Today, the reality is that due to quarantine and coronavirus, many companies have to think about how to provide remote work for their employees. Almost every day, articles appear that reveal both the technical and psychological aspects of the transition to remote work. At the same time, by now, a huge amount of experience has already been accumulated in such work, for example, by freelancers or those IT companies that have been working with employees and clients living all over the world for a long time.
Transitioning a large IT company to work remotely can be challenging. However, in many cases, well-known tools and techniques can be dispensed with. In this article, we will look at our experience of working remotely from the technical side. We hope that this information will help companies adapt to the new conditions. I would be grateful for any comments, suggestions and additions.
Remote access to company resources
If an IT company works in an office, then, as a rule, there are system units, laptops, servers, printers and scanners, as well as telephones. All this is connected to the Internet through a router. Our company in the first years of its existence placed just such equipment in the office.
Now imagine that you need to send all your employees home quickly, in 1-2 days, so that work on projects does not stop. How to proceed in this case?
With laptops, everything is clear - employees can simply take them with them. System blocks and monitors are more difficult to transport, but still it can be done.
But what about servers, printers and phones?
Solving the problem of access to servers in the office
When employees move home, and the servers remain in the office and there is someone to look after them, then it remains only to solve the issue of organizing secure remote access for employees to your company's servers. This is a job for a system administrator.
If Microsoft Windows Server OS is installed on office servers (as it was with us in the first years of operation), then as soon as the administrator configures terminal access via the RDP protocol, employees will be able to work with the server from home. It is possible that you will have to purchase additional licenses for terminal access. In any case, employees will need a computer with Microsoft Windows at home.
Servers with Linux OS will be available from home and without purchasing any licenses. Your company administrator will only need to configure access via protocols such as SSH, POP3, IMAP, and SMTP.
If this has not been done yet, then to protect the servers from unauthorized access, it makes sense for the administrator to at least install a firewall (firewall) on office servers, as well as set up remote access for your employees using VPN. We use OpenVPN software, which is available for almost all platforms and operating systems.
But what if the office closes completely with all servers turned off? There are four options left:
- if possible, completely switch to cloud technologies - use a cloud CRM system, store common documents on Google Docs, etc.;
- move the servers home to the system administrator (he will be happy ...);
- transport servers to some data center that will agree to accept them;
- rent server capacities in the data center or in the cloud
The first option is good because you do not need to transfer and install any servers. The results of the transition to cloud computing will be useful to you in the future, they will save money and effort on support and maintenance.
The second option creates problems for the system administrator at home, since the server will be around the clock and make quite a lot of noise. And if the company has more than one server in the office, but a whole rack?
With the transfer of servers to the data center, not everything is simple either. As a rule, only rack-mountable servers can be placed in a data center. At the same time, the office often uses Big Tower servers or even ordinary desktop computers. It will be difficult for you to find a data center that will agree to host such equipment (although there are such data centers, we, for example, placed them in the PlanetaHost data center). You can, of course, rent the required number of racks and mount your equipment there.
Another problem with moving servers to a data center is that you will most likely have to change the IP addresses of the servers. This, in turn, may require you to reconfigure the server software or make changes to any software licenses if they are tied to IP addresses.
The option of renting server capacities in a data center is simpler in terms of the absence of the need to transport servers anywhere. But your system administrator will have to reinstall all the software and copy the necessary data from the servers installed in the office.
If your office technologies are based on the use of Microsoft Windows, you can rent a Microsoft Windows server in the data center with the required number of terminal licenses. Take one of these licenses for each of your employees who work with the server remotely.
Renting physical servers can cost 2-3 times cheaper than renting virtual servers in the cloud. But if you need very small capacities, and not a whole server, then the cloud option may be cheaper.
The increased price of cloud resources is a consequence of reserving hardware resources in the cloud. As a result, the cloud will probably work more reliably than a rented physical server. But here it is already necessary to assess the risks and count the money.
As for our company, which is engaged in the creation of online stores, all the necessary resources have long been in our data centers and are available remotely. These are own and rented physical servers that are used for hosting stores, as well as virtual machines for software developers, layout designers and testers.
Moving jobs from office to home
As we have already said, employees can simply take their work computers with them - laptops or system units with monitors. If necessary, you can buy new laptops for employees by ordering their home delivery. Of course, on new computers you will have to install the necessary software, which will lead to additional time costs.
If employees already have home computers running Microsoft Windows, they will be able to use them as Microsoft Windows Server terminals, or to access servers running Linux. It will be enough to configure VPN access.
Our employees work on both Windows and Linux. We have very few Microsoft Windows servers, so there is no need to purchase terminal licenses for this OS. As for access to resources located in data centers, it is organized using a VPN and is additionally limited by firewalls installed on each server.
Be sure to provide employees working from home with headsets (headsets with microphones) and a video camera. This will allow you to communicate remotely with great efficiency, almost like in the office.
Many try to control what employees do during working hours at home by installing various specialized monitors on their computers. We have never done this, we only controlled the results of the work. As a rule, this is quite enough.
