What a winter! The long range weather forecasters got it wrong, traffic in south eastern England ground to a halt at the first sight of snow – my usual 25 minute journey home turned into a 4 hour drive battling against the elements - but Microsoft was ready!
For several years now Microsoft has been developing secure systems which allow employees and contractors to work remotely, seamlessly and with minimal impact to productivity.
When I first joined Microsoft in 2001 we used Broadband (ADSL) or dial up to connect to the Corporate Network (CorpNet) using a VPN link. Things have developed since then and we now have different ways to connect or access services depending on what we need to be able to do.
- OWA – Outlook Web Access allows everyone to connect to the Exchange Servers from any PC to use mail, calendar, contacts, tasks etc. from any internet connected PC using just a web browser and a secure web page. This can be used on any PC by any employee or contractor who has a corporate mail account.
- Exchange Anywhere – This used to have the very attractive and compelling name of RPC over HTTP or RPC/HTTPJ. Since the release of Exchange Server 2003 this service has allowed the use of a domain joined work PC connected to the Internet to access the Exchange Server without having to have a VPN link to CorpNet. This again is available to anyone with a corporate mail account.
- Remote Access Service (RAS) – This service has been available for many years but users can now connect in two ways:
- Using an internal client called IT Connection Manager. IT Connection Manager sets up a VPN tunnel between the PC and CorpNet over the internet. While logging in (which requires dual factor authentication; in the case of Microsoft we use a Smartcard with a PIN) the system puts the machine into quarantine and performs a security check to ensure that the latest security updates have been installed, and that the corporate standard anti-virus, Microsoft Forefront Endpoint Protection, is active and up to date before completing the connection to CorpNet. This can take a frustratingly long time to complete. It also has the disadvantage that all traffic, including Internet traffic is tunneled through the CorpNet which can affect the quality of audio and video calls.
- A newer VPN client is now being tested internally. This VPN client still uses a Smartcard for dual factor authentication and it also uses elements of NAP (Network Access Protection) so that rather than checking the status of the PC it checks a ‘Health Certificate’ to ensure security compliance, in most cases this is a lot quicker. This tool also has the advantage of tunneling CorpNet traffic over VPN but allowing direct access to Internet Traffic for services which do not need CorpNet access.
- Direct Access
- With the advent of Windows 7 we are now trialing Direct Access. With Direct Access users can log onto their PC with their Smartcard and whether they have a connection to the CorpNet or a connection to the Internet their experience is exactly the same. Direct access also uses NAP and separates Corporate and Internet traffic.
- There is also a very small pilot running within Microsoft IT which uses the BitLocker key and the TPM (Trusted Platform Module) chip in the PC to validate the user. This system, which I am testing, means that wherever I am, provided I have an internet connection, I can do exactly the same things that I can do from my desk. Apart from the initial setup I do not even need my Smartcard for access.
So, what has this to do with the weather? Having this technology available has meant that on days when I’m physically unable to get to the office I can still work effectively – snow or no snow! I have Broadband at home and so I simply plug in my PC and collect my mail, get access to all the SharePoint sites for collaboration, get access to the tools that I need to do my job on a day to day basis, make or take telephone calls using Microsoft Communicator (the VoIP client on my PC for OCS Enterprise Voice) as if I were in the office and join audio or video conferences using Microsoft Live Meeting. The only things that I cannot do are anything which needs physical touch on site and enjoy the great coffee from the Spacebar in Building 3! In reflection, the main issue is really the coffee, as our infrastructure is monitored and can be configured by our remote Global Operations Centres in the US and India.
As part of the business continuity planning, Microsoft IT has installed sufficient capacity in North America for all full time employees to be able to work remotely and currently, in EMEA, we are working towards this target.
The snow may have stopped the traffic in the south this year but it certainly did not stop the Reading based Microsoft staff working from home while the office was closed – keeping the business of IT going.
IT Manager | Field IT