Pro. Or no Pro (Houston we have a problem)

Using a computer for business as well as personal use can leave users with a decision to be made, to go “Pro or no Pro”.

Windows 8.1 is about £99, but 8.1 Pro weighs in at £189 that’s quite a substantial difference for the money, and lots go for “Standard” with the money value saving on costs. Or, is it? It really does depend on your business requirement, but as the article tries to prove, saving a few pounds may actually cost you more (in time and effort as well as money)

The differences

The differences between the two versions should really make your decision for you, if you don’t need them fine Standard is your man. But, if you want the extra features, or like the idea of having them available the choice becomes a little more clouded.

There are three main differences that separate out the versions.

Remote desktop.

Hang on! RDP is available on standard edition. It is but it’s a one way ticket you’ll find that your can RDP out, but no one can RDP into your machine.

This is a bit of a nuisance if you need to get something off your machine at home, or a colleagues and they haven’t saved it on Onedrive. It’s also a swine if you have a problem and you want IT to remote in and have a look at the problem.

Yes there’s alternative solutions services such as Logmein, or software such as Teamviewer, but before you dismiss Pro think carefully. Subscriptions to services are renewable, reliable products like Teamviewer have strict user licence when used professionally, these costs will end up replacing the money you think you’ve saved not getting PRO if you’re not careful.

Bit Locker Encryption.

In my opinion if you have a company laptop that leaves the office with you on your travels it should be configured so that the data is protected by encryption, should the laptop be lost of left. Yes, ITIL and ISO declares that no company information should be saved locally (more on that later). But in reality users do even if it’s for short brief moments and then delete afterward, but “forget”, this has been seen on several machines returned for repair I’ve been involved in.

Bit locker is included in Pro, and like the above scenario there are third party versions available, but again cost in buying, setting up and maintaining, even if not by yourself but by company IT starts adding

The company network (domain login)

Does your machine need to access the company network? A grey area for mobile, out of office workers, but let’s look at some scenario’s.

Email – If you need to use outlook email, it’s a damn sight easier if you’re on the company domain. If you’re not domain, it’s still possible to set up Outlook to get email from outside the domain/network, but certificates need to be added, a few more settings need adjusting, again a cost in time and effort. So much so, some other companies I know have the hard and fast rule of using Outlook Web access only for non domain users, with the point being that no files are stored on the machine, but that means no address books etc too sometimes.

File management – Company structure drives for sales marketing and support, each is dedicated to their own teams, but occasionally marketing may require sales info, or visa versa. The network and domain user can be easily configured to allow this requirement.

But if the user is outside of the network then the woes begin, mapped drives have to be configured and maintained on the remote machine to allow network access (remember you haven’t got RDP so a trip to the office to put the laptop up on the ramps is required). Added to that you have a possible spare key to your data wandering the internet.

As much as I love Onedrive not everyone will want to put or trust to cloud drives, and again the possibility of access to the drive is a threat if the machine is lost.

Summary

It’s not an easy choice as first looks, I can’t stress enough that it is down to requirements. For company machines I personally would recommend going PRO as it saves time and effort on IT resources having to configure users machines if they’re remote workers.

A cheap solution is to allow staff to RDP to the works desktop machine (or virtualised machine) and let them do company business on that via a VPN. This is a workable solution to a degree that I myself use frequently, the advantage is that should the connection fail from the remote machine your work is sat on the remote company PC and can be picked up again later. No data is exchanged from your machine outside of the office it’s still kept within the confines of the company domain. The huge risk is that you can VPN in from any machine, and you won’t always know the history of the machine doing the remote (does it have AV?). Again cost in time and effort ensure that the machine is safe and actually up to scratch of doing the work.

For those that think they made the wrong choice there’s a way you can hop on from standard via PRO pack, you also get some nice additional features such as the media centre too (for some strange reason)

Advertisements

Use of company Wi-FI (A simple solution)

The simplest ideas are sometimes the best

The nasty problem of Wi-Fi use raised its head this week at work, the problem being that the “guests” were given the company Wi-Fi password to use their own computers on. So what? Coffee shops, bars and shops dish it out Wi-Fi all the time, so what’s the problem in that?.

The problem is. That the company WiFi is an extension of the company network on the same IP address to allow company laptops the same access as wired machines, Unfortunately “the happy to help” attitude basically left non employees with direct access to the Cloud servers, and internal servers the company has available. Although the guest’s weren’t very likely to deliberately cause damage, the devices they we’re using had not been assessed, it was not known if they had run AV, or for that matter what the user intentions were. Possibility of malware or virus infection was there, which could have crippled the business.