What to do with the printer and scanner
Web site software developers rarely need printers and scanners. However, if such equipment is necessary for employees, there will be a problem when switching to remote work.
Typically, a network MFP is installed in the office, high-speed, large and heavy. Yes, you can send it to the home of the employee who needs to print and scan the most. Unless, of course, this employee will have the opportunity to host it.
But if many of your employees often scan and print documents, you will have to purchase an MFP and install it in their homes, or change the company's business processes.
As an alternative to the transportation and purchase of new MFPs - an accelerated transition to electronic document management wherever possible.
Work with paper and electronic documents
It is best if, before switching to remote work, you will be able to convert the entire workflow into electronic form. For example, we use DIADOK to exchange accounting documents, and we pay bills through a client-bank.
When implementing such a system, it will be necessary to provide all employees involved in electronic document management (for example, accountants) with key fobs with an enhanced qualified electronic signature. It may take some time to receive such key fobs, so it is better to be puzzled by this question in advance.
In DIADOC (as well as in similar services), you can set up roaming with other electronic document management operators. This will be required if counterparties use other document management systems than yours.
If you or some of your counterparties work with documents the old fashioned way, you will have to send and receive regular paper letters with a visit to the post office or calling couriers. In the case of quarantine, such operations will have to be minimized.
What to do with telephony
In the first years of operation, our company used landlines and mobile phones. However, we very soon realized that with a large number of employees and customers, some more adequate solution was needed.
The most convenient for us was the virtual PBX from MangoTelecom. With its help, we got rid of binding to city phone numbers (and hence the physical location of the office). We also got the opportunity to integrate the PBX with our CRM, record support conversations with customers, set up call forwarding, etc.
Next, you can install the virtual PBX application on your smartphone, laptop or desktop computer. This will allow you to call Russian numbers or receive calls at domestic rates, even from abroad.
Thus, a virtual PBX allows you to make the movement of employees from the office to their homes almost imperceptible from the point of view of the continuity of business processes.
If you use a PBX, and when you move it is inevitable to turn it off, consider switching to a virtual PBX. Check with your telephone provider if it is possible to enable call forwarding from fixed PBX numbers to incoming virtual PBX numbers. In this case, when switching to a virtual PBX, you will not lose incoming calls.
As for calls between employees, when working with a virtual PBX, such calls, as a rule, are not charged.
Remote selection and training of employees
While adding to our staff, in the early years of our company, we always invited candidates to the office, conducted classic interviews and gave assignments. Then we were engaged in individual training for beginners in the office.
However, over time, we switched completely to remote recruitment.
Primary selection can be carried out using the tests attached to the vacancy on the HH website or some other recruiting service. I must say that, if properly designed, these tests allow you to filter out a significant number of candidates who do not meet the requirements.
And then everything is simple - we use Skype. Using Skype and always with the video camera turned on, you can conduct interviews no less effectively than if the candidate were sitting next to the table.
Despite certain disadvantages, Skype also has very important advantages over similar systems. First of all, via Skype, you can organize a demonstration of the desktop of your computer, and this is very necessary when training and discussing work issues. Further, Skype is free, available on all major platforms, and easy to install on a computer or smartphone.
If you need to organize a meeting or training for several employees, then just create a group in Skype. By demonstrating their desktop, the speaker or teacher can bring all the necessary materials to the meeting participants. In the chat window, you can post links, text messages, share files or have conversations.
In addition to classes on Skype, we prepare educational films (using the Camtasia Studio program, but you can use what you are used to). If these films are only for internal use, then we place them on our servers, and if for everyone, then on YouTube.
In most cases, this combination of instructional films, Skype group sessions with dialogue and desktop demonstrations, and face-to-face teacher-student interaction allows us to conduct training entirely remotely.
Yes, there are services designed to show a desktop to a group of users, to host webinars, and even platforms for learning (including free ones). But for all this you need to pay either money or time spent on learning how to work with the platform. Free platforms, however, may become paid over time. At the same time, the capabilities of Skype will be sufficient in many cases.
Collaboration on projects
In the course of joint work on projects, we hold daily and weekly meetings, use pair programming and code reviews. Skype groups have been created for meetings and code review, and desktop sharing is used when necessary. As for the code, it is stored in our GitLab server, which is located in the data center.
We organize collaboration on documents using Google Docs.
In addition to all this, we have an internal Klondike knowledge base integrated with the application processing and resource planning system (our CRM and ERP). These tools, hosted on servers in the data center, we have been creating and improving over the years. They allow us to efficiently process numerous applications from our clients, assign executors, conduct application discussions, keep track of working hours, and much more.
Most likely, your company is already using something similar, and when switching to remote work of employees, it will be enough to provide remote access to the relevant resources.
Remote user support
Our users are owners and managers of online stores operating in almost all regions of Russia. Of course, we support them remotely.
Our support service works through the ticket system, answers questions by e-mail and phone, in a chat through the administrative site of the online store and the site of our company.
