In the latest instalment in our series of blogs giving insight into how we work behind the scenes, we asked our Head of IT Nigel Clark to talk through his role, the projects he’s working on and how we moved to a WFH model…
Tell us a about your role at Exient.
I look after all the IT equipment and infrastructure that’s used by the various teams here at Exient, in addition to supporting the specialist guys that look after our live ops and multiplayer servers, when needed.
The role differs a little from regular corporate IT support as specific knowledge is required – it’s crucial to have an understanding of the game development sector due to the specificity and demands of the kinds of software we use here.
A lot of the support queries that come to the IT team are very much related to game development – so it’s important to understand those processes and workflows to be able help solve short-term issues and a devise long-term roadmaps.
How important is it to stay at the leading edge of technology?
I’ve been with Exient for seven years, and in that time we’ve seen quite a few IT transitions as technology evolves and new ways of working are introduced.
In very general infrastructure terms, we want to stay at the forefront of technology as much as possible – for a company operating in the games industry it can’t really be any other way. It just makes sense.
The biggest strategic project in recent years has been to successfully move everything away from a traditional on-premise infrastructure model to cloud-based hosting, to a point where everything now lives in data centres managed by our various vendors.
How has that been achieved at Exient?
Most of the elements that I look after sit in Microsoft Azure, or with the provider of the service that’s being hosted. For the live ops side of the operation, we have everything with AWS, which is very much a standard these days at many studios and publishers.
We’ve also moved our day-to-day device management needs to something called the ‘modern desktop’ approach. It’s basically how we now manage, deploy, monitor and revoke end-user devices, and how we grant access to software, systems and data.
It’s been a game-changer as previously, if we wanted to issue a new device to a member of staff, we would first buy the hardware, which would then be delivered to us in the IT department. Then we’d need to add our own OS image onto it, load the software and then only at that point ask the user to login and fumble through their settings.
Modern desktop flips that around – everything is managed by dev ops and is very scripted, and therefore very secure. The users now receive their device direct from the manufacturer once it’s ordered by us – we don’t need to physically touch it as an IT team. That device is pre-enrolled by the OEM into our mobile device management solution, or MDM.
That MDM has a whole bunch of steps we’ve created that deploys the required set-up to that device when the user logs in via the Windows 10 first time user experience process.
We get given a Windows Autopilot identifier by the reseller that ties the device to our systems – when it’s turned on, the welcome screen already has the Exient logo on it. The machine then talks to our server and asks what settings and apps the user needs installed and begins the set-up process.
How do you approach ongoing support for devices and users?
One of the things we deploy to the device at set-up is our support app, or Remote Monitoring and Management tool (RMM). It allows us to remote onto the user’s desktop, so we can finish working through the set-up with the user without actually being with them. That’s fundamentally where the modern desktop environment comes into play.
The next stage is to monitor the device over time, making sure that a) it remains secure, and b) it remains up to date. If a device isn’t kept up to date then the risk profile increases, because there are always bugs that need patches in the OS and 3rd party apps.
What steps do you employ to keep everything secure?
A big element of our set-up from a security perspective is ‘zero trust’ design. This means that if a device shows any sign of risk or of being compromised, it’s instantly removed from the Exient network.
This ‘risk’ could mean that the device is showing signs of malware, or that we’ve detected a login from a new country, or that the user’s account has been signed in to from two countries in less than the time it would travel between those places.
This approach instantly mitigates the posed risk and forces the legitimate user to verify their identity via their phone, just in case their credentials have been phished. They will also be asked to change their password at the same time – there are lots of little things that are tied into the security posture of individual devices.
Ultimately, there’s no such thing as a totally secure system, so we must do everything we can to mitigate the risks, which boils down to isolating the device and reducing any local data loss.
How has the pandemic and lockdown changed Exient’s IT set-up?
The impact of coronavirus and the resulting shift to working from home has actually been a pretty seamless transition here at Exient, as all of the modern desktop and MDM processes we’ve been talking about were already in place when the lockdown started. Of course, we had to make sure everyone could get their equipment home, but then it was simply a case of carrying on ‘as you are’.
We’re also constantly looking for ways to optimise our set-up. At a games studio there are always lots of large creative assets floating around, so we’ve spent time looking at things like proxy caching to reduce data bandwidth requirements.
It’s particularly the case with art departments that staff like to work on their projects locally before uploading to a server when ready, so bandwidth is always a consideration in terms of remote working. In the office we have fast leased lines, but at home there can be huge variations in terms of performance available.
In some cases, we’ve provided staff with 4G mobile dongles as they’ve proven to be faster than some domestic broadband connections, especially in more rural areas.
It’s worth mentioning that the shift to working from home has removed oversight of physical hardware and introduced new risks, because other people in a household potentially have access to that device outside of office hours.
As such, we work really hard to raise awareness of information security among staff – making sure people understand they are responsible for their login details, and that no one else should have access to that machine.