that slow speeds could be client side.
Remember that VPNs do reduce the speed quite a bit too, depending on the product, it’s not uncommon to lose 70% of the bandwidth you pay for (client side).

spiceuser-wour:

Difficulty managing remote endpoints

I assume these are not MDM/Intune enabled devices in that case, to get control of them, depending on what you need, you can use Intune to inventory and patch them, you can also use Vendors > Action1 for remote patching and upgrades of both windows and 3rd party products, the first 200 endpoints are completely free.

This is ideal for remote endpoints, however you will need to install an agent on them, if they connect back to an on-prem AD, you can use GPO to push this.

For remote workers, the slowest point is usually their broadband or 4G/5G signal, VPNs will reduce this by a sizable amount.

spiceuser-wour:

Are there affordable options for smaller teams that still offer robust security and remote support?

Vendors > Action1 mentioned above will do this.

mike-action1 · 2025-06-16T14:29:38.926Z

We can certainly help with the management part, and thanks for keeping us in view there Rod.
With 150 employees, I would wager the whole thing would fall into our free tier, which is of course free enterprise patch management for the first 200 endpoints,

It sounds like the OP is having bandwidth issues as well, so it comes with some follow up questions. What is the current pipe type / speed, and what else are you using VPN for? While Action1 can help, since it is cloud based, it will add minimal internet overhead, but less overall than a webpage, so that should not be a concern. Our P2P software distribution could possibly assist with that as well, when downloading things from our repo, there will be a bandwidth savings if systems are on the same network. If these are mostly remote and not on the same network the impact will again be minimal, but having them all in one place and being able to perform tasks on them local/remote, one at a time or all at once can certainly help reign in a lot of over site and management..

I would also assume that the VPN is likely used to access other resources on LAN, so in that case if systems are being managed form the cloud and are not in the same home network, then there can actually be more savings in the fact management traffic would not be traversing the same line on the office side, distributing that with each individual system’s connection.

If that does not save enough, SD-WAN is an excellent option to increase BW if the options are not there to simply get more. Even if there are additional options for a larger pipe, SD-WAN can also provide redundancy (especially used with different providers) as a single leg failure will still leave your connection standing, just not as much throughput. So it has advantages over the single larger pipe as well depending on up time needs.

shnool · 2025-06-16T14:54:01.199Z

I would seem with a mostly remote user base, you’d be best off moving as much as possible off on prem storage and into cloud SaaS stuff. To me Intune, Entra ID, Office 365 Sharepoint, Azure storage, Onedrive, and migrate as much as you can to these services.

Rod seems pretty spot on with the recommendations.

Backups failing seem odd in this mix if most of the equipment is on prem, seems like it’d have been easy to implement Veeam and make it happen especially with vmware involved (that should be easy to sort out right away, and should not stop a migration to cloud).

Just the same Migrating to cloud you can use Veeam still and backup to a cloud provider for those tools too, presently we’re using 11:11 for storage targets and 365 backup but of course there are a plethora of cloud targets and 365 options, we just like them because they use Veeam, and it’s familiar.

I agree also with the statements, one of the most overlooked issues with remote workers is the terrible connections they might have. We live in rural Virginia, and it amazes me how incredibly poor or non-existent hard wired connections are in our area. Personally I cannot even get decent dial tone to my house, and cable is non-existent. What I’ve done is gone to Starlink which has been a remarkably good option for my wife who is a Software developer, and 100% WFH. I’d look to see how much of your performance issues might be related to that.

PatrickFarrell · 2025-06-16T14:58:27.342Z

Intune will only get you so far, and it’s typically horribly delayed on reporting and policy enforcement. Action1 is a no brainer at your size. I often pair Action1 with something like NinjaONE for a full RMM solution. Ninja also does patching, but A1 does it far better and the combined cost is not a lot.

You don’t specifically mention AD/Entra, but if you are using it, you want your end user devices to be Entra joined, not hybrid joined. It’s easier to manage them that way and you are no longer reliant on a VPN connection for them to do things like password changes or get policy updates.

Jay-Updegrove · 2025-06-16T15:52:52.524Z

PatrickFarrell:

you are no longer reliant on a VPN connection for them to do things like password changes or get policy updates.

We’ve specifically designed our off-site setup to force users to be on the VPN as much as possible.

joebridgeman · 2025-06-16T15:53:16.206Z

You probably ought to move everything you can to the cloud if everyone is remote. How or what, specifically, depends on what they’re all accessing on-premise (over VPN) right now. Tell us more about that and we can be more specific.

admin-omar · 2025-06-17T09:13:43.220Z

Hybrid models: Combining on-premise and cloud
Leveraging cloud services
Conduct a comprehensive audit
Implement changes and monitor results

mariale-pulseway · 2025-06-17T09:43:59.861Z

For endpoint management, Pulseway is worth a look. It’s lightweight, budget-friendly and works great with remote teams. Lets you handle monitoring, patching, remote control, backups and more!

And on backups whatever you use, central monitoring is a must. We’ve seen success pairing backup solutions with Pulseway alerts to catch failures early.

Keep us posted on what you try though. I’d love to hear what ends up making the biggest impact!

telecomprehensive · 2025-06-17T17:31:59.547Z

Sounds like this is a good opportunity to assess both your tools, and strategy.

Before getting into the weeds around what tools and stacks could help you reduce friction, I would need to know more about your environment and why you’re using a VPN to begin with.

Feel free to connect with me on LinkedIn.

Brian Andersen
Founder
Telecomprehensive Solutions
https://linkedin.con/in/briancandersen