This blog was written in collaboration by Brian Madden and Shawn Bass, CTO of VMware End-User Computing.
In light of current events, many organizations are feeling the effects of life’s unpredictability. With many organizations canceling in-person events and meetings and mandating temporary work-from-home policies, companies are quickly realizing just how prepared they really are in the wake of unexpected events. In the previous blog of our business continuity series, we discussed 11 secrets for successful remote-first working from the perspective of your end users. In this blog we’ll discuss what this means for IT and your entire organization.
Many IT organizations around the world are suddenly dealing with a massive increase in the number of home/remote workers they need to support. The past few weeks have seen countless vendors and providers creating guides for how their software and solutions can help in situations like these.
While this is helpful for longer-term planning, my reaction tends to be more along the lines of, “That sounds great, can you sell me a time machine too?” because what I should’ve done six months ago to prepare doesn’t help me when I wake up to this email:
Now what? Where do you even begin?
Think about three areas
The first step is to break this massive challenge into smaller, easily digestible parts. We like to think about three areas:
• The users’ PHYSICAL home environments
• Your company’s CULTURAL environment
• Potential TECHNOLOGICAL issues
Let’s explore each in more detail.
What does the physical home environment look like?
For each employee who will now need to work from home (or some other remote location), there are several things to think about.
At the most basic level, does the user even have a proper work environment? Is it ergonomically correct? Lots of home workers “work” with their laptops on the couch or while sitting in bed, which is fine for a few hours here and there. But if users suddenly need to work eight hours a day, five days a week, for multiple days at end from that same location, a couch and laptop aren’t going to cut it.
Also remember that not everyone has a dedicated room to work that’s quiet and lets them concentrate, especially when others in the household will most likely be home too. How do multiple people share the same desk, and both be on their own work calls at the same time, while also watching the kids who are unexpectedly home from school?
What if their quiet place is in the basement, but their mobile phone has bad reception down there? What about their internet connection? Is their bandwidth or data transfer limit going to hit?
If you’re someone with lots of remote work experience, think about how long it took you to get comfortable and your whole setup dialed in. We have to be realistic about expectations when we throw massive users into a home working environment quickly.
What does the cultural work from home environment look like?
Working from home is not for everyone. Many people crave the human contact that’s lost at home, which is why you see so many people working at coffee shops and cafes. But due to recent circumstances, that probably won’t be an option, so how can you help the feeling of isolation?
One tip seasoned home workers share is to always use the webcam when connecting to conference calls, rather than just voice. But we also have to remember that not everyone will be comfortable with that. People are protective of their private space, and they might be embarrassed about whatever is in the background of their webcam.
We have to keep in mind that a large number of people are working from home, so that viral video of the expert being interviewed on BBC TV while his child and wife ran around in the background is something that’s going to happen. We have to reset our standards and expectations for newly displaced workers.
Since this whole conversation is about what happens during unprecedented times, we have to be sensitive to Maslow’s hierarchy of needs.
Your users’ security, safety, friends and loved ones will take priority over whatever work is going on. People are going to interrupt work calls to answer their phones when a loved one calls. They will keep one eye on the news and social media and be texting their spouses to make sure they have enough toilet paper while searching to see if they should worry about their new cough. They’ll be dealing with their kids and giddy pets. They’ll be new to working at home and won’t understand how to balance laundry with TPS reports. And there will be random, unexpected absences, like when their kid’s college tells them that classes have switched to virtual and now the employee has to take the day off to drive and pick them up.
So, generally speaking, there will be a decrease in productivity. Forget all the studies that show how users can be more productive from home, in theory. Users will not be more productive.
What technology issues could there be?
This is an IT blog written for IT pros, so naturally the tech issues are what we all think about first. This is why we put it last, so that you’ll actually think about the physical and cultural issues too. But when it comes to technology issues, wow, there are a lot!
Home technology issues
For users who are now suddenly working from home, you need to know whether they have ever worked from home. This will inform how much support they’ll need. Questions to consider could include:
• Does the user have a work computer they can bring home, or will they be using a home computer?
• If they don’t have a home computer, will you try to order and send them one? Or tell them to go to a retail store and buy something? Or try to have them work from their phone?
• Will you try to get the user to run apps locally, or do you have some kind of existing VDI/RDS/DaaS solution in place?
• Can their computer even run the apps that are needed?
• If the user needs to connect a home computer to the corporate environment, have you implemented any kind of endpoint scanning that might disqualify whatever device the user happens to have?
