In my experience, all attempts to avoid going on the client network is attempted first.? Isolated islands are my preference, as well as most of the integrator's that I work with because then IT doesn't get involved (and our lives are easier).? When they request (or the system needs it) to go on the client network, we usually ask/hope for an AV VLan that we can quasi-manage ourselves (not manage, but assign static IP addresses that we need over the range of IP's in the VLan).? In other words, they hand us a subnet to use, and we use as we need and document, and let them know when we are done.? In this case, we may or may not have internet access on the VLan.? Other times I've ran into some of the restrictions that Lincoln mentioned, with ITSec so tough that they want MAC addresses of the equipment and PC's that go on.? Some will shut down ports if more than a single MAC is dectected on the port (making DM frames problematic if someone plugs into a courtesy port).
Almost all atempts to go on client network end up taking more trips to site, and more head-ache and is more time consuming.? Usually because IT NEVER, NEVER, EVER has everything setup for us when we are scheduled to commission.? This is the case whether it's network, VoIP/SIP, streaming, or Video Conferencing.? It's never up and working on our commissioning day.? Which means extra days for either the tech's or for me or both sometimes.? I've had to use temporary IP's on our switch and then make another trip to move stuff over to their network.? I've had to come back because they finally got their SIP setup and some issue with VoIP control needs to be fixed.? It's always something.? I've been jaded over the years of being burned on tightly budgeted projects due to IT not being ready.
In all these cases, there is only so much you can do.? I had one client that had everything locked down to mac address access.? When they requested a list of all the MAC addresses from all our techs on the project, I just gave him 2 mac address for 2 laptops I had (along with the other tech's laptops).? The project lasted for most of a year, (it was a full building).? After the project rollout was going smothly, I setup my second laptop with TeamViewer, and stashed it in our temporary cubicle we were assigned.? The integrator was there everyday for install, but I wasn't.? I was able to remote in and load changes/fixes or new rooms this way without having to go to site every time.? After everything was deployed, and Fusion was setup and working, I made one last trip to site, and grabbed my extra laptop. In the end, it's not much different than me being there in person connected to the network.
Most remote work I do, is not permanent.? It's usually a tech onsite, connecting to AV gear and internet (sometimes bridging isolated network with cell phone hot spot or the like) and I work over the phone with them to identify the issue they are seeing and make a patch, transfer and upload and retest.? Once it all good, I disconnect, and the remote session doesn't last more than an hour or two tops.? Sometimes it may only take 15-20mins.? This is the scenario 95% of the time.
You have to be able to do your job, And remote sessions, TeamViewer (etc) are part of that.? If you call Crestron or any other tech support out there, there is a 80% chance they will want to do a remote session with you too in order to help.? That's the cost of it.
I have not had the luck some of you guys have had with IT depts.? If I had to rely on an as-needed VPN, then it'd get activated a week after the tech left the site...maybe.
--
Jason Mussetter
Control Systems Designer
Mussetter Programming Services
www.mpsav.com
