Our USB solution is just one remote working solution of many. It won’t serve every need, but as we have road-tested it (in fact, it’s what we’re using right now) we know it works.
With that in mind, we have created a step-by-step guide for those of you who would like to use it. It gives employees an easy way to work in a secure environment, with access to company specific tools and a protected online infrastructure.
This guide can be used as-is or to inspire your own custom solution.
Why did we decide to create this custom USB solution?
We decided to create an operating system on a USB stick for use by our staff for several reasons:
- We wanted to let staff work from home as soon as possible given the developments in the COVID-19 pandemic and our desire to keep employees safe
- Our staff tend to use desktop machines and we have a limited number of laptops available to take home. We didn’t want to buy new machines which take time to be delivered and would eventually leave us with surplus computers
- We wanted staff to work in a “known” environment, where we know what programs are installed and can ensure there is no malware on the system
What were our requirements?
- Security, so we don’t have to worry if a staff member loses the the USB Stick
- Allows access to our office VPN
- Supports LastPass, our companies’ choice of password-management solution
- A light solution that works on older machines. All our staff have reasonably modern laptops (Mac and PC) or PC desktops at home, but we wanted this to work on older machines
- Accessibility to the office network. We have resources that are only accessible from our office network, and made a company VPN so staff could access them
- To create an internet-connected environment that works within a modern browser. We work primarily in a browser-based environment and didn’t want our solution to affect or cause any permanent change to our staff’s home computers
How did we do it?
We decided to build a bootable USB stick based on Linux Ubuntu Desktop 18.04 LTS , a modern operating system that is currently supported with software updates. It also has driver support for a large number of different components that can be found in peoples’ computers.
We had to build a separate bootable USB stick for PC and Mac due to Mac booting working differently to PC.
What flash drive did we use?
We decided to use the Samsung Fit Plus USB Drive, which is 64GB in size. It supports USB 2 – USB 3.1 and has data transfer speeds from 200-300Mbs (based on drive size.) It also has great performance for reading and writing of small files, is physically small, has a handy notch to be attached to a key-ring and is a reasonable price per unit.
We recommend you use the same USB sticks for all cloned drives as this will remove any potential complications from duplicating the stick to other USB flash drive types.
PC Image Setup
You will need two USB sticks for this process. The first will be used to create a bootable Ubuntu USB stick to run the installation from. The second will be used to create your company USB stick master image. You’ll then need as many USB sticks as you have employees wanting to use this system.
The easiest way to approach this, and one which ensures you create an encrypted USB, is to disconnect the hard drive of your computer. This will make sure that the installation process handles the setup correctly and doesn’t put your existing data at risk of being lost. Doing this will also reduce the steps required to build an encrypted USB stick.
Note: We take no responsibility for any damage caused to your machine, or issues with lost data in following these instructions. You are recommended to take (and verify) backups of your computers at all times.
Stage 1 – Setup the Ubuntu Installation USB
- Download the Ubuntu 18.04 LTS Desktop ISO image from Ubuntu.com
- Follow the guides provided by Ubuntu and create a bootable Ubuntu USB stick for your current operating system: Windows, Apple Mac OS or Ubuntu
Stage 2 – Install Ubuntu to the master USB Stick
We are largely following the instructions provided by Ubuntu for installing Ubuntu here, but with some key differences to avoid overwriting the existing operating system on your computer’s hard drive. We are assuming you are using a PC to create the USB stick on.
- Insert the Ubuntu USB Stick created in Stage 1 into your PC
- Choose the ‘Try Ubuntu’ option
- The computer will boot into the Ubuntu live graphical desktop
- If you use WiFi instead of Ethernet for Internet access, connect your computer to your WiFi network. You’ll find the WiFi Menu under the down arrow at the top right-hand corner of the screen, next to the power icon
- In the dock panel on the left, open the applications button. Search for ‘GParted’, and double click to open it
- Take note of what drives are currently shown on the right hand side drive selector. You will probably only have one entry, ‘/dev/sda’
- Put the second USB stick into the computer. Take note of what new drive has appeared in the right hand side drive selector as you will need this information later on. This is your new drive. It will be something like ‘/dev/sdb’
- Select the entry. Note: If you choose the wrong drive here you could destroy data on your computer if you left a hard drive plugged in
- Then, remove the existing partitions on this drive by selecting Device > Create Partition Table. Select ‘msdos’, then click ‘Apply.’ You can now close the GParted application
Creating a partition table
Select ‘msdos’ to remove existing device partitions
Completion of device GParting
- On the desktop, click on the ‘Install Ubuntu’ icon. You will see a welcome screen. Select the appropriate language, and click the ‘Continue’ button
Setting your language
- Choose your keyboard layout. Click the Continue button
Selecting your keyboard layout
- On the Updates and other software screen, select ‘Normal installation’, ‘Download updates whilst installing Ubuntu’, and install third-party software for graphics and WiFi hardware. Click ‘Continue’
Selecting your update and software settings