• How well will the user’s internet connection work since everyone in the neighborhood will be working from home at the same time? (Sure, the user might have a 100mbps cable connection, but the cable company’s concentrator at the end of the block can’t have all users utilizing all bandwidth at once.)
Corporate technology issues
You also have to think about tech issues back at the office that could impact a user’s ability to work remotely when you suddenly have 80% of users remote instead of 10%. For example:
• Can your VPN handle the additional capacity to support that many remote users?
• Even if your VPN hardware and licenses can handle it, does the corporate location have enough bandwidth to support all those tunnels and connections?
• If you have an existing VDI/RDS/DaaS platform, can it support all the users who are now connecting from home? If yes, do you have the bandwidth to support all of this?
• You need to be ready for a given percentage of new home workers to fail the security requirements. Additionally, you need to know what you’re going to do in that case – relax them or tell the users to get different hardware, or to patch, or?
Support technology issues
The final tech nuance to think about relates to support. All these users suddenly working from home will both (1) require more support since everything is new and different, and (2) require that support to be remote.
So, you need to think about:
• If users need to update or patch their systems before they can connect to your network or install any apps, do you have that support capacity?
• Does your helpdesk have the capacity for increased call volume?
• Where are your helpdesk employees going to work? Remember, your helpdesk workers are remote now too. Do you have the ability to forward helpdesk calls to helpdesk workers in their homes? Do your remote control/remote support tools allow a home-based helpdesk tech to support another home-based user?
Wow, that’s a lot to think about! Once you start to put some thought into all of that, you can start to create a plan.
Creating your plan
When it comes to the actual plan for how you’ll deal with the massive increase in home workers, we believe there are seven areas you need to plan in:
• End-user technology
• Core infrastructure
• Edge network
• The decision process & its impact
• Communication strategy
Again, let’s look at each of these on their own:
Since you will be looking at dozens or hundreds or thousands of users suddenly working from home, the only way you can be effective is to start to group various workers into cohorts based on their persona. Every company will be different here, but here are some examples of how you might break out your users:
• People who are already remote. Hypothetically, they should be okay, but maybe you can recruit them to help newly remote users through this sudden transition.
• Road warriors. They should also be okay since they already know how to work remotely.
• Users who never work from home, but who have corporate laptops. This group should be fine too, because they can take their corporate laptop home and it should already be configured properly, have the right apps installed, meet the security requirements, etc.
• Users who never work from home, and who do not have corporate laptops. This is an interesting group, because you have to quickly determine whether you want to try to get them a corporate laptop, whether you tell them to use whatever random home computer they might have, or whether you send them to a local store to buy whatever laptop is available.
• Users whose jobs don’t translate to working from home (receptionists, janitorial, bank tellers, etc.). There might not be much to do from an IT standpoint, but the business at large will have to think about whether they still get paid, etc.
• Users who will still come into the office (doctors, some IT staff, etc.). Probably not much to worry about from an IT standpoint, though the business will have to think about what happens if one of these workers gets sick (more on this in a bit).
Once you’ve created your personas and cohorts, you can start to think about what technology solutions need to be in place for each. You’ll need to think about this up and down your stack. For example, from the remote access/VPN standpoint, for each cohort, ask yourself:
• Do these users need full VPN access, or just certain apps? Are email and Dropbox enough? Etc.
• For users who need full VPN access, do they really need full VPN access? Can they connect to certain SaaS apps directly?
Next, you have to think about the devices your users will use. We touched a bit on this already, but to bring it together into a single place, the various device options for newly home-bound workers could be:
• Existing, already configured corporate laptops
• Existing home computers
• Existing mobile devices or tablets
• Newly purchased corporate devices which are purchased and owned by the company, probably drop-shipped directly to the end-users at home
• User purchased devices, which seems great at first until you realize you probably have no control over what users end up with. Can you give guidance on specific vendors and models, or just platforms and tech specs? Do your users have corporate credit cards to buy these? (You can’t expect every employee to have the ability to buy these on their own and wait for reimbursement.) Will you end up with a random mix of Windows, Mac, Chromebooks, tablets, and whatever other random things they rustle up?
Now that you think about the different types of devices that will be used, how will you provision or configure devices that are new to the company? The specifics, again, depend on what you’re trying to do:
• Are you trying to get apps to install and run locally on the device?
• Is the device just a thin client for remote VDI, RDS, and/or DaaS sessions?
• Will any corporate data live on the device? (Which will most likely require local drive encryption, secure boots, etc.)
