Solved: Connecting to a client’s development site

melissasage · ‎11-11-2020

Hi, I am curious about working remotely at a client's site and what the best practices are. For example if a client wants me to do SQL server work I am thinking I need to connect to their site or their development environment using something like a VPN. Just looking for some feedback from folks that have done this.

The jobs I have done so far we're MS Access so we simply attached the database file in UP messenger.

lysis10 · ‎11-12-2020

Melissa S wrote:
Thank you. That all makes sense - especially about production access. I really don't see a way to work on a SQL server project without remoting i to the client's site.

They should take a copy of the production environment and mirror it in its own environment. This is how it *should* be done, but there are a lot of small-time bloggers and individuals who don't know how to do this. I've had people give me their credentials without even hiring me first in the message room (ooof). A lot of people don't understand, but if you work with enterprise clients they should have someone who can set up the environment.

You can remotely access SQL Server but they should have that disabled too. I guess it depends on their security setup, which I imagine is non-existent for some people on Upwork. They really shouldn't just give you a copy of their database (I guess it depends on what is stored too) and website files (chances are there are credentials stored unencrypted), but that's an option and then you can set up your own dev environment.

You don't want production access because anything that happens will be blamed on you and if you make a mistake you're making it in production which is obviously bad. They should give you an isolated environment that mirrors production with your own credentials, but this is best case scenario and I think wishful thinking with a lot of Upwork clients.

View solution in original post

shefen · ‎11-11-2020

VPN is one way, another would be remote desktop and yet another would be direct access where the access may or may not be limited to your IP address. All options require some configration on the server side, probably including firewall changes, so the choice is really up to the client.

I've been doing this kind of work for a long time. Not all ciients have the expertise to make changes that might be needed to give you access. Sometimes you have to talk them through it. Or you may find that they have not done enough to restrict access to others. Or they've given a series of developers access and not changed passwords between them.

If you're lucky most of your clients will have someone that knows what they are doing but you might be the expert, so be prepared to recommend changes to the way they do things in order to protect their data.

melissasage · ‎11-12-2020

Thank you. I have been programming for over 20 years but I am new to freelancing. Trying to figure out the mechanics/logistics of it.

lysis10 · ‎11-12-2020

Two things. If the client has their cybersecurity in check, they should have RDP set up with a whitelist of internal IPs, so VPN won't work unless they whitelist but then you should have a private IP (not shared crappy VPN) to connect to their VM because them opening a public access VPN would be really bad.

Also, they should not be giving you production access. They should mirror it and provide you with a dev platform or you set one up yourself. Best thing is for them to create an environment for you, but this would require some technical expertise so you might run into problems there.

melissasage · ‎11-12-2020

Thank you. That all makes sense - especially about production access. I really don't see a way to work on a SQL server project without remoting i to the client's site.

lysis10 · ‎11-12-2020

Melissa S wrote:
Thank you. That all makes sense - especially about production access. I really don't see a way to work on a SQL server project without remoting i to the client's site.

They should take a copy of the production environment and mirror it in its own environment. This is how it *should* be done, but there are a lot of small-time bloggers and individuals who don't know how to do this. I've had people give me their credentials without even hiring me first in the message room (ooof). A lot of people don't understand, but if you work with enterprise clients they should have someone who can set up the environment.

You can remotely access SQL Server but they should have that disabled too. I guess it depends on their security setup, which I imagine is non-existent for some people on Upwork. They really shouldn't just give you a copy of their database (I guess it depends on what is stored too) and website files (chances are there are credentials stored unencrypted), but that's an option and then you can set up your own dev environment.

You don't want production access because anything that happens will be blamed on you and if you make a mistake you're making it in production which is obviously bad. They should give you an isolated environment that mirrors production with your own credentials, but this is best case scenario and I think wishful thinking with a lot of Upwork clients.

melissasage · ‎11-12-2020

This has all been very helpful. I have worked with SQL Server for over 20 years (since SQL Server 2008) but have never worked on someone elses SQL server. It is very helpful to know the issues I may face and what to look out for. Thank you for taking the time to repsond to me.

melissasage · ‎11-12-2020

I'm also getting use to the Upwork platform. I clicked "accepted solution" on the last reply. Was that the correct thing to do?

lysis10 · ‎11-12-2020

Melissa S wrote:
This has all been very helpful. I have worked with SQL Server for over 20 years (since SQL Server 2008) but have never worked on someone elses SQL server. It is very helpful to know the issues I may face and what to look out for. Thank you for taking the time to repsond to me.

I've worked with it since SQL Server 2000 😉 My experience is enterprise environments, but freelancing is kinda the wild wild west and you won't get the perfect scenario especially with small-time clients.

shefen · ‎11-13-2020

Jennifer M wrote:
I've worked with it since SQL Server 2000 😉 My experience is enterprise environments, but freelancing is kinda the wild wild west and you won't get the perfect scenario especially with small-time clients.

