Even in the midst of an economic recovery, maximizing the value of their IT investment is paramount for many small and mid-sized organizations just beginning to reinvest in the technology stack. Faced with aging client hardware and obsolete operating systems, they still opt to risk exposure when faced with competing infrastructure and application requirements that have stacked up through the lean times. “After all,” the thinking goes, “we don’t have any secret data, and are just too small to be a target to anyone.” As the new head of IT (in a department of one), your challenge is to quickly assess the needs of the organization, prioritize the anticipated spend, and maximize the overall operational impact.
In my situation, I recognized that the big ticket item had to be a major overhaul of our aging proprietary software, which is the foundation for all business operations. For an organization without a formal technology budget, the sticker shock of this undertaking precludes any additional security projects being approved in the short-term, and yet the risk remains. For my peace of mind, I knew that I needed a solution that would mitigate our exposure with minimal cost while still maintaining usability for my field technicians.
At this point, a bit of background is in order. Our field techs work in the early phases of construction – while dirt is being graded, roadways paved and foundations poured. The laptops and air cards we provide are merely a means to connect with our internal servers and the applications necessary to record the test data and observations captured on site. Our techs do an admirable job of taking care of their tools, but it is a harsh environment, so durability and cost are the primary factors in determining the hardware we issue. The challenge was to move these machines from Windows XP to something stable, secure and easy to use, all while not investing heavily in what amounts to disposable assets.
The obvious solution would be to purchase Win7 Pro System Builder licenses and refurbish all of the hardware. Past experience has shown that building one-off machines to be a full day’s effort by the time updates and any necessary productivity and security applications are installed. Yes, an image can be built with the updates slipstreamed in, but for a small organization with limited resources, the overall time savings associated for a couple dozen builds is minimal. The benefits include long-term support from a known entity, the internal skill set to build, deploy and support the OS, and our techs’ general familiarity with the user interface.
As a member of the leadership team it is imperative that I perform my due diligence in order to determine the best possible outcome for our company, regardless of where it falls within my personal comfort zone. A little self-disclosure here – I’ve been certified by our friends in Redmond and have spent my entire IT career in Microsoft shops, so I’m not one normally found banging the drum for alternatives. Windows became the de facto business standard for a reason, and my primary interest is in how to advance my organization. While I have a fair amount of technical expertise, I’ve never really been a command prompt guru and probably can no longer even spell DOS, so I don’t consider myself the prototypical open-source advocate.
With that background, I started looking at some of the free operating systems branching out of Linux and determined that Ubuntu – specifically version 14.04.x LTS – looked like it would fit my needs. First, the Ubuntu community promises support for this version for the next 5 years, or well beyond the life-expectancy of any hardware I’ll be deploying. Secondly, the community itself is vast and interested in expanding their user base, so is it is easy to find someone – even locally – willing to offer their time and expertise to help anyone overcome the challenges they are facing with making their particular system functional. Not certain if it would actually work, I started building a proof-of-concept machine to demonstrate to myself, the management team, and my end-users.
Downloading the ISO image was a breeze, and the installation wizard was intuitive. The real surprise was that the system was ready to eject the media and reboot in less than 30 minutes. When I logged back in, I discovered that I didn’t need to find and download additional drivers for my wireless card, and that my printers had been identified and installed. Even following another round of software upgrades, I had a functioning device, complete with connectivity, printers and an open-source office suite in about an hour. Still, could I make this do what I needed to for the company, or was this just an exercise in cute, but with limited enterprise usability?
The first test involved whether I could use the Remote Desktop Protocol to effectively connect into our domain. ‘Remmina’, the RDP client included with the base image fits the bill perfectly, again with an intuitive set-up offering sufficient options to satisfy the host system requirements. For better or worse, it seems that all Linux-based systems require that you jump through a couple of hoops if you want to connect with admin privileges, but for my field techs this really isn’t an issue.
My more pressing concern was with finding an air card which would work with both my cellular network and Ubuntu. While speaking with my carrier I learned that they had just started carrying a new Novatel MiFi USB Modem (U620L) that is compatible with both Win7 and Linux. I had one on my desk the following day and began the task of finding the appropriate installation documentation for the relatively new device. It seems that the Ubuntu community had documented the step-by-step instructions for a number of different devices, but there was nothing yet for the USB MiFi. I turned to my local Ubuntu Users Group, and was invited to bring both my hardware and questions to their next scheduled meeting, where there would be a number of people who always enjoy a new challenge.
By the time the appointed Saturday rolled around, I had a machine that would connect once on demand, but wouldn’t maintain a persistent state, and required a series of cryptic commands be entered into a terminal window with admin credentials – nothing I could put out into the field. Because the process seemed relatively simple, I’d also built a second machine, but was unable to repeat the USB Modem connectivity I’d achieved on the first device. Armed with questions about the viability of my experiment and whether we could develop a repeatable process for deployment, I arrived at the meeting with a fair dose of skepticism.
What I found was a group of smiling people helping out with a variety of Ubuntu questions, ranging from dual-boot installations for a MacBook Air to a conversation about how to best resolve a programming issue that went far beyond my level of comprehension. As I unpacked and set up my 2 machines I was joined by a gentleman who introduced himself as Paul and we began discussing my dilemma regarding the differing behaviors. Following a systematic review of my configuration settings we discovered that I’d failed to grab all of the available software updates, and rectified the situation with a couple of check boxes. The bigger issue remained that I still needed a way to maintain persistence with the MiFi device that didn’t require the techs to enter any commands or admin credentials. We soon had a small crowd gathered around as Paul and others discussed the pros and cons of various options to trigger the Ethernet emulation that is required for MiFi, but after about 3 hours we had completely scripted out the steps necessary to launch the USB Modem at boot without any further intervention.
I’ve since confirmed and documented a repeatable process that I’ve applied to about 2 dozen machines. My build time is down to about 90 minutes, from receiving the machine through cleaning it up and popping out the keyboard to double the RAM, to a complete installation ready to return to the field. Training for the techs is under 5 minutes, and I’ve included a short (9 step) cheat sheet should they forget the process. Feedback from the field has been universally positive, and the users report that the system is extremely stable. The security side of me is thrilled that we’ve moved our users from the obsolete WinXP, while my business side loves the fact that we saved a few thousand dollars that can be used for other enhancements.
For us, the idea of moving to an open-source platform worked. Moving forward, our software will all be browser-agnostic and web based, so I don’t envision any issues as we migrate into a new way of capturing our field readings. Additionally, by using our existing Exchange CALs and OWA in Firefox we will completely move away from RDP, freeing some internal hardware and closing a potential hole in our security. This solution isn’t necessarily for everyone, but I encourage you to open your eyes to the possibilities of trying something outside your comfort zone. As IT leaders, our first priority will always be to find the best way of responding to the needs of the business – in the most effective manner. If the goal is to move from Point A to Point B, sometimes the best path is the road less traveled.