When it comes to the mechanical act of provisioning these devices, you have a lot of options depending on each specific scenario, including:
Windows 10 Out of Box Experience (OOBE)
If you’re lucky enough to already have some kind of modern management platform in place, you can use the Windows 10 OOBE. This essentially allows a user to buy just about any Windows 10 device from wherever they want. Then, they enter their work email address when they’re setting it up at home and they’re given the option to enroll it for management by the company.
This can enable a full management experience, including you having the ability to set encryption, security levels, patch management, push apps, etc. to devices anywhere in the world that are not on your network.
But, it’s only really an option if you’ve thought about this ahead of time. During a crisis is not the time to try to figure out how to get OOBE set up and integrated with your back end.
Windows 10 AutoPilot
AutoPilot is similar to OOBE, but it’s for devices that the company buys and owns instead of the end-user. AutoPilot works particularly well with drop-ship types of procurements since your laptop vendor or reseller can ship unconfigured, never-been-touched laptops from their warehouse directly to home users. This is convenient during unprecedented events, but it doesn’t help you if you’re not using it prior to the event.
A potential downside is that during a crisis, lots of companies will be sending users home so your laptop provider might get a huge increase in orders, meaning the typical three-day order fulfillment time could stretch to days or weeks. Also, this requires that the entire supply chain is functioning, as laptop makers don’t have millions of unsold devices waiting around for a crisis. They need to be able to get parts, they need to be able to have employees come into the laptop warehouse to box and ship them, the delivery and trucking companies need to have employees who are working, etc. (This is why in an emergency, you often see IT departments say, “Just go to a local store and buy whatever you can.”)
Factory imaging (or whatever your laptop provider calls it) is a scenario where you still create the traditional “master” disk image, but you upload that image to your laptop provider and they pre-image the laptops and then send them directly to home users.
This can be easier to set up during an emrgency because you probably already have corporate laptop standards and an image, and it can work with whatever you have today, not requiring some of the newer things like OOBE or AutoPilot.
Factory imaging has the same downside as AutoPilot in that you can only get new laptops from the factory if the factory and supply chain is functioning.
Traditional imaging is like factory imaging, except the image is applied by a company IT employee at a company location. This is what we did in the nineties but isn’t done as much today. But perhaps you know of a stack of laptops someone you can reallocate (don’t forget about training rooms which might have lots of machines you can image and ship out).
Again, this presumes the shipping and home delivery networks are functioning.
This is our IT fantasy! Really though, in an emergency situation, it’s letting the home worker fend for themselves and getting them to find some computer on their own. While less than ideal, if the shipping and supply chain networks are not functioning, this is what you’ll be dealing with.
The challenge here is that you’re going to end up with users trying to connect the Packard Bell 300Mhz Pentium-II from their attic to your VPN.
The “do nothing” plan can actually work quite well if you’re just using the user’s home computer as a thin client, though that presupposes that you already have some kind of VDI/RDS/DaaS environment set up.
If your users manage to scare up something that’s usable, you could explore installing apps locally on the machine. This is easy for mainstream apps like Office and browsers, but you will most likely run into security and compliance issues you’ll have to sort out. (More on this in a bit.)
Phew! That was a lot to think about, all relating to planning for end-user technology. Moving on…
The second part of your emergency plan needs to be about your core infrastructure. This includes things like your servers, network, datacenters, applications, etc.
The first step here is to look at everything and figure out what you have today that will be great for all these new home workers. Things like VDI, RDS, DaaS, Zoom, WebEx, Slack, Office 365, Dropbox, etc. are all awesome. But, you also need to look at your current capacity (both licensed capacity and technical resources) to see if you have enough to support the added remote users.
If you need to add capacity, your exact steps will depend on what infrastructure component you’re looking at.
Adding capacity to cloud/SaaS apps
This is the one area where you’re probably happy! Yay! We are using the cloud! We went all in to SaaS! So, while we only have a current license for 1,000 users, I’ll just call the vendor and increase it to 5,000 users and we should be good. Yay SaaS! High-five!
The bad news here is there are a lot of ways this won’t work, all which are heightened during a disaster. For example:
• Your SaaS/cloud vendor is dealing with the disaster too. Do they have enough workers to process your request?
• How fast is their turnaround for adding capacity? Especially given the fact that probably all of their customers are calling all at once, all with the same request to increase their capacity.