"Wild wild west" indeed. I remember the first time I had to deal with credit card processing (probably about 2004) and was shocked. Of course, things have gotten better since then and are constantly changing. There was one cc processing company where I swear I was helping them debug their system, it was so bad. I still run into clients that want to store cc numbers in their web-accessible databases or their previous web developer has set them up that way and they don't realize it.

You can't always judge a client by their size. The bigger ones have more staff and tend to be better with security but if they are new to the web they can make mistakes. Occasionally a small client will surprise you. I worked with one guy who was a network security expert and he had me jumping though hoops to get into his network just so I could configure his web server to restrict access to it.

astepanov83 · ‎11-12-2020

Another possible solution is Teamviewer. I find it faster than Remote Desktop. It has more features. Both, you and client can see the same desktop and the same apps. It's also better in passing walls of routers, NATs and firewalls: it likely uses UDP hole punching technique. So, in most of the environments, you just need not do more than installing the app. One downside is that you must buy it if you want to use commercially.

Several years ago I worked with a client, where I connected to his desktop using Teamviewer. We were 10k kilometers away from each other, so you can imagine what ping was. But the connection was pretty stable and there were no significant problems, except a small delay between pressing a key and seeing what it does. It's rather annoying when you type something, but I got used to it eventually.

melissasage · ‎11-12-2020

Thank you. A coworker of mine had also mentioned Teamviewer.

lysis10 · ‎11-12-2020

Aleksandr S wrote:
Another possible solution is Teamviewer. I find it faster than Remote Desktop. It has more features. Both, you and client can see the same desktop and the same apps. It's also better in passing walls of routers, NATs and firewalls: it likely uses UDP hole punching technique. So, in most of the environments, you just need not do more than installing the app. One downside is that you must buy it if you want to use commercially.

Several years ago I worked with a client, where I connected to his desktop using Teamviewer. We were 10k kilometers away from each other, so you can imagine what ping was. But the connection was pretty stable and there were no significant problems, except a small delay between pressing a key and seeing what it does. It's rather annoying when you type something, but I got used to it eventually.

Do you find that enterprise clients do this? Not being snotty...genuine question. I would think you'd find resistance to that

astepanov83 · ‎11-12-2020

Jennifer M wrote:
Do you find that enterprise clients do this?

Unlikely.

In my case the client was a guy with ideas and money.

astepanov83 · ‎11-12-2020

I don't know the kind of work OP is doing with MSSQL, but maybe remote SSMS is enough. Still network must be properly configured to allow connecting to db. I'm not a database guy though.

I mean, depending on the task, there may be native tools that suit more.

lysis10 · ‎11-12-2020

Aleksandr S wrote:
Jennifer M wrote:
Do you find that enterprise clients do this?
Unlikely.
In my case the client was a guy with ideas and money.

ahh, ok, I was wondering if I've been out of the game long enough and this was a thing. lol

astepanov83 · ‎11-12-2020

One of my current clients is a company with 50-100 employees. I connect to CTO's computer via Teamviewer and he's ok with that. What's an enterprise? >1k people?

lysis10 · ‎11-12-2020

Aleksandr S wrote:
One of my current clients is a company with 50-100 employees. I connect to CTO's computer via Teamviewer and he's ok with that. What's an enterprise? >1k people?

oh dear lol. I'm gonna just assume they have no security people on staff and the CTO is like one of those CTOs who is actually a lawyer and nepotism helped get him the title. Like omg this is so bad lol. I halfway want to ask what company so I never do business with them. So many oofs and yikes.

melissasage · ‎11-12-2020

I am so glad I asked my question. I am learning a lot from the responses. I submitted a proposal to work on a VB6 app...that is what started me thinking about connecting remotely. I have not been hired (yet) but all this info is great when I look for SQL jobs.

lysis10 · ‎11-12-2020

Hey I learned things too. Teamviewer on a CTO machine. I just need to forget I read this. lol

astepanov83 · ‎11-15-2020

Jennifer M wrote:
Aleksandr S wrote:
One of my current clients is a company with 50-100 employees. I connect to CTO's computer via Teamviewer and he's ok with that. What's an enterprise? >1k people?

oh dear lol. I'm gonna just assume they have no security people on staff and the CTO is like one of those CTOs who is actually a lawyer and nepotism helped get him the title. Like omg this is so bad lol. I halfway want to ask what company so I never do business with them. So many oofs and yikes.

I'm a bit late with a reply. Still, what exact oofs and yikes can there be if someone connects to another computer over Teamviewer?

I'm pretty sure that big companies forbid using Teamviewer, because a) IT has no control over it, and b) users may not be aware of security options Teamviewer has, and they also could be easily deceived, thus leaking info, and c) companies often tend to add to "corporate rules" something that has no logical explanation, but only "I want this!" of their CIOs, CTOs, CEOs, and whatever chiefs there can be.

If you know what you do, like me and my CTO, I see no problem. But I would be very glad to hear what I'm missing.