Remote working with legacy apps
– We must have a powerfull modern VPN to manage all load from users working remotly!
– NO, NO, NO there is a better way!
The past year I have been working with all kinds of organizations to enable remote working. My primary role is a solution architect on the modern workplace. But we have alot of legacy workplaces out there. And in many cases the organizations refuse to change what should be changed and you cannot design the optimal solution. Large enterprise organizations is the hardest one´s to convince.
So, what is the Modern Workplace? I reuse the same words as Microsoft use. Empower your users to be able to work anywhere, anytime on any device but also in a secure way. Microsoft 365 and Google Suite is a perfect example of parts for a modern workplace. Collaboration, productivity and file storage in cloud solution. Accessable from anywhere, anytime on any device.
So, what is the Legacy Workplace? This is when your organization is using legacy on-premises applications that is hard to work with from anywhere, anytime on any device. Lets say you are running an legacy client server Order system. You have sql database server, application server and a client gui application.
You have Microsoft 365, your collaboration is modern. But you have a legacy Ordersystem that only run if you are connected to your LAN. Emplyees need to be able to enter new orders, otherwize the business will not make money. The Order application is not built for remote work, it is a an legecy gui application that needs direct access to the application server. So how to get a Modern workplace?
– The old way with Always On VPN / Microsoft Tunnel
I do not recommend this design. I have done numerous of Always on VPN designs the last couple of years and will probably not do it anymore. This is the old way of leaving the door wide open to your most private resources. Yes it will work, the users can connect and get access to the application as if they were connected to LAN. But these days with zero trust thinking, to give a user full access to LAN from anywhere, anytime on any device is no good idea. Microsoft Tunnel is the newest addition to this concept with some additional conditional access support. But initially built for ios and android only.
– Upgrade or replace
I often hear, we must have a VPN solution to access this legacy application. NO, think the other way around! How can make the application modern so that we can decommision the VPN? Can Order application be upgraded to support webbased access or can it be run as a cloud service? If not, Can we use an alternate product that is modern. The price tag for update or change the applicationn will probably be cheaper in the end compared to modernize the VPN solution.
– Windows Virtual Desktop
If you already use Microsoft 365, you have the license to implement WVD. It is simply a Windows 10 (or 7) running in cloud. Accessable from anywhere, anytime on any device. In this WVD you can install the legacy application and make it available as a complete desktop or as an RemoteApp.
Another way of making the legacy app a modern app is to build a new frontend. PowerApps offers a no-code solution to create apps that can connect to multiple services. One of the services is an on-premises data gateway. With this gateway you can connect and work with on-premises data like the sql sever. If you can understand the datamodel and table structure for the legacy applicaton, you can now build a new application nterface in Microsoft 365.
Another way of doing the new frontend with powerapps is to use UI flows. You simply make a new modern form based powerapp tha you use to enter new orders. When an order form is sent, it will fill all the fields in the legacy app and press the save button.
So, modernize your thinking! Do not see that legacy application as an static module and take wrong dicisions around it. Make the legacy applicationn a modern application to achieve the Modern Workplace!