Set-up Work from Home Infra at Zero Cost!
It took three days and no money to setup this infrastructure.
The past month has been way too hectic for everyone around the globe. With everything that has been going on, I hope all of my readers are doing fine and they are taking as many precautions as they can to keep themselves and their family safe. Luckily I am living in one of the cities in India which hasn’t been affected that badly with Coronavirus but seeing the way the numbers are climbing up we all need to be vigilant and on our toes.
Shoutout to all the doctors, nurses and every other essential worker out there for doing what you are doing and not wavering even in this huge pandemic.
Workload has been high for our DevSecOps team as well. Being a startup we didn’t have a Work from Home policy as of yet and when news of Coronavirus started to come and how deadly it might turn out to be, we started working on our Work from Home infrastructure. So we set up an entire infrastructure for a company with 60+ employees and the money we spend on this was next to nil.
Let’s dig in!
The first step was to come up with an infrastructure design that we would propose to our higher-ups and follow during this crisis. So let’s go over the points that we wanted to keep in mind while setting up the work from home infrastructure but before that, we should discuss the few problems that we had
- Procuring laptop devices on such short notice was an extremely expensive and reckless decision.
- Buying paid licenses of software like TeamViewer and others could have cost us a huge chunk of money.
- We needed a solution that worked cross platforms on all the major OS, so that it can scaled up whenever needed.
- We couldn’t give direct access to our personal cloud infra to the users from their personal laptop as that would have helped them download the source code on their personal machine which we didn’t have access to or any methodology to monitor.
Keeping these few things in mind we started formulating our plan. We came up with a plan that worked for us al it actually has been working fantastically for the past whole month.
The work from home infrastructure that we came up with looked something like this (image below). We decided to use a combination of VPN and VNC to setup the entire infrastructure.
The best thing is that it reduced a lot of load for us as we didn’t have to do a lot of changes for the connection from the office network to the personal cloud infra as it was already well established and monitored.
Our job was to help the employee’s from home to connect to their office desktop and for that they had to be on the same network and provide them with a GUI access so that they can perform normal task as if they are present in the office premise.
Now let’s focus on the changes that we had to make for setting up VPN+VNC infra.
- We hosted the VPN server on the cloud to make it accessible to everyone, we took a machine and then properly set up the VPN server on that so that the employees can easily be a part of the same network as the office desktops.
- For the VNC setup we used to inbuilt feature of Ubuntu machines of screen sharing that comes preinstalled in every system all we had to do was enable it and set the credentials so that they can get the GUI access from their home.
- For windows machines we used RDP, it is more reliable and works more smoothly than its VNC counterpart.
This should give you a good understanding of how our work from home setup was established. The amazing thing was that we used open source software for setting all this up and so we spent next to nothing in this setup. We used the OpenVPN solution to bring all the employees’ work systems and personal desktops on the same network. The only place that we had to spend money was setting up the VPN server on the cloud i.e. for hosting a machine and the humongous traffic that was being routed through that machine. Depending on the needs of your company you can buy whatever system and bandwidth limit suits you the best.
Shortcomings & Solutions
Now that this infrastructure was setup in theory, we still had to resolve a lot of issues with it. Let me list down a few of them here.
- Even though the employees’ machines are on the same network as the office desktop they should not be able to connect via any other port apart from the port opened by VNC.
- The employees’ personal desktop should have the latest possible version of their operating system to avoid any type of malicious attack, spread of malware etc. to other machines.
- What if the internet at the office goes down? The VPN connection will be disconnected how to reconnect it to the VPN network.?
- What if there is a power outage, and the systems shutdown. What if a user mistakenly shuts down a system, what to do then?
The infrastructure that we had designed would work great in the optimum scenario, but one thing we know for sure is that there is never an optimum scenario in real world.
We came up with solutions for mostly every issue that we faced. Now let me explain how we solved these problems and then streamlined our infrastructure to work perfectly in nearly every possible situation.
- Let’s see how we solved the first issue. To allow the users to be able to use only a certain port and not any other on the network we found a command for that, but it needs to be run every time the system is booted up. We can set the rules of IP tables according to whatever suits us.
- The second issue of how to stop the malware or other possible attacks from the employees’ system we found the answer tho this when we setup the ip table rules. Even though the employee’s system is on the same network as the office system’s still as we don’t allow these system to communicate on any other port other than VNC it becomes extremely difficult to do any type of mischievous activity.
- What if the internet goes down, none of us are present in the office nor can we now connect to the machine to troubleshoot then what should be our next move? So for cases like these we wrote scripts that run in the background and keep checking if the internet came back up on a regular basis and as soon as the internet is up and working. It triggers another script that makes all the setting and adjustments that needs to be done. A lot of time was spent into perfecting these scripts so that it can take care of the infrastructure and bring it back up after every problem that might occur.
- The fourth issue, if there is a power outage how things would be handled, we made changes in the boot menu on the motherboard that as soon as power comes back up the machine should power on itself. There are scripts that we wrote and attached to the crontab that on every reboot all of our settings and scripts should start to function exactly the way we want it to.
- In the case if someone turns of their system by mistake, we also enabled the option of wake on lan, so that even if we are not present in the office premise still the machine can be booted remotely and every thing will work perfectly as it should.
Of course, the way we setup the work from home infrastructure was not the most ideal solution, but it was one of the best solutions we could have come up with in three days time. That’s right our team managed to setup the entire infrastructure in three days. In those three days we stayed as late as 2-3 in the morning setting up the infrastructure and making changes so that the employees don’t face any issues.
Apart from the cloud instance there was nothing else that we had to pay for at all, so you could say that the whole setup was done nearly for zero cost.
There are a lot of technical details which I have not dwelled into for certain reasons, but feel free to reach out to me. If you need help with setting up work from home infra for your office feel free to ping me if you want a similar solution deployed at your workplace.
If you enjoyed it please do clap & let’s collaborate. Get, Set, Hack!
Website : aditya12anand.com | Donate : paypal.me/aditya12anand
Telegram : https://t.me/aditya12anand
Twitter : twitter.com/aditya12anand
LinkedIn : linkedin.com/in/aditya12anand/
E-mail : email@example.com