Are you a work-from-home consultant? Do you connect to your clients through different VPN clients? Here are some tips based on how I work that might help you. What I do might seem like overkill on the surface, but it does have tangible benefits for my particular use case and preferences.
Everyone Gets an Island
Generally speaking, I like to keep my main computer separate from any computer I use to connect to a client requiring a VPN connection, and I like to use a separate computer for every client. The easiest way to do this is to use virtual machines (VMs).
Your first thought might be that this sounds unwieldy. To a small degree, it is, but I have my reasons for doing so:
- I don’t like to pollute my primary machine with multiple VPN clients that have the potential to interact with each other and cause network and/or performance problems.
- Being connected to a client VPN can impact your other network connections. If you’re multitasking on multiple projects with different VPN clients on the same machine, you’ll probably experience some unwanted side effects.
- I also don’t want to accidentally move a file related to one customer to another customer’s server. While I’m generally diligent enough not to do something like that, I prefer to eliminate that risk altogether.
- I don’t like to use a single VM for all client connections for the same reasons as #1 and #2.
- Even if no VPN is required (i.e., there’s a protected remote desktop session), I still prefer to use a virtual machine to keep things separate.
- The virtual machine is for all intents and purposes, a portable sandbox. If something goes wrong with my desktop, I can move a VM over to my laptop and continue working like nothing happened. It’s also handy if I’m working with someone who needs to take over from me — all I need to do is give them a copy of the VM.
- In the case where you need to create a software environment similar to your client’s, you can. More often than not, the operating system and software versions will not be the same as your host computer. Doing it in a VM is just a better solution. And if you’re juggling multiple clients with different versions of software, you don’t want to be intermingling all of that potentially incompatible stuff on a single computer.
So what are the costs of this approach?
- Disk space costs – you will have a proliferation of virtual machines that eat up disk space. My response to this is that disk space is relatively cheap these days. Heck, you can get a 10TB hard drive for less than $500CAD, and that can hold a lot of virtual machines. For VPN/RDP only VMs, we’re talking about maybe 20GB of disk space per VM, which works out to 500 small VMs on a single 10TB drive.
- You need an operating system for every virtual machine. Depending on the OS you need, this can be a non-trivial cost. If you’re a consultant and your projects are short lived, i.e., < 90 days, you can simply use a trial version of Windows Server. You can, by the way, extend a trial version of Windows Server to 3 years. If you ask me, 3 years is plenty of runway to complete most projects.
- You need to create a template VM. If you create a template using a Windows Server trial, you only need to do this once every couple of years (the trial clock starts ticking after you finish installing the trial on your template VM). Spending a couple of hours every couple of years isn’t too heavy an effort cost, in my opinion.
- You need to make copies of your virtual machine. If you’re still using a hard drive, this can take a few minutes, but I don’t consider that amount of time material. If you’re really keen, you can use something like Vagrant to make this even more easy.
- You need to back up your VMs. If your VM’s footprint is under 25GB, it will likely fit on a single layer writable Blu Ray disc (depending your writer’s capability and blank media availability in your region, you can get writable Blu Rays with capacity as high as 128GB). Don’t have a Blu Ray burner? Get one. They’re start at under $200, and are incredibly useful for archiving data.
- Running a VM consumes CPU and memory. Depending on how much software you need to install locally for your client, this can be an issue. If you are just making VPN connections and using remote desktop from the VM, it’s not going to be a huge impact on a well equipped machine.
Keep in mind that this is how I’ve chosen to do it. If you plan to share a VM with someone else working remotely, you might be better off renting a Windows instance from a cloud provider like Microsoft Azure or Amazon Web Services. There is obviously more than one way to do this (if this is even something you want to do), so be creative.
Virtual Machine Tips
For client connection VMs (where I don’t need to replicate the client’s environment), I use auto expanding virtual disks. Depending on what filesystem your backup destinations are, you might want to segment the disks into 3.9GB segments so that you don’t have to ZIP and then segment them. Auto expanding disks aren’t as performant as fixed size virtual disks, but they offer you a lot more flexibility especially from a portability and backup perspective.
If I need to replicate a client’s environment and install a significant amount of software, then I would go with a fixed size virtual disk.
When possible, keep your active VMs on a separate physical drive from your boot drive. The last thing you need is for your host and guest machine competing for I/O off the same drive.
If you can, put your active VMs on solid state drives instead of mechanical hard drives. You’ll get much better performance that way. Since hard drives are cheaper, it makes a lot more sense to put your inactive VMs on a hard drive or archive them to some type of offline storage.
Remote Desktop Tips
Chances are, if you’re working remotely, you need to connect to multiple machines via remote desktop. If you’re lazy, you might just run Remote Desktop every time and enter your information all the time. Sure, this works, but saving Remote Desktop Profiles can make your life much easier.
If you’ve got a multiple monitor setup and you don’t want to be running each RDP window in full screen, this is where saving your profiles come in handy. By default, all new RDP connections maximize to full screen on the screen you launch with. I have 4K screens and I hate it when this happens. Before I connect to any new RDP connection, I set all my run options (Click on the Show Options button to access them) so that I can enforce a consistent window size and set access to local resources and save them to either the desktop or an easily accessible folder.
Got a Spare PC? Make a “Client Connection Box”
If you’ve got a home lab set up, you can ignore this section. You’ve probably got this part figured out already.
If you don’t want to use up too many cycles on your main machine, you can create a “client connection box”. This is basically a dedicated PC acting as the VM host running all your client guest VMs. You can use a rack mounted server running a hypervisor, but most people probably don’t have one. Also, I tend to think they use too much electricity and produce too much heat and noise.
If you have an older PC that’s no longer really being used but has decent resources (in terms of CPU and RAM), use it. Alternatively, you can buy a refurbished PC for pretty cheap. I like Dell refurbs, because they’re cheap and reliable. Depending on the model you choose, the cost of a Dell refurb can be just a little more than the cost of buying a brand new Windows Pro license (which, by the way, is included with the refurb), so in other words, they’re a steal. Maxing out the memory and adding a larger hard drive also doesn’t add too much to the finished cost.
If you’re using a client connection box, you can do some remote desktop inception (remote desktop into the VM, and then remote desktop from the VM to the client machine).
I have a client connection box, but for power consumption reasons, I choose not to run it 24-7 and put the machine to sleep when I don’t need it. To make it easy to wake that computer (which is on a different floor than my office), I’ve enabled “Wake On Lan” using magic packets on it. If you’ve never used it before, what it does is it lets you wake up a computer remotely by sending something called a “magic packet”. I use an app to wake up machines that way.
If you’re going to do a client connection box, it should go without saying that it works best if you’re using a wired gigabit network as opposed to using wireless.
My approach obviously isn’t for everyone, but it works for me.
I am a big proponent of separating concerns (in this case, a concern is a client for whom I do work for remotely). There is a little bit of initial overhead to get a process in place, but once it’s done, the main costs for me are the time to replicate the solution for every new client (we’re talking minutes, not hours), and there are side benefits to this method, provided you have good habits (like doing regular offline backups).
Don’t take my advice as gospel — feel free to come up with a solution that works based on your needs and habits.