Exploring Your Technical Options after a “Work From Home” Mandate

It’s finally happened…your company’s leadership came to you and asked what it will take to enable your entire workforce to work from home for the foreseeable future due to the Novel Coronavirus (COVID-19).  How are you going to provide a computing environment for all these remote workers, and fast?  Let’s talk through the benefits associated with the most common solutions to this problem, as well as things you should consider about each one.

Solution: Your users have corporate-owned laptops that they can bring home and work from.

Benefits: Your users are on company-owned devices which are a “known good” to IT.  This solution doesn’t require any extra infrastructure.

Things to Consider: If you haven’t moved to modern endpoint management, and you’re still using a legacy management tool like SCCM, you may find it challenging to stay compliant on patching, security and updates when those endpoints spend an extended amount of time away from your network.

You’ll need a “plan B” to account for any users that forgot their laptops at work and are unable to retrieve them.  Your VPN solution will need to be sized and configured appropriately for the increased traffic you’re about to see.  You’ll need to make sure that your end users have a broadband internet connection at home.

Solution: You provide a VPN client to be installed on your users’ personally owned home computers and have them RDP into their work computer back at the office.

Benefits: This is one of the simplest solutions, and the quickest to set up.

Things to Consider: You’re allowing the entirety of an unmanaged/unknown device access to your corporate network via the VPN, which is a security risk.  At times, end users can find the multi-step process of getting connected difficult. It will require end user training, and will cause an increased number of helpdesk tickets.

The RDP protocol isn’t optimized for the best remote end user experience.  You will need split tunneling enabled on your VPN. Split tunneling ensures personal internet traffic is not routed back to and through your corporate firewall.  End users must have a robust internet connection and a functional home computer to make this work.

Your VPN solution will need to have enough licensing, bandwidth, and throughput to handle this many users and connections.

Solution: Your current production computing environment is a VDI solution such as VMware Horizon or Citrix Virtual Desktops.

Benefits: You don’t need to change a thing. Your end users will access their desktops from home the same way they do at work.  These solutions are architected with secure external access at their core. Also, their access protocols are optimized for the best possible remote experience.  The endpoint that the end user accesses their desktop from is irrelevant from a security perspective.

Things to Consider: Even companies heavily invested in VDI often have a small subset of users still on physical desktops or laptops.  You’ll need to assess whether those end users are candidates to be moved to a virtual desktop either temporarily or permanently. Or, you’ll need to set their physical desktops up with VDI agents so that they can be accessed remotely.

This solution still requires internet connectivity and a computer at home.

Solution: You decide to purchase a desktop-as-a-service subscription, such as VMware Horizon Cloud on Azure, Citrix Cloud, or AWS Workspaces.

Benefits: These solutions have the shortest time to deployment and the fastest time to procure compute. Thus, making them a great choice for “we need 2,000 desktops by Friday”-type situations.  Their consumption-based pricing means you’re not making a permanent investment into what may be a temporary solution.  These solutions excel as their protocols are optimized for remote users.

Things to Consider: Some latency-sensitive apps may suffer performance issues depending on where the app is located relative to the cloud desktop.  Egress charges will apply and can be challenging to estimate ahead of time.  If your Microsoft Enterprise Agreement was signed after October 1, 2019, you’re likely to find that you’re not allowed to run Office 365 in a non-Azure cloud (except in SaaS mode). This also means that you can’t bring your own Windows and SQL licenses to non-Microsoft clouds.

Smaller companies may be able to get away with a VPN connection between their chosen DaaS cloud and their on-prem data centers. But, larger companies will need to spring for an ExpressRoute or a DirectConnect. These are carrier circuits and often have long lead times. Important to note, as DaaS solutions becomes more popular, expect the lead times to grow.

There are also smaller regional players that offer solutions aligning to this outcome. Based on your organizational needs, they may also be a fit.

Next Steps

As you can see, these options require a blend of technical resources to create the proper outcome for your business. If creating a work from home strategy is something you need, we can help. We’ve supported multiple clients through this journey. Some real world use cases include the following:

• Setting up a network design for call center workers to work from home without losing access to important corporate voice resources.
• Updating outdated architectures while dynamically scaling the solution set for a broader portion of your ecosystem.
• Fine-tuning a legacy architecture to protect the customer experience.
• Building from scratch? We can do that too…

Still have questions?  Hit up our chat window or give us a call at (616) 202-6518…

UPDATE

We’ve posted another option on our blog at https://letselevate.tech/horizon-desktop-work-from-home-quick-fix/. This alternative is quickly gaining steam as a quick fix to solve resource issues within the infrastructure.