Remote work isn’t really a new concept, but the pandemic lockdowns have really kicked adoption into high gear. As we continue through the uncertainty and confusion that is 2020, it’s looking more and more evident that the old normal is gone and whether or not we’re concerned about infection or not, remote work is here to stay.
Major city workers are migrating from high-cost living in droves (and their employers’ response has been interesting) because their work can now be done from essentially anywhere. Companies have broadened their recruiting nets. Other organizations are enjoying the decreased facility fees and looking seriously at making a major long-term commitment to remote work.
Whatever the reason behind our work-from-home initiatives, we have to fundamentally change access to our critical systems and how we empower our employees to get their jobs done (securely). Offering a stable, performant solution is also tantamount to retaining and attracting talent.
Again, while providing remote work options isn’t new, the pandemic/shutdown emergency has really brought to the forefront some quirky setups to provide remote access to employees. Here are some of the architectures we’ve seen, ranging from methods we do not recommend to a few we love.
Not good: using a remote access tool to use computer at the office from home
I’ve seen some companies in a pinch roll out a remote access tool like LogMeIn or TeamViewer so that their employees can use a home or personal computer to log into their workstation onsite at the office. These tools aren’t really optimized for this type of use; they’re made for IT support people to assist for a short duration of time to troubleshoot. End user experience is choppy at best, and it seriously hinders any person’s productivity. Digital voice/video sharing doesn’t work well with this, and file sharing can be very confusing with nothing being accessible at home to the user.
Okay, but limiting: using a VPN
A VPN is designed to provide a better experience for a user accessing company resources. However, allowing just anyone to get VPN access can present a huge security risk by allowing infected or unprotected machines access to your corporate network. If your user doesn’t already have a company-provided and protected device they can take home, this isn’t recommended. Allowing your accountant to use her Windows 7 personal laptop that hasn’t had a patch or update in years to access critical company data is a total security nightmare. VPNs aren’t optimized for doing everything over day-in day-out, especially with modern large files and SMB file transfer doesn’t perform well.
Let’s talk more about securely enabling your remote access in general.
Some organizations are adopting a VPN-to-RDS method in which the user VPNs into a remote session on his or her work computer. This is an okay for temporary access because it helps maintain corporate policies. It is really unwieldy to manage and maintain, though, so as a long-term option it’s burdensome on your helpdesk or IT staff. It’s still not an intuitive way to access critical work applications or files, and your end user will struggle.
A good option: Remote Desktop Session Host (RDSH)
RDSH is a great way to centralize important resources and ensure a quality user experience. By allowing your server environment to host applications or desktops, you can minimize the number of machines that would require troubleshooting, patching, maintenance, etc. Through enabling your servers to provide this type of solution, you can also ensure that the appropriate amount of resources are allocated or available.
This is a great gateway option to a long-term remote work platform. If you have Windows Server, the functionality is already available to you. Depending on your server spec, you may not need any additional hardware and this could be a very low-cost way to get started with a more stable and manageable remote work platform.
Please note that if you need to push video or voice through this session, do a lot of testing first.
A more premium option: Virtual Desktops and Apps
While RSDH is a good basic option to begin to consolidate resources in order to provide a standard end user experience, it won’t always offer options to provide more performance or advanced protocols like increased frame rates or display resolutions or the ability to have more monitors, etc.
Power users that might have graphics-intensive operations like AutoCAD or Adobe (anything where small, minute movements can mean a lot) are very sensitive to poor performing connections or bad frame rates.
VMware and Citrix offer better 3D protocols in their software that improve upon this type of experience and help optimize the hardware or enable you to get more out of better hardware like NVIDIA GRID graphics processors.
Again, take extra care with voice and video traffic to make sure it’s set up and optimized correctly.
With both RDSH and VDI, you will get the best combination of security, performance and consistent user desktop experience regardless if staff are working remotely or in the office.
A flexible option: moving applications to the cloud
Are any of your major, mission-critical applications hosted in the cloud? If not, can you tolerate the change in pricing and access? If you move to the cloud for things like office productivity or design software, you can centralize your files and access to applications in the cloud. This gives your staff an easier way to connect to critical resources or files without jumping through hoops like VPNs or RDS connections.
This also provides more flexibility for staff if they are moving between workstations or traveling. Your helpdesk may also appreciate it because it’ll insulate end users from data loss or improve the setup time for a new user or workstation.
And as always, remember that maintaining security is still important, even if it’s in the cloud. Workstations accessing sensitive and critical corporate information should still be secured as best as you can manage.