Design – Combined SoaC + VPN as a secure thin client.

Earlier tonight, while discussing ideas for potential new products, I think we accidentally stumbled onto something big. Something that could be worth building. Something that could actually be worth putting together a kickstarter / indiegogo campaign for. Something that is keeping me awake, so I’m going to type it and hope that clears my head.

A piece of modular hardware, built on a combination of open source software and proprietary hardware, creating something that is both extremely flexible and extremely secure.

The basic concept is an office-in-a-box, a thin client based set-top box/system on a chip, with  an attached hardware VPN router. This little box plugs into any HDMI based TV, accepts standard Bluetooth & USB interface devices, and has an onboard ethernet & wifi network card. Similar in function to the Apple TV, Chromecast, Steam PCs and various other set-top boxes, this one is designed to function as an office. It connects to available Wifi or Ethernet, opens a VPN connection to either the main server or to your own personal server, and then loads the thin client interface, which is basically a preconfigured (but easily modified) software package. Something similar in nature to Google’s Docs/Sheets/Drive/Calendar/Etc or Amazon’s cloud Workspaces, or Microsoft’s Office 365. One major function that I think would be worth adding would be a dedicated SIP client. SIP clients are used for phone calls, and ideally this one would be combined with a virtual PBX. When the box is active with a solid connection, you’d show up as a valid extension to be called. When it was on a bad connection, you’d show up as being only available for Voice/Text Messaging, and when you were offline, you’d be available for forwarded calls.

Beyond the basic idea, we’ve come up with a few ideas for building this and making it workable. The protoype SOAC would be put together on a Raspberry PI for the full box version and a Chromebook for the Laptop Variant. The basic operating system would be open source, for flexibility, probably working with Open Office and Asterisk for the basic functionality. Given that it would be web based, there would be the option to access web-based services like the Google, Amazon and Microsoft cloud services. However, that would be at the discretion of the user.

The VPN could be done in a few different ways, currently I’m thinking a customized firmware on a Mikrotik routerboard. I’m also thinking it would be nice to have an OTP solution integrated into it, something that supports FIDO U2F.

One of the biggest selling points of this device would be that when the customer was using the provided office software, their data would only be travelling through the VPN between their virtual office and the server at the other end, be it their own, or one that we’ve set up. In the case of ones that we’ve set up we’d nationalize the server for the client.

In our case, given that we’re Canadian, we’d have our servers here in Canada. In theory, this means that the data would be kept within the country for legal reasons. For professionals who have legal reasons for their offices to remain within their own country, this would be an obvious advantage over other cloud services.

Given that the VPN is already encrypting all data passing through it, all calls made using the phone system would also be encrypted. For customers who have two of our boxes, the entire call would be handled within the internal network and thus be very difficult to intercept. For calls outside the network, they’d be able to be intercepted at the point where the server connects to the normal phone system.

Given that we are in the age of 3D printers and rapid prototyping, I see no reason we couldn’t develop multiple variants of the basic box for different client needs. The two basic versions are a set top box and a dongle that plugs into a netbook. It would be easy to develop additional versions based on the needs of the customer.

Given the range of configurations that are already possible using Raspberry Pi, such as the version with the 3.8″ touchscreen, I can even see a variant of this box that functions as the modern equivalent of a pager. Running on battery power and a WiFi/cellular connection, it would alert on you the touchscreen if someone wanted to reach you. You’d be able to tap them a quick message, and then if need be, plug it into your monitor and switch to full office mode in a matter of moments.

Given that it’s a set-top box, it could also be configured as a media centre, with the added functionality of letting you know when something had happened that you needed to be aware of. Watching Netflix while waiting for an email, the box pops up a window letting you know that a message or call has come in, and then you decide if you want to switch modes.

On some level, there isn’t really much that is revolutionary about this idea, it’s simply evolutionary. Combining good ideas in new ways, building something that has functions that you want.

Still, I think it’s an idea worth exploring, and I think I need to reach out to some of the people I know to put this idea together. I think together, we could put together a nice little crowdfunding campaign and build a product that people will really appreciate. And right now, that’s what people seem to be doing. So why not us?


Open Source software allows us to adapt to your needs in the most cost effective manner. Proprietary security software and hardware keeps our systems, and your data, secure.

Leave a Reply

Your email address will not be published. Required fields are marked *