- On the ‘Installation Type’ screen, select the ‘Erase disk and install Ubuntu’ option. Also check ‘Encrypt the new Ubuntu installation for security’, and ensure ‘Use LVM with the new Ubuntu Installation’ is selected. Press the ‘Install Now’ button
Selecting your Ubuntu installer requirements
- Choose a security key (password) that will be needed to decrypt and boot the USB drive. If you are re-using a USB key that has had something on it before, check ‘Overwrite empty disk space.’ Note: doing so means the install process will take a while, but ensures any data left on the drive is irrecoverable
Picking a password for your USB drive
- Click ‘Install Now’. A message will show up on screen asking you to confirm the changes to the disk. If you’re happy to go ahead, click the ‘Continue’ button
The Ubuntu installation confirmation window
- You will then be asked for your location which is used to set localization and time zone settings. Choose the appropriate location then click the ‘Continue’ button
Selecting your location
- You will then be asked to create a user. We chose to make a generic username and share the login details with everyone who uses the stick. Since it’s a single user stick that our staff will individually use at home, we feel this approach is fine. We used the settings as per this image:
Creating a User
Note: It is recommended to use a different password for the user login that you chose in Step 15
- Click ‘Continue’. The installation will now proceed. After the installation has completed, a new dialog box will show. Click ‘Restart Now’
This window confirms your Ubuntu installation is complete, and requests to restart your computer
- As the computer reboots, remove the first USB flash drive. Your computer will now boot from the second USB drive. You will be asked for the password you set in Step 15. Enter this and your computer will boot into your Ubuntu environment
Rebooting from the second USB drive onto Ubuntu
- After a few moments you will see the login screen
The Ubuntu desktop login screen
- It’s a good idea to run the Software Updater to install any updates necessary, so if you see a window stating ‘Updated software has been issued since Ubuntu 18.04 was released,’ click ‘Install Now’
Running the Ubuntu software updater
Stage 3 – Install software applications onto the master USB stick
As mentioned above, day-to-day we mainly operate in a web environment and wanted the USB stick to offer the same programs as our individuals’ desktops do. Therefore, the steps below will explain how to install Google Chrome, LastPass, Slack and the image editor Glimpse. We also installed access to our in-office VPN.
How to install:
- Google Chrome
We also run through customization options in this section. You can jump to these by clicking the links below:
- Changing the dock configuration
- Changing the background image
How to install Google Chrome
How to install LastPass
LastPass is available as a chrome extension, making its installation straight forward.
How to install Slack
- In the terminal window, type: sudo snap install slack –classic
- After a moment you will see the message ‘Slack has been installed’
- Add Slack to the dock by clicking Activities, searching for Slack, and then right clicking to select ‘Add to Favourites’
Adding Slack to your Favorites dock
How to install Glimpse Image Editor
- In the terminal window, type ‘sudo snap install glimpse-editor’
- You will be asked to enter the login password
- Add it to the dock by clicking Activities, searching for Glimpse and then right clicking to select ‘Add To Favourites’
How to change the dock configuration
We made a change to move the dock to the bottom of the screen and resized the icons so they take up less vertical space.
How to change the Background image
We added our company background to the image to round off the installation. You can do this yourself by following the instructions below.
Once you have finished configuring the stick to your requirements, you can shut down the machine, take out the USB Stick and re-attach your internal hard drive.
Stage 4 – Image the completed Master USB Stick
For Windows, we use the ImageUSB tool to do this.
Stage 5 – Write the master image to the USB sticks for your users
For Windows, we use the same ImageUSB tool as in Stage 4.
- Insert 1 (or more) blank USB stick(s) into your computer
- Start ‘ImageUSB’
- Select the USB drive(s) you want to add the image to and select ‘Write image to USB drive’
- Select the image you wrote the master USB stick to in Stage 4 – step 3
- Click ‘Create’
Stage 6 – Finish customization for each drive
- For each drive, boot it on another computer to ensure it works
- Customize any settings, such as VPN connection settings, as required
- Deploy to your user base
Your team now has a fully working operating system they can boot from their home PCs.
Other apps for easy installation can be found in the Snap Store.
VPN connectivity to office
Our team makes use of web applications and other resources that are accessible from the office network only.
To allow our team to continue to work, we created a VPN endpoint on our network using WireGuard. Our staff members can connect to WireGuard from the setup provided by the USB Sticks, which routes traffic destined for our applications and resources via the Office VPN.
We created a common configuration on our master USB image and, after imaging, customized each stick to use unique credentials with WireGuard.
Ubuntu 18 offers a Graphical User Interface VPN client for OpenVPN, Cisco VPN, and PPTP ( PPTP is not recommended). You can see a guide to setting up these on the Ubuntu Community Help Wiki.
In order to provide a GUI for Wireguard on the USB Stick, we followed the guide for ‘Desktop Toggle’ from LinuxServer.io
Apple Mac Hardware
Users with a Mac laptop or desktop machine at home will require a slightly different USB Stick. We followed the steps covered here by Medium, and here by Heeris.
Once up and running, we encrypted the users’ home directory and swap partition by following these steps on HowtoGeek.