Employees working remotely from home or on the road might be necessary for your organization at this time. Are your IT systems prepared?

At Concensus, we have had remote employees from the first day we opened our doors in 2006. All of the software that we use to run our business is cloud-based.  In fact, we do not have any production systems in our offices, including our phone system. However, what if your business relies on working at your desk in your office? How do you access key systems? How do you answer the phone? 

A good well-thought-out remote access plan can make working remotely as easy and secure as sitting at your company desk.

We are quickly going to dive into some key aspects of being prepared to allow employees to work remotely. We will work from a bottom-up approach:

Connectivity

First things first.  If you do not have good internet/connectivity from your office and you are a remote worker you are not prepared. We find many small businesses have been using the same cable modem and are on plans that are over 5 plus years old. It’s time to see what is out there and available. We recommend two things:

• Consider moving your systems to a datacenter or into the “cloud” where connectivity is limited only by your budget
• Consider fiber where possible – you can get good deals in most urban areas today
  • A 100mb fiber connection is better than a 1gb cable modem

Large organizations will have multiple paths to the internet to avoid congestion and the all-seeking fiber killer; the backhoe. 

For your end-users, their experience will highly depend on their connectivity and the type of remote access they are using. A slow internet connection will not allow a VPN to work very well for non-web based applications. An off day of school can mean lots of video games and streaming which can also affect your employee’s connectivity. 

Also for end-users please consider your work from home policies. Do they have a dedicated area to work from? Do you require a minimum internet connection? Will you pay for a mobile hotspot or data plan?

Remote Access Options

After you have the connectivity ironed out, the next step is to decide what type of remote access you want to provide to internal systems. Here are a few tips about some of the options we have deployed for customers:

Remote Control

Remote control can be an option if you have a 1 to 1 ratio of employees to computers. This is the simplest form of remote access and usually the cheapest. You should be very careful of the pitfalls. We never recommend opening a port in a firewall to access remote machines via remote desktop (direct) or VNC. In fact, we will not perform this task for you do to the security concerns we have about this. This is one of the most common reaches for a breach. We recommend a paid-for product that does not require a hole in the firewall. At Concensus, we provide SplashTop remote access. Benefits include:

• No holes open in the firewall
• We can control who has access to which internal network machines
• It is supported on both Mac and Windows computers
• Access is protected by usernames and passwords
• Remote sessions are logged
• Bandwidth usage is minimal
• Traffic is encrypted

This is a good option and typically where we start for a few employees.  The downside is possibly supporting the software on a non-company owned machine. This can be difficult to help a remote employee gain access. Another issue we have seen is employees downloading remote access software for there own machine. This is a serious risk and you should have something in your employee manual preventing users from installing this type of software on company-owned computers. We see a lot of un-authorized team viewer installs.

Virtual Private Networks

Virtual Private Networks (VPN) have been around for many years.  These are a great option for users with laptops or mobile devices who need consistent connectivity. We do not recommend this option for employees’ personal home computer systems.

How a VPN works

A VPN will connect the remote computer to your local area network by creating a secure (encrypted) tunnel. To your network, it is as if the system is plugged right into a switch in your server room. This provides a safe way to communicate back to the corporate office.

The VPN requires a firewall that can handle the number of expected users connected at the same time. A typical SOHO router will not support more than 1 user effectively. They also require you to have a static IP address from your ISP.

When to Use a VPN

If you have applications that are installed on a user’s laptop (company-owned) or tablet and need to access network shares or make direct connectivity a VPN is a good choice. A VPN makes the communications very secure between the corporate office and the end device. Microsoft has a feature in Windows Server and Windows 10 called Always On VPN. For corporate machines, this is a great alternative for laptop users and does not interfere with their normal login. 

What makes a VPN a bad choice?

Setting up a VPN typically is difficult for an end-user on personal machines. This makes it very difficult to support and makes it very dangerous for your network. If your employee’s computer becomes infected with a virus or malware and they use VPN to connect to your network you may infect your internal network. This is why we stress to only use VPN on company-owned equipment, which is typically monitored, has current patches, good anti-virus and malware software installed. 

Also, a network that is not configured properly can make the bandwidth requirements much higher and thus make the end-users experience too slow.

Virtual Desktop Infrastructure (VDI)

VDI is the top of the line option for remote access. In some organizations, they only provide VDI systems for their end-users. 

What is VDI?

VDI is defined as the hosting of a desktop environment on a central server. The desktop is an image and runs within a virtual machine.  Typically, a small remote client is used to securely access this image from an endpoint such as another PC or tablet or thin client terminal.

This access method is similar to the remote control option above with the difference being you do not need to have a 1 to 1 ratio (1 desktop per end-user). 

When to use VDI?

If you desire to provide a consistent easy to manage workstation environment or application to your end-users, VDI is an excellent choice. We see VDI used for teaching environments, computer-aided design (CAD) environments, banking, health care, and retail.

If you have a large group of remote users this is the best way to scale without having to have very high internet bandwidth requirements. 

The cost requires remote desktop client access licenses, investment in better server systems with fast disk and lots of RAM along with the management software. VMWare Horizon View and Citrix are typical VDI vendors. You can also use cloud-based services as well if you have systems in Azure or AWS if you need to scale quickly without the hardware costs.

When not to use VDI?

The initial investment for on-premise VDI is high. There is no escape.  You also need someone who can manage a more complex virtualization environment. If you do not have the budget nor expertise this will prevent you from deploying it internally. 

Conclusion

This post dove into some of the common ways of providing users remote access to your internal network. Each organization has its own set of applications, budgets, and restrictions. Concensus can help you come up with a remote access plan, proper work from home policies, and help you determine if you are ready to move your systems to the cloud.