Working from Home, Reflections from a Small MSP Owner.

What strange times we are in. By now even the best of us are suffering from cabin fever, at least here in Toronto, Canada the warm weather has arrived and spending some time outdoors lends a little relief. If you are like me, working from home some of the time was already part of a normal work week, but for many people the transition has been interesting to say the least.

It was not long after the lockdown began that the work assisting companies transition their workforce away from the office to their homes began in earnest. Calls from managed and casual customers began flowing in, all with the same question; can you configure things so that my staff can work from home? The answer to this question, as I am sure any managed services providers might already know was, perhaps.

In today’s digital age, working from home should not be a difficult thing for a company that has kept up with the times and implemented reasonably current infrastructure. For example, businesses already using Remote Desktop services were able to expand these services out to additional employees with minimal effort. Assuming the server had enough available resources and required line of business applications were already configured, the steps to a roll out included increasing required licensing and configuring end user computers to connect. The downside here was the licensing aspect, in addition to additional RDS CALs, some business applications are very expensive to license for Remote Desktop use. Thankfully all my clients use Microsoft 365 for email and Office desktop applications, so these were not an issue, but the potential was there for other applications to be a problem. Luckily, I did not run into this problem, but would be interested to hear if any software vendors temporarily relaxed their licensing rules or provided options to assist their customers, kudos to those that did!

For sites that did not have remote desktop services, things became somewhat more complex. The solution for many clients was to allow users to remotely control their desktop systems at the office from home. The big advantage here is that the hardware and software was already in place, however other issues needed to be addressed. First, desktops needed to be configured to accept inbound Remote Desktop sessions. In a domain this could be done via. GPO, however in smaller workgroup-based offices, it did mean computers needed to be configured manually. Power saving settings needed to be set to prevent the computer from going to sleep and BIOS settings also needed to be adjusted so that in the event of a power failure, computers would return to a powered-on state. Lastly each system needed to have a static IP address configured as the Remote Desktop Client needed this address to connect to the right system. Within our sites we did this with DHCP reservations so that the computers could remain dynamically configured for simplicity.
Keep in mind that the above options were reasonably easy to implement and apart from any licensing, low cost. There were of course additional aspects that needed to be considered. Opening an office network to remote desktop access is potentially a sizable security hole. It is never recommended that one allow direct access to the LAN from the Internet (WAN) side. To keep things as secure as possible remote users should first be required to connect to the office via. VPN, a feature that home or consumer routers often do not support. In our case, all client sites have corporate firewalls installed, specifically Sophos XG devices which support SSL-VPN remote worker connections. Had this not been the case, we likely would have needed to resort to a paid solution like Go-To-My-PC, or similar. Note that VPN connections still have security concerns, for example if local file access is allowed or drives are mapped from the host computer to the remote network, another path for Ransomware and malicious software is
provided from devices that you don’t have control over. Implementing firewall rules and/or restricting access only for remote desktop can help reduce this risk, think through the implementation carefully.

There were additional hurdles to jump and some continue to crop up to this day. Being a largely Mac based audience, I am sure many of you have felt the pain of software compatibly issues based on the version of your operating system. VPN clients like TunnelBlick solve the SSL-VPN connection problem but getting a working Microsoft Remote Desktop client for older systems took some searching as the App store only carries the most recent version. Even when things work, remotely controlling a Mac on the remote end often had performance issues. The reality of doing fine detail work in a remote desktop session is lacking, in many cases installing the software on the home PC (where licensing allowed) was the better solution. Another hurdle was printing. In many cases printing worked great, users could simply find the redirected home printer on the remote system and all was well. For others, depending on the printer, redirection was not supported at all. While figuring out a solution would have been preferred, the time required, and issues with out of date or incompatible home systems were simply too great. The last, or perhaps first hurdle, was how to access user’s home systems to get them set up in the first place. While we utilize a remote access platform for managed systems, unmanaged computers needed another, temporary solution. In our case ZOHO Assist did the job. It was inexpensive and provided the tools needed to work on both Mac and PC systems quickly and easily.

While this article comes at a time after many have already implemented a solution, perhaps, if you have read this far, you recognize the same issues you have encountered, or possibly have learned how things can be done differently. There are many areas related to privacy, security, document management and backups that need to be considered in a truly complete solution but that is another article. Good luck moving forward in your business and keep in mind that many predict that working from home, now that employers have seen that it works, is going to be the new normal.

Stefan Kanitz is the founding partner of Cairitech Inc., Professor at Seneca College in Toronto, Canada, and an IT professional with 30 years experience in the computer, network and managed services field primarily focused on small-medium business. LinkedIn: https://www.linkedin.com/in/stefankanitz/