COVID-19 challenged us at Bursys with status quo work environment especially at our offshore development center in India. We work with highly protected intellectual property for our customers and ourselves internally. We never allowed any work to be carried home by our employees including development and hotline support. It was good that we started planning immediately when we heard some news of closures in US. In anticipation of lockdowns in India, our teams kicked into high-gear and put on their thinking hats. As Work-From-Home (WFH) discussions took center stage, following questions were raised:
- Is our/customer’s intellectual property safe when people are working from home using personal or office laptops? We were not able to even purchase and build that many laptops in short duration.
- Should we allow employees to transfer data to their personal laptops?
- How do we support employees to resolve issues faced on their devices at home? Most of our employees are software developers with complex development environments with many data connections to customer/internal networks spread across the globe including on-prem and Cloud.
Our architects and project leads got into war room to come up with a Cloud architecture using Amazon AWS and design a work environment that will provide the following:
- Secure private networks on AWS.
- Secure data exchange between AWS data centers in multiple countries.
- Secure data exchange with customer networks.
- Easy to connect from any remote PC/laptop to cloud desktop over low Internet bandwidth.
- Manage all issues related to source code control, build processes and IT support in Cloud without having to worry about each employee’s local environment.
- Keep in mind that Internet bandwidth in India can be choppy sometimes.
Our teams researched various options and decided to create our own virtual private networks based in Mumbai and Singapore AWS data centers. We initially also looked AWS Workspaces, but workspaces is not available in the Mumbai region that would lead to bandwidth related delays in use of the system. We decided to build our own dedicated desktops that can be imaged, turned on/off as per needs to avoid running them 24×7. So, we will basically pay per use and not pay for unused hours. Please see the architecture below:
Our employees used the AWS VPN client to connect into AWS virtual private network and open remote desktop to get into a Windows system. Our developers had access to only the source control repositories and limited access to Internet controlled via our own proxy server. We built similar VPN’s in cloud as needed and even patched some VPN to the office network for limited access to resources per requirement.
Results of our WFH architecture are really good thus far with following benefits:
- Complete control of the work environment on cloud, no need to provide any technical support to individual employees.
- Secure access to source code for various projects.
- No ability to exchange data from local environment to work environment, helps keep the personal environment safe and vice-versa.
- Ability to work from remote places in India with low/choppy Internet bandwidth.
- Easy to setup a common environment for development projects and fire up new remote work environments at a moment’s notice.
- Secure data exchange with customer and other cloud environments globally.
About the Author
Prat Gupta, Ph.D.
Prat is a visionary software architect, investor, entrepreneur who founded different companies under the Bursys Group portfolio of companies. Bursys group has expanded operations since it was founded in 2005 in North America, Europe, and Asia. Bursys Group provides a full range of technology consulting and application development services. Bursys group has developed and launched FieldEquip, an innovative connected field service platform that brings machine learning and artificial intelligence to solve real-world field service automation problems. Prat also serves on various Boards for profit / Non-profit. Prat loves to engage with innovative & challenging startup ideas and always ready to fund promising ones.