So basically we’d given strangers a front door key to our home and left a sort of “help yourself attitude”. And so, after several sirens and klaxons had been sounded, and the users hastily ushered from the connection. We need some rules putting in place, to prevent this problem occurring again.

The IT Genghis Khan

ITIL practice, and ISO regulations would basically use the boot heal and say NO to such actions, that company Wi-Fi should not be opened up to external guests, nor to staff not doing company business, stamping out any possibility of free Wi-Fi use over the existing setup. And thereby another network would have to be used, incurring costs and setup time.

But the reality of the matter, is a small firm with very busy employees should look at Wi-Fi as a perk for staff, a little bit of feel good never does any harm, and can be a positive to staff morale. Allowing people to read personal email/use social media during breaks & lunch, brings a level of trust between a company and its employees. Granted nor do you want to open a Pandora’s box of everyone one online shopping, watching full films or episodes via streaming either.

Common sense, and a few simple rules can be used along with a few minor restrictions to make secondary Wi-Fi available to guest an staff alike without creating grey hair on IT, or the “No you can’t” type speech your parents gave you when you were little.

Solutions

Okay a quick google on the subject, was the equivalent of swimming in mud, lots of rules of best practice to start with, followed by you’ll need extra routers, you need to set up VLANS. The vision of a Wi-Fi utopia was fast disappearing replaced by grey images of grumbling IT installing and maintaining equipment that the finance manager had cried over the purchase receipts for !

No nonsense

A colleague came to the rescue the next day with an idea so simple it seemed daft at first, and didn’t instantly look like the best solution. But, after two days trial appears to be a corker of a solution, with little or no costs, or over excessive maintenance required.

Instead of dedicated hardware access points, use Wi-Fi hotspots, but done via the use of old company phones sat in draw gathering dust. Yes I know you can set the physical PC to be a hotspot too, but the use of the old phones turned out to have better results with less fiddling that you can believe, added to that this option is mobile, signal strength improvements are are difficult as plugging the phone into a nearer PC to the WiFi user requirement

Tethering & Internet pass thro’

Firstly when you use your phone as a Wi-Fi hotspot you use your data allowance over the mobile network. There’s no way this was going to happen with the old SIM-less phone. So the old android phones were set up for internet pass through basically allowing the phone to use the internet connection of the PC it was connected to via USB, with mobile data turned off, to prove no additional magic was in use. Okay we have internet extension now for the entry point, first hurdle over.

WiFI Hotspots – solid little solution

Having used my own phone occasionally as a hotspot for my own needs made me over look some obvious advantages to this method, which has to be considered for other multiple users. Which is security, security and security.

Firstly security: You can name and password the SSID of the hotspot, so you can make things look professional with CompanyName Guest WiFi and put a password block to halt the immediate access to all and sundry. Also the phone hotspot enables number of users restrictions limiting physical connections and not risking being swamped by a hoard of WiFI hunters/users

Secondly security: WEP WPA2 are all options you can allow, ensuring that the WiFi connection you use is secure. After all if you’re doing a little on line banking the risk of being nosey’ed on is something you want to consider and enjoy safe browsing and use.

Finally security: The hotspot uses its own IP range, this gave a massive advantage in trialling this method. The company 192.168.xxx.xxx was not easily obtainable as the hotspot belched out a different 192.168.xxx.xxx addresses. Meaning that Wi Fi internet access didn’t allow nor clash with the range used for the precious company cloud network we rely on.

Suck it and see

So two defunct android mobiles were setup and trialled as WiFI hotspots one for staff, and one for visitors. We tested the staff one immediately and all seemed okay. The androids work fine without a SIM card (unlike a certain other brand of mobile) just to prove and ensure that we’re not using mobile data.

The following day we actually had visitors and presto a request was made for them to use WiFI, so the second hotspot was enabled with the first still running and both got a baptism of fire and appeared to hold their own.

Things can only get better..

So I doff my cap at James Mottram @mottyjm, for not only coming up with the concept, but for putting to use some defunct tech that was laying around and scheduled for the bin.

It’s very early days, and more testing needs to be done, will the connection hold if the PC it’s linked to connects to another network by using a virtual PC. Putting a proxy/firewall on the phone generating the hotspots to prevent un savoury sites being visited via  free software via the android store.

Signs look promising, so much so a draft WiFI policy has been created. Its looking a cheap and practical solution to a complex issue, that was basically sorted in a couple of hours work locating old tech and configuring the devices.

So depending on your needs you may want to give the idea a go, be interested to hear from anyone whose done similar, so as to avoid any pitfalls in the idea (if any) or better suggestions to improve the solution further.