At the end of 2019, we started experimenting with fully remote work for part of our team. We had no idea how much this investment would pay off. Here are our experiences with building remote-first infrastructure.
Why remote work before the pandemic?¶
The reason was prosaic — we wanted to attract talent outside Prague. A senior Java developer in Brno didn’t want to commute, but he was exactly the person we needed. So we started building infrastructure that would enable full-value work from anywhere.
Our starting situation wasn’t ideal. Most internal systems ran on-premise, VPN was dimensioned for 10 concurrent connections, and company culture assumed everyone sat in the office. The change had to be both technical and cultural.
VPN — necessary minimum, not a solution¶
From OpenVPN on one server, we switched to WireGuard with redundancy. WireGuard is faster, simpler to configure, and has significantly lower latency. For developers who need to access internal Git repositories and CI/CD pipelines, it was a game changer.
But VPN is just a tunnel. It doesn’t ensure that the user on the other side is who they claim to be. It doesn’t ensure their device is secure. That’s why we started exploring alternatives — we’ll write about the Zero Trust approach in the next article.
Virtual Desktop Infrastructure¶
For access to sensitive client data, we deployed Apache Guacamole as a clientless remote desktop gateway. Developers connect through a browser to a virtual desktop where they have everything they need. Data never leaves the datacenter.
VDI has disadvantages — latency when writing code, IDE behaves differently than locally, you need plenty of server power. But for compliance-heavy projects (banks, insurance companies) it’s often the only acceptable option.
Cloud tools instead of on-premise¶
In parallel, we migrated tools to the cloud:
- GitLab — from self-hosted to GitLab.com (SaaS)
- Jira + Confluence — migration to Atlassian Cloud
- Slack — replaced internal XMPP server
- Google Workspace — documents, calendars, meet
Result: no tool requires VPN, everything runs in a browser, and management is simpler.
Security and cultural change¶
Remote work brings new challenges. We implemented MFA everywhere, device management, network segmentation, and audit logs. Surprisingly, the hardest part wasn’t technology, but people. Managers had to switch to outcome-based management — no decisions by the coffee machine, everything in written form.
Key rule: what isn’t in written form doesn’t exist. Every meeting has minutes in Confluence. Every task is in Jira. It’s more work, but it ensures that remote colleagues have the same information.
Investment that paid off¶
Remote work infrastructure isn’t just VPN and a laptop. It’s an entire ecosystem of tools, processes, and culture. We invested months of work into it — and it would soon become clear how prescient that investment was.
Need help with implementation?
Our experts can help with design, implementation, and operations. From architecture to production.
Contact us