question No more computers

LunarMist

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
There is a rumor that next year all our company laptops will be taken away and then we will be doing everything with Muko 5 on our own "personal device." This sounds just awful. :( Any experiences?
 
MaxBurn

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,245
Location
SC
Do you get some sort of monetary compensation for using your own machine? If so sounds great. Do they still think they are going to tell you what is OK and what they don't want to see?

No idea what Muko 5 is.

I wish I could get rid of the crappy company machines they gave me.
 
LunarMist

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
I assume we will receive an amount that is less than the cost of a good laptop.
 
MaxBurn

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,245
Location
SC
LunarMist said:
I assume we will receive an amount that is less than the cost of a good laptop.
Click to expand...

I think I would still take that if offered. Assuming they aren't going to try and tell me what to get.
 
Mercutio

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,269
Location
I am omnipresent
That sounds like a support/administration nightmare. Microsoft and Cisco both have tools for ensuring that systems have current security software and patch levels prior to negotiating a full network connection, but I can think of way too many problems with that policy to be comfortable.
 
LunarMist

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Well all they will support is the Moku 5 VM, which I assume has some security. The computer, OS, etc. would be the user's problem if what I understand is correct.
 
Handruin

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,920
Location
USA
A VM is how I do remote work with my company. I install a corporate windows 7 image with all their security, VPN, patches, AV, etc and then just run it as a VM on my personal machine. It runs better/faster then any of the equipment provided to me for desktop or laptop usage. I'd rather my company give an allowance to build my own system. They are otherwise migrating people to a VDI solution for reduced cost and administration. The problem is, this doesn't work well for engineering.
 
Howell

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
The problem is that they are now dependent on you maintaining reliable equipment and support contracts for your productivity. As usual some will be more motivated than others. Will they have loaner equipment available?
 
timwhit

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
What happens it the user's host system is compromised? Can't this in turn have deleterious effects on the virtual machine as well? Sensitive data will still need to be transmitted through a shared NIC.
 
ddrueding

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,728
Location
Horsens, Denmark
timwhit said:
What happens it the user's host system is compromised? Can't this in turn have deleterious effects on the virtual machine as well? Sensitive data will still need to be transmitted through a shared NIC.
Click to expand...

I'd assume that the VM establishes an encrypted link (VPN?) with the server independent of the host, and maintains its own AV and the like. Not completely secure, but neither is anything else given to a user.
 
Handruin

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,920
Location
USA
ddrueding said:
I'd assume that the VM establishes an encrypted link (VPN?) with the server independent of the host, and maintains its own AV and the like. Not completely secure, but neither is anything else given to a user.
Click to expand...

This is how mine functions. The Guest OS has its own security and AV installed. The only way I can connect to work is by first establishing the VPN. I agree that is some virus or exploit gets into my base OS and knows how to target the guest OS, there is little I can do about managing that and need to rely on VMware for patching security exploits. Limited things I can do are to encrypt the guest OS hard drive to help reduce some exposure, but honestly, I do no work on the actual VM. I RDC and SSH in to everything at work and my work files never get saved on the VM. They all remain at work. Even if a key logger captured the VPN login, it changes every 60-seconds due to my RSA pin.
 
Mercutio

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,269
Location
I am omnipresent
I assume you guys are using the Mandatory Access Protection feature that's baked in to Windows Server 2008 to do that stuff, in which case end users can get access to a provisional network with internet access to have updates and virus definitions loaded even if your VM is judged unfit for full intranet access.

That's one of the niftier things they put in Server 2008, but it still seems like a huge administrative headache to me.
 
Handruin

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,920
Location
USA
Mercutio said:
I assume you guys are using the Mandatory Access Protection feature that's baked in to Windows Server 2008 to do that stuff, in which case end users can get access to a provisional network with internet access to have updates and virus definitions loaded even if your VM is judged unfit for full intranet access.

That's one of the niftier things they put in Server 2008, but it still seems like a huge administrative headache to me.
Click to expand...

I don't run server 2008 at home, so no. The few Server 2008 systems I do manage at work don't need this level of security. They don't hold any data that would be considered at risk for the company. 95% of our VM infrastructure these days are purpose-built SLES appliances developed, patched, and audited by a specialized team.
 
Howell

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
Mercutio said:
I assume you guys are using the Mandatory Access Protection feature that's baked in to Windows Server 2008 to do that stuff, in which case end users can get access to a provisional network with internet access to have updates and virus definitions loaded even if your VM is judged unfit for full intranet access.

That's one of the niftier things they put in Server 2008, but it still seems like a huge administrative headache to me.
Click to expand...

We are not that paranoid. I review WUS & AV reports and go after machines that get behind.
 
LunarMist

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Handruin said:
A VM is how I do remote work with my company. I install a corporate windows 7 image with all their security, VPN, patches, AV, etc and then just run it as a VM on my personal machine. It runs better/faster then any of the equipment provided to me for desktop or laptop usage. I'd rather my company give an allowance to build my own system. They are otherwise migrating people to a VDI solution for reduced cost and administration. The problem is, this doesn't work well for engineering.
Click to expand...

I don't know how the VM thingie works, but I heard some Mac users will like it because the Moku 5 VM runs on them too. Apparently there is some other brand of the VM they are also considering. I hope the project does not occur as I would need to buy a laptop for that. In no way would I want anything work related on my personal laptop. I surely don't want a laptop with the dreaded Win 8 either.
 
Last edited:
You must log in or register to reply here.
Top