The first step was to come up with an infrastructure design that we would propose to our higher-ups and follow during this crisis. So let’s go over the points that we wanted to keep in mind while setting up the work from home infrastructure but before that, we should discuss the few problems that we had
- Procuring laptop devices on such short notice was an extremely expensive and reckless decision.
- Buying paid licenses of software like TeamViewer and others could have cost us a huge chunk of money.
- We needed a solution that worked cross platforms on all the major OS, so that it can scaled up whenever needed.
- We couldn’t give direct access to our personal cloud infra to the users from their personal laptop as that would have helped them download the source code on their personal machine which we didn’t have access to or any methodology to monitor.
Keeping these few things in mind we started formulating our plan. We came up with a plan that worked for us al it actually has been working fantastically for the past whole month.
The Infrastructure!
The work from home infrastructure that we came up with looked something like this (image below). We decided to use a combination of VPN and VNC to setup the entire infrastructure.
The best thing is that it reduced a lot of load for us as we didn’t have to do a lot of changes for the connection from the office network to the personal cloud infra as it was already well established and monitored.
Our job was to help the employee’s from home to connect to their office desktop and for that they had to be on the same network and provide them with a GUI access so that they can perform normal task as if they are present in the office premise.
Now let’s focus on the changes that we had to make for setting up VPN+VNC infra.
- We hosted the VPN server on the cloud to make it accessible to everyone, we took a machine and then properly set up the VPN server on that so that the employees can easily be a part of the same network as the office desktops.
- For the VNC setup we used to inbuilt feature of Ubuntu machines of screen sharing that comes preinstalled in every system all we had to do was enable it and set the credentials so that they can get the GUI access from their home.
- For windows machines we used RDP, it is more reliable and works more smoothly than its VNC counterpart.
This should give you a good understanding of how our work from home setup was established. The amazing thing was that we used open source software for setting all this up and so we spent next to nothing in this setup. We used the OpenVPN solution to bring all the employees’ work systems and personal desktops on the same network. The only place that we had to spend money was setting up the VPN server on the cloud i.e. for hosting a machine and the humongous traffic that was being routed through that machine. Depending on the needs of your company you can buy whatever system and bandwidth limit suits you the best.
Shortcomings & Solutions
Now that this infrastructure was setup in theory, we still had to resolve a lot of issues with it. Let me list down a few of them here.
- Even though the employees’ machines are on the same network as the office desktop they should not be able to connect via any other port apart from the port opened by VNC.
- The employees’ personal desktop should have the latest possible version of their operating system to avoid any type of malicious attack, spread of malware etc. to other machines.
- What if the internet at the office goes down? The VPN connection will be disconnected how to reconnect it to the VPN network.?
- What if there is a power outage, and the systems shutdown. What if a user mistakenly shuts down a system, what to do then?
The infrastructure that we had designed would work great in the optimum scenario, but one thing we know for sure is that there is never an optimum scenario in real world.
We came up with solutions for mostly every issue that we faced. Now let me explain how we solved these problems and then streamlined our infrastructure to work perfectly in nearly every possible situation.
- Let’s see how we solved the first issue. To allow the users to be able to use only a certain port and not any other on the network we found a command for that, but it needs to be run every time the system is booted up. We can set the rules of IP tables according to whatever suits us.
- The second issue of how to stop the malware or other possible attacks from the employees’ system we found the answer tho this when we setup the ip table rules. Even though the employee’s system is on the same network as the office system’s still as we don’t allow these system to communicate on any other port other than VNC it becomes extremely difficult to do any type of mischievous activity.
- What if the internet goes down, none of us are present in the office nor can we now connect to the machine to troubleshoot then what should be our next move? So for cases like these we wrote scripts that run in the background and keep checking if the internet came back up on a regular basis and as soon as the internet is up and working. It triggers another script that makes all the setting and adjustments that needs to be done. A lot of time was spent into perfecting these scripts so that it can take care of the infrastructure and bring it back up after every problem that might occur.
- The fourth issue, if there is a power outage how things would be handled, we made changes in the boot menu on the motherboard that as soon as power comes back up the machine should power on itself. There are scripts that we wrote and attached to the crontab that on every reboot all of our settings and scripts should start to function exactly the way we want it to.
- In the case if someone turns of their system by mistake, we also enabled the option of wake on lan, so that even if we are not present in the office premise still the machine can be booted remotely and every thing will work perfectly as it should.
Conclusion
Of course, the way we setup the work from home infrastructure was not the most ideal solution, but it was one of the best solutions we could have come up with in three days time. That’s right our team managed to setup the entire infrastructure in three days. In those three days we stayed as late as 2-3 in the morning setting up the infrastructure and making changes so that the employees don’t face any issues.
Apart from the cloud instance there was nothing else that we had to pay for at all, so you could say that the whole setup was done nearly for zero cost.
Source: Medium
have fun!