• Remember “The Cloud” is not the same thing as “Infinity Computers”. Your SaaS provider is either running their own servers, which they will need to order more of, assuming the supply and shipping chains are working and that all the hardware is available. Or they themselves are using a huge cloud on the backend, who’s also getting lots of capacity requests at the same time. So, no guarantee that your SaaS provider will even be able to increase their capacity to support your increased needs.
Adding capacity to internal/on-prem apps
For apps and services you run yourself, you’re actually in a potentially good spot since everything is under your control. We can assume that you can’t get more hardware shipped in as it will probably take too long and we have all the other emergency-related supply and demand issues. But, since it’s likely that you have lots of virtualization capacity already under your control, you can reprovision servers, move things around, and resize VMs to free up space to spin up more VMs for your apps.
If you’re lucky enough to already have a hybrid or existing cloud environment, you can probably reprovision or reallocate some of those resources to support the apps that you need to grow to support all your new remote workers. Reserved instances are especially nice since they won’t be squeezed by the increased demand the crisis is placing on the cloud provider.
If you don’t have existing cloud capacity, it could potentially get tough, again since every company on the planet is going to the same cloud providers you are trying to get more capacity.
Look for easy wins
As you evaluate your core infrastructure and look at the increased demands your new massive home work force will require, it’s important to focus on the easy wins that can make things better ASAP.
For example, rolling out a brand new VDI environment from scratch is not a project you want to start once the calamity has begun. If you already have VDI, and you just want to expand it, that’s pretty easy. (And luckily, most vendors are trying to streamline their processes for allocating more licenses quickly.)
If you’re thinking about DaaS, and you can find a provider who has capacity, that could be a relatively easy win. (And that would make your users’ home device technology easier, since whatever random machinery they have at home would only need to function as a thin client.)
We briefly touched on the edge network and capacity when we were framing the things to think about, but now that we’re talking about solutions, let’s revisit it.
The main thing you need to think about with all these new home workers is whether your edge infrastructure (network connections, VPNs, gateways, etc.) can support not just the increase in user counts, but also the change in usage patterns and traffic types.
For example, you may have validated that your VPN can support 5,000 users, but was that validation done with “normal” VPN use, when maybe users were just doing some file sharing and email, versus maybe now you’re going to have 5,000 users using the VPN for interactive VDI or VoIP sessions?
If you have software- or appliance-based edge systems, you might be able to reallocate some capacity from other existing hardware to beef up your edge devices. But you might also run into bandwidth issues which might require a call to your provider, who again is also dealing with both the increased demand and employee challenges.
Another approach can be to look at what your edge is actually doing to see if there’s anything you can do to lighten the load. For example, are all remote corporate devices routing all their internet traffic through your corporate network? Maybe you can quickly implement split tunneling to free up bandwidth?
Maybe you have some SaaS or cloud apps which each tunnel back into your corporate environment. Maybe you can move some domain and file services to the cloud to allow those SaaS users to use that app without consuming a tunnel connection back to the corporate network.
The key is to look for easy wins that you can implement with existing hardware and contracts. Anything you want to expand that requires external providers cannot be counted on during an emergency.
There is no doubt that you will have some difficult decisions around information security as part of your planning to quickly and massively increase the number of remote workers you’re supporting.
As we touched on previously, you may have to do things like restricting some security standards, or modifying some checks, for all your users to use their own machines working remotely.
For example, if you have a VPN policy that only allows domain-joined machines to connect to the VPN, and now everyone is working from home and there’s a two-week procurement lag to get new machines into users’ hands, what do you do? Change the VPN settings? Change the application settings so users don’t need the VPN? Tell users they can’t work remotely until you can get them a laptop? Awkward conversations will be needed.
You also need to think about all the standard operational security processes that will be massively affected by users being remote. For example, what does Patch Tuesday look like in your current environment? Do you have WSUS and SCCM on-prem distribution points to support the tens of thousands of domain-joined Windows PCs on your corporate network? Great! But now those ten thousand machines are remote. What’s your plan for the next second Tuesday? Better have a conversation with your networking and VPN teams!
How this is solved, by the way, will depend on many factors. If you’re using a modern platform to manage your Windows devices, then you can control the patches while letting those machines download them directly from the cloud. But if your machines need to connect to the domain and VPN to get their updated settings, and your VPN can’t support them, that’s a challenge. (Interesting that this combines all four areas: client technology, core infrastructure, edge and security! Everything is instantly interconnected and suddenly massively different).
