Over the years I have written extensively about methods of working from anywhere using various technologies including Remote Desktop, Virtual Desktop, Remote Apps, Virtual Apps, and Windows To Go. I have been a huge advocate of many of these, both in my blog, in my professional life, and in my capacity as a community leader and trainer. One day this week I decided to cut the cord and see if what I had really worked.
I am going to preface this article by saying that while I often write about things I have done or built for my clients, I seldom talk about who those clients are for the sake of discretion. It will not be difficult for people to figure out what company I am currently working for, so I am going to discuss the projects and solutions in generalities, and for the sake of information security I am going to be very vague about some of what I discuss.
The project outline was simple: Build a virtual desktop infrastructure (VDI) for a conglomerate that owns over a hundred companies in over 25 countries. Make sure it is stable and useable and all of that good stuff that will make the users want to use it, but make sure it is secure enough that IT departments of banks and governments and militaries would be proud of. Oh, and make sure that if users are unable to get to their office computer – say, like the 2013 Toronto Flood or a tsunami or snow blizzard or sick child – that they can still do their work as if they were in the office. No problem.
Once the infrastructure itself was built, we were pleased with it, but because of the security involved we couldn’t simply connect from anywhere; say, if I was at an Internet cafe in South America we would have to assume that the computer was compromised (virus, malware, spyware, etc…) and so as to protect the corporate data, security was added to prevent this.
Without going into the details, there is a VPN connection that needs to be established, and before that VPN application is even installed for the tunnel to be created a certificate must be installed. These are things that you cannot do on just any computer. Solution? Windows to Go.
I have written and spoken about Windows to Go (WTG) extensively since it was introduced in Windows 8. It is essentially a clean installation of Windows on a USB key; I can boot any computer from the USB key, and whatever malware may exist on the local hard drive of the computer is completely out of the equation – that hard drive is offline. So I keep a USB key in my pocket that has a clean installation of Windows 10 Enterprise (it has to be Enterprise) with all of my applications… including my VPN connection and my certificates.
One night I got to my girlfriend’s house and realized I had left my laptop bag at home. I panicked for a minute, thinking I would have to go home to get it before going into the office. Then I realized that I had the key in my pocket… no problem! I decided to practice what I preach. I wouldn’t be at an Internet cafe in some far off exotic location… I would be sitting at my desk in my office, using an old, laptop that we used for testing whatever. It was not domain joined, it had not been scanned. It had certainly not been customized to my needs and did not have my applications or certificates on it.
When I got into the office I picked up the laptop from the IT Department (as hard as it may be to believe, I do not work with the IT Department in my office), and went back to my desk. I popped the USB key (an Imation W500 that will be the focus of an upcoming article) into the only USB 3.0 port, and booted it up. After entering my credentials (the Imation W500 is a hardware-encrypted key) it booted into Windows 10, into my familiar environment, with my applications… and most importantly, with my VPN client.
One thing you might have issues with when using Windows to Go is networking; if you are going into an environment where you have to track down a Wi-Fi code then it can be tricky. As I was sitting at my own desk, of course I know the Wi-Fi password, but I also have a wired connection. I connected that, and then established my VPN connection. Once I did that it was a simple URL to connect to the VDI environment… and I was working as I would from my own corporate laptop.
While I hope this never happens, if my laptop were to be stolen (or lost or destroyed) this solution means that I would not lose any productivity while waiting for a replacement device to be provisioned. It also means that if I go away on vacation, I could log in from my personal laptop (which I would likely bring) without having to worry about bringing a corporate laptop too.
I think back to the day I logged in to my home computer from an Internet cafe in Buenos Aires when I was there in 2004 for my first wedding. I shudder at what malware might have resided on the PC that I used then. With the Windows to Go, VPN, Firewall, and all of the other security measures we have in place, that could not happen today.
So that evening I went back to my condo and picked up my laptop back and brought it into the office the next morning. I decided to live without it for a few days… it will sit in a drawer waiting for a meeting that I need to go to and take notes at (the PC I am using with WTG does not have a touch screen, let alone a stylus). In the meantime I will continue to ‘eat my own dog food’ and work with WTG. Let’s see how long it takes before I long for my Surface Pro 3 again!