At the stage of discussing tasks, we use any messengers available to the client, for example, Telegram, WhatsApp, Skype.
Sometimes it becomes necessary to see what the client is doing on his computer. This can be done through Skype in desktop sharing mode.
If necessary, you can remotely work on the user's computer using tools such as TeamViewer, Ammee Admin, AnyDesk, etc. To use these tools, the customer will have to install the appropriate software on their computer.
Setting up VPN access
We have OpenVPN servers installed on virtual machines located in different data centers (using Debian 10 OS). The OpenVPN client is installed on the working computers of our employees in Debian, Ubuntu, MacOS and Microsoft Windows environments.
There are many instructions on the Internet for installing the OpenVPN server and client. You can also use my .
I must say that the manual procedure for creating keys for employees is very tedious. To connect a new user to take no more than ten seconds, we use a script similar to the one below under the spoiler.
Script to generate keys
#!/bin/bash
if [ -z "$1" ]
then
echo "============================================================="
echo "VPN -- Generate crt key pair"
echo "============================================================="
echo "Usage: bash gen.sh username"
exit
fi
echo "============================================================="
echo "VPN -- Generate crt key pair for user: $1"
echo "============================================================="
ADMIN_EMAIL="[email protected]"
USER=$1
RSA="/home/ca/easy-rsa-master/easyrsa3/"
PKI="$RSA"pki/
PKI_KEY="$PKI"private/
PKI_CRT="$PKI"issued/
USR_CRT="/home/ca/cert_generation/user_crt/"
USR_DISTR="/home/ca/cert_generation/user_distr/"
# If user key does not exists, create it
if [ ! -f "$PKI_KEY$USER.key" ]
then
echo "File $PKI_KEY$USER.key does not exists, creating..."
cd "$RSA"
./easyrsa build-client-full $USER nopass
fi
# Removing user folder, if exists
if [ -e "$USR_CRT$USER/" ]
then
echo "Already exists, removing user folder $USR_CRT$USER..."
rm -r -f "$USR_CRT$USER/"
fi
# Create user folder for key and other files
mkdir $USR_CRT/$USER/
# Copy OpenVPN key, cert and config files to user folder
cp "$PKI_KEY$USER.key" "$USR_CRT$USER/$USER.key"
cp "$PKI_CRT$USER.crt" "$USR_CRT$USER/$USER.crt"
cp "$PKI"ca.crt "$USR_CRT$1"
cp "$USR_DISTR"ta.key "$USR_CRT$USER"
cp "$USR_DISTR"openssl.cnf "$USR_CRT$USER"
# Copy Manual files
cp "$USR_DISTR"readme_vpn_win.txt "$USR_CRT$USER"
# Replace string "change_me" in configuration files whis user name $USER
cp "$USR_DISTR"server.conf "$USR_CRT$USER"/server.conf.1
cp "$USR_DISTR"mycompany_vpn.ovpn "$USR_CRT$USER"/mycompany_vpn_$USER.ovpn.1
cp "$USR_DISTR"readme_vpn_win.txt "$USR_CRT$USER"/readme_vpn_win.txt.1
sed "s/change_me/$USER/g" "$USR_CRT$1"/server.conf.1 > "$USR_CRT$1"/server.conf
rm "$USR_CRT$USER"/server.conf.1
sed "s/change_me/$USER/g" "$USR_CRT$1"/mycompany_vpn_$USER.ovpn.1 > "$USR_CRT$1"/mycompany_vpn_$USER.ovpn
rm "$USR_CRT$USER"/mycompany_vpn_$USER.ovpn.1
sed "s/change_me/$USER/g" "$USR_CRT$1"/readme_vpn_win.txt.1 > "$USR_CRT$1"/readme_vpn_win.txt
rm "$USR_CRT$USER"/readme_vpn_win.txt.1
# Create tar.gz and send it to administrator e-mail
tar -cvzf "$USR_CRT$USER/$USER.tar.gz" "$USR_CRT$USER/"
echo "VPN: crt, key and configuration files for user $USER" | mutt $ADMIN_EMAIL -a $USR_CRT/$USER/$USER.tar.gz -s "VPN: crt, key and configuration files for user $USER"
echo "---------> DONE!"
echo "Keys fo user $USER sent to $ADMIN_EMAIL"
When this script is launched, the user ID is passed as a parameter (using Latin letters).
The script asks for the Certificate Authority password, which is created when the OpenVPN server is installed. Next, this script generates a directory with all the necessary certificates and configuration files for OpenVPN clients, as well as a documentation file for installing the OpenVPN client.
When generating configuration and documentation files, change_me is replaced by the user ID.
Next, the directory with all the necessary files is packed and sent to the administrator (the address is specified directly in the script). It remains only to forward the resulting archive to the user to his e-mail address.
We hope that you will be able to spend the period of forced home confinement to good use. Having worked out the methods of working without an office, you may continue to actively use the work of remote employees.
Good luck with your move and fruitful work at home!
Source: habr.com