So far, we’ve talked a lot about looking for “easy” wins. But during an emergency, the easy things might not be so easy. We discussed Maslow’s hierarchy and how home users will (understandably) care more about their loved ones and safety. But remember that your IT staff are people too, and they’re susceptible to the same human condition. For all these things you need to do to support all these users working remotely, will you have the actual IT staff who are functional and well enough to implement this stuff?
At the most basic level, can all of the rebalancing, reallocating, and reconfiguration of all the various systems that need to be done to support the remote workers be done by IT who are also remote? Will IT staff members be allowed to visit the corporate location to work? Will they even be willing to?
What if key members of the IT staff are sick? If your entire VPN team is in the hospital, are they responding to your texts to get them to show you how to configure a split VPN? (Same goes for the employees of the providers you want to lean on).
The decision process and its impact
Another thing that people don’t think of during crisis-type situations is that the decisions you make in the heat of the moment may end up impacting the business for years in the future.
In times of crises, there’s a need to, “Get it done ASAP, don’t care how!” This is totally fine, and laudable, in fact. But when the crisis ends, now what? Will the hastily chosen product be the new corporate standard for the next five years? Really? So, the one vendor who tossed you a few free licenses, or the random one who had an employee not sick enough to answer the phone is now your corporate standard forever?
Ironically, this is not automatically a bad thing. Maybe you’ve been advocating for moving off of old PCLM onto a new cloud-based modern management platform for years, with no luck. And now, suddenly, you have ten thousand remote Windows clients. Well would you look at that, we have modern management now. Yay!
This can be a double-edged sword because a crisis could also cause you to double down on outdated yet familiar modes of operation. Absolutely something to think about, though.
The final thing to think about is your communication strategy. This is a broad area which covers many channels:
Your company to your customers
The obvious communication that most people think about is how each company will communicate to the market and its customers about how they’re running their business and how operations are being handled. At first glance, you’d think this has nothing to do with IT.
But these days, company operations rely on IT operations. While the external comms might be handled by a PR department, IT will be responsible for telling the story of how they are planning to keep the company running when employees are remote and everyone is scared. Be ready to talk about your continuity of operations plans that were (hopefully) in place, as well as explaining how you were able to reconfigure resources to support your employees wherever they are.
Your company to your employees
The next thing to consider is how you will communicate to your employees. Again, HR and the leadership will do most of the talking, but people are going to want to hear the details from IT. Some high-level suit will get on a company video and say, “Employee well-being is our top priority, so in an abundance of caution, we are closing the office.” Fine. But next will be a million questions for IT about how that actually happens and how IT will have to be involved. (hopefully ahead of time).
Remember that your employees will be more concerned with their own health and safety, so IT needs to be able to communicate with employees in succinct and brief ways that panicked users can actually consume.
Maybe that’s company-wide or regional emails, or an internal web page with updates (which, of course, can be made available from users’ iPhones in whatever random location they’re in). If you have the ability to message subgroups of employees, you can use texts or push notifications or some other way to target individual employees.
Remember that this communication should be two-way as well. Ideally, you’ll have a way for employees who need help to contact the company, or a way to easily ping your employees to find out if they need anything.
Your IT department to other departments
The final communication nuance to think about is something that you’re probably not thinking about, which is that you need to ensure that the senior levels of IT management are able to communicate with the senior levels of legal, HR and other areas of IT.
For example, we talked about how you might need to relax certain requirements around VPN connectivity to allow all the newly remote users with random hardware to get on the VPN. During an emergency when everyone is distracted and working remote, how easy will it be to pull together the legal, privacy, compliance, etc. officers to make the executive decision to relax the rules to enable the workforce to operate!
For those of us who’ve been in IT for a long time, you know that our primary driver is risk reduction, which is based around planning for various outcomes and knowing that things will happen as you expect. A crisis is the opposite of that. Even as I write this, we don’t know how long people will be impacted, how bad things will get, and what the overall impact with be.
It’s really easy to think about what we could’ve done, or should’ve done, and billions of dollars will be spent on technology to prepare for emergencies in the next few years (humans are really good at spending money to prepare for yesterday’s threats).
For each of us, the important thing is to look at what we can do now to keep the business running. You will absolutely not run at full productivity, but even if you are caught off guard, you can still keep the lights on.
Each day over the next few weeks, we will be rolling out a series of posts and resources around business continuity. We also hosted a business continuity webinar, Pandemic Preparedness and Response: How to Quickly Set Up a Remote Workforce for Success, that you can watch on-demand.