Last year I published a paper internally about working from home. I thought it was a good way to provoke though in the company and it also served as a counterpart to my strategy and design for the new remote access platform.
The culture where I work is very much set in the old school ways of management. If someone is sat at home will they work? If they are at a desk I can see and monitor them. With the advances in technology, green thinking and high property prices should be enough to give middle managers reason to embrace the home workers but it seems to me that they cannot transform their methods to new ways of working.
Parking all that business case aside lets talk about the technology. Looking at the current platform we had a system from the dark ages, two Cisco VPN Concentrator 3000’s terminating legacy Cisco VPN clients and OWA which was published on the sluggish secure desktop. For those not in the know, secure desktop basically puts the user into a read only sandbox.
The concentrators were on their last legs, constantly falling over or running so slowly that users could walk to the office quicker than connect over the web!! The funny thing was that even after drastic action (full software rebuild) they still ran like dogs.
Having an immediate operational issue I set about a short-term strategy first. This was to replace the aging hardware boxes with new Cisco ASA 5520’s. I also compared these to Checkpoints Connectra gateways. The ASA gave me a good fit into the existing Cisco infrastructure and would natively support existing legacy clients for a smoother transition. The new Anyconnect and Clientless portals would be utilised to offer faster and more robust platforms to work from.
Not wanting to stop there I looked to a longer term roadmap, with Windows 7 on the horizon I was keen to push the new Direct Access feature. This was a rather slick always on VPN connection that is started right from the OS load, meaning that users are connected right from logon (when on the web) and all computer and user GPO’s will be applied. IT also get a permanent management channel too.
Not wanting to let the Cisco investment go to waste I intended its used to be for access to the network from non corporate systems or vendors. It would also terminate any site to site IPSEC VPN tunnels.
I would like to revisit this topic at some point as I now think that Cloud could actually offer some pretty cool on demand access to desktop systems.