Wednesday, June 15, 2011

Working Remotely

At Adku, every engineer we hire gets a quad-core iMac with a 12GB memory upgrade and a 15-inch quad-core MacBook Pro with maximum memory upgrades (8GB).  When we're working remotely on our laptops, sometimes we'll realize that we forgot to check-in a piece of code that is sitting on our iMac at work.  If we could ssh into the iMac, we'd be able to check it in and continue where we left off.  The problem is our office is behind multiple NATs which make it hard to set up port forwarding and as a fast moving startup, it's not worth the time to set up our own name server.  We needed something quick and easy.  What we ended up doing was setting up SSH tunnels from our machines at work to an Amazon EC2 instance we call gateway.adku.com.  With the tunnel set up, accessing our machines at work is as simple as SSH'ing to the right port on gateway.adku.com.  Here is how to set one up for yourself.

    On Work Machine:
    # create security group and authorized ports
    # this assumes that you have an amazon ec2 account and 
    # ami-tools and api-tools setup.  
    # setting all that up is straightforward, but outside the scope of this post
    ec2-add-group --region us-east-1 gateway -d gateway
    ec2-authorize --region us-east-1 -p 22 gateway

    # create your gateway machine.
    # your ami may differ.  ubuntu likes to update its amis very often.  
    # also your keypair may have a different name, adjust accordingly
    ec2-run-instances ami-ee857587 --instance-type m1.small --region us-east-1 -k gsg-keypair-east -g gateway

    # note the public url of the newly created machine
    # also optionally setup an easier DNS name such as gateway.adku.com

    On Gateway Machine:
    sudo echo "GatewayPorts yes" >> /etc/ssh/sshd_config
    sudo /etc/init.d/ssh reload

    On Work Machine:
    # 20000 is an arbitrary port, you can choose any open port.  
    # you just have to remember it for later.
    # gateway.adku.com should also be replaced with your public dns name
    ec2-authorize --region us-east-1 -p 20000 gateway
    ssh -nNT -R gateway.adku.com:20000:localhost:22 gateway.adku.com

    And you're done!  

    Now you can get to your work machine from anywhere like this:

    On Any Machine:
    # 20000 is the port from earlier, make sure it matches

    17 comments:

    1. Jesse,

      Here's a quick tip. When Carlos says he's "working remotely", he's either
      A) Gambling remotely
      B) Drinking remotely
      C) Carousing remotely
      D) All of the above

      ReplyDelete
    2. I've seen Carlos code while drinking actually. It's very impressive.

      ReplyDelete
    3. I've seen Carlos do all of the above, simultaneously. Also impressive.

      ReplyDelete
    4. I've seen Carlos do all this and blast mp3s remotely for the benefit of whoever happens to be sitting in the vicinity of his workstation.

      ReplyDelete
    5. I think when Carlos says he's working remotely, he's not doing anything remotely related to work ;)

      ReplyDelete
    6. on a more serious note i am purchasing laptops for my 3 developers and am wondering what the spec machines i should be looking at. Are 3 $2500 macbook pro's with 8gb ram too much? The laptops will remain company assets, but for the duration of their work they'll be theirs. I foresee having an iphone/android app in the not so distant future hopefully they can start making it after the product is delivered. Otherwise i could just get 3 sub $1000 laptops with about the same specs as the apple. Seed funding could last a year or six months depending on speed of product delivery and user acceptance. So my main concern is saving the cash for the real expenses i foresee being hosting and product delivery. Minor expenses being different technologies and SAAS we employ, which all seem to be subscription based. So I'm not ready to get imacs for everyone we don't have an office yet we're still the garage team, but we have 500k of seed funding. So i'm not strapped...or am I?

      ReplyDelete
    7. Running your AMIs in us-west-1 will make round trip times a lot more tolerable, assuming "remotely" means Vegas.

      ReplyDelete