Routing around stupid IT departments

Question

As developers we often have special requirements in terms of workstation setup, networking, etc. IT departments generally don't understand this and we're forced to use a standard environment with a few changes around the edges.

We're faced with that situation at work right now, except that the IT department we're dealing with is half way around the world.

Can you suggest (concrete suggestions or war stories) ways to route around the IT department so that work can still get done?

FWIW, we're a highly Windows-centric organisation but the team I'm on is working on a Solaris based project. A major impedence mismatch.

EDIT: Specific examples of things we're up against:

1. The source repository is behind a corporate firewall. If you're at a remote site the only access to the repository is via the Windows only VPN. Not much use when it's all Solaris code.
2. One laptop per developer. You get to either (a) access the corporate LAN resources including email, source code, etc, or (b) develop code.
3. Only one lab contains the equipment we're developing against, and access is US$1000 of internal funny-money per day. Deemed "too hard" to build up our own lab
4. Standard list of applications, and fines applicable if you install software other than those listed. If you're caught.
5. Two levels above you are required to sign off to get administrator privileges to local machines.

Answer 1

Jeff Atwood swapped out components on his machine at his own expense until he had completely rebuilt it. From the comments in his blog: "To be clear, I pay for all my own PCs out of my own pocket. So I'm either "lucky" or "stupid" depending on how you calculate such things." on March 14, 2007

http://www.codinghorror.com/blog/archives/000816.html

Answer 2

Get your manager to back you up on the stuff you need. This is one of the things that managers are for: to move things out of your way.

Use virtual machines, if necessary. Many IT departments are less concerned with allowing you to "break" a VM since it can be recreated easily.

Frankly, I haven't had a lot of experience with this. In most of my environments, I've been the IT department. Currently, our management is very accomodating of developers and I'd rather not perform the IT tasks if I can avoid it -- I do maintain the image on my dev machine, though.

Answer 3

I have successfully worked around this via virtualization. I use a program called VirtualBox that allows me to run several linux instances on my windows machine. The performance is fairly good, and it lets me set up my own networking environment in the VM, yet it still appears to be coming from my desktop via NAT.

Some of the network setup is somewhat involved, however the documentation is good. I am currently running windows 2k, Ubuntu, and RedHat with memcached on the RedHat instances. None of this is supported by my IT department. I told them that I needed 4 GB of RAM to run Eclipse for Java development, and an external Hard Drive for backups (I run my VMs on it).

Another benefit is that I can always recover from problems by restoring a VM file backup. Virtualization is your friend!

Answer 4

Don't join your workstation to the domain. Then you can be a local admin and do whatever you please. The obvious downside would be having to type your domain credentials constantly, every time you access a network resource. But if you have an unresponsive IT department, there may be no other way.

Answer 5

Glad that you didn't ask about, the chairs and desks :) As far as software and hardware are concerned, things can only be sorted if your boss and their boss "talk". The most convincing argument is the time factor. Show them how slow the machine is, when compared with other preferred environment. Developer frustration may not solve problems, but a schedule extending by 50% does most of the time. Virtualisation is the another very cost effective option.

Coming back to chairs, buy them! it is easier than going through the bureaucratic hell.

Answer 6

Use all the social skill you have to create good relationships with one or two people in the IT department. Once they understand your needs, and know that you aren't going to break their network, they will usually be pretty cooperative.

And if that doesn't work, it may be necessary to write a few stern e-mails to higher-ups in the company explaining how IT is preventing you from doing your job.

Answer 7

Be careful, in especially locked down environments, you can get in trouble, or fired, for installing stuff that isn't approved by someone.

That said, in one situation I wanted to use SubSonic, but didn't have the privileges to install it, and didn't want to wait 2-3 weeks for the request to be bounced around, so I downloaded the source and compiled it myself.

Answer 8

My solution has been to run VMWare to start another OS (either win or linux), and in that run OpenVPN to get an SSH encrypted pipe over port 80 out of the company firewall.

I have a linksys home router flashed with DD-WRT firmware that includes OpenVPN.

So basically all my IM and web browsing traffic that I do in VMWare (which is usually running full-screen on a 2nd monitor) is getting SSH encrypted, sent out over port 80 to my home router, and the router forwards everything to the real internet. I do the same thing at my current job because they have a "web site blocker" that denies a lot of blog sites, and as a programmer, there are a lot of times when I Google solutions to issues and they are on peoples coding blogs, and end up blocked here. Copy-paste the URL into firefox in VMWare, and good to go :)

Answer 9

Thanks for the specifics.

I certainly have a number of war stories, but I would need to create another login to repeat them :)

First stop certainly has to be your immediate management. I don't know if they are technical or not, but you need to spell out, say, the top three individual issues and why exactly they cause a problem. Suggest a solution, but couch it in terms that this is just a suggestion. In my experience a cause of discord between IT departments and software teams is that the latter always want to suggest solutions couched as problems, and the former want to know what the problem is and why. Software people get frustrated having to explain what to them is an obvious solution, and therefore think the IT people are idiots. And IT people - who may or may not be idiots - like to find the real problem and come up with a specific solution rather than something more general. Gross generalisations here....

The reason I suggest the top three issues is that you need to make the problem look solvable, and not look like a big list of complaints. Depending on the relationships in your company, you may decide to pick just one. Make it the easiest to fix and strive for a quick win. Praise the solution when you get it, and then move onto the next one: "Guys, enabling a general VPN has been a real help to us. Thanks! Since we've got that, we've thought of something else that would really help out"....etc etc).

Yes it's cheesy, but you have a human problem not a technological one. I don't think there is one all encompasing single technological answer in your case (although I did like some of the suggestions, particularly rally25s).