After reading all the posts, I was going to mention VMware Workstation, but Mark Perkins stole my thunder. With VMware Workstation, you can have the best of both worlds– IT can completely lock down the host O/S– and at the same time the user can be allowed to create any virtual machine they need (any O/S). All of the USB ports and other hardware can be used just fine from the virtual machine. I use this technique myself, and I recommend it highly.

If IT has locked down the Internet to the degree that you can’t get to important support web sites, it might be better to bring in your own laptop (or netbook) with a cellular broadband dongle– this would allow complete unfettered access to the Internet, and IT would have zero control over your own private machine. This is a lot easier than fighting with IT every time you need access to a different support site, and the cost of the netbook and the cellular broadband service may even be tax deductible (but check with your tax advisor first.) Another way to do this is to set up a proxy server at your home (that has broadband Internet), and then set up an encrypted connection (proxy server) on one of your virtual machines that “tunnels” through the corporate IT network to you home network. That way, all Internet browsing is completely hidden from the corporate “nanny program”– and you would have free and unfettered access to the Internet– with the only cost being a little bit of initial work.

Just read these posts and though I would share the following:

After having a number of horror events over the years with my development PC. In my small company your development machine and office machines are the same. This is can be very annoying, when developing I install apps and the Windows PC just gets slower and slower.

I recently had a hard drive failure which although bad news, in some ways it is also great; gives you the opportunity to get rid of clutter. I also took the opportunity to start working differently. I now do all my development under Wmware virtual machines. So far it has been a great success, my PC remains snappy as I am not installing loads of apps and all the tools I have tried (Orcad, Lauterbauch Trace, PAD’s, Compilers) under Vmware work perfectly fine.

It seems to be a good compromise for me; I can have a different virtual machine to suit the project I am working on. So far there are no real down sides except waiting for the virtual machine to start.

In my experience I would recommend that people give virtual machines a try, it’s like having multiple PC’s at your disposal.

I’d have to disagree strongly here.

I simply can’t imagine how I could develop even a few hundred lines of code without Google as my Posix API reference search tool (before search engines, I actually had memorized much of the Posix API, but since Google, I have reclaimed all the neurons used to store the API, and put them to better use

Embedded developers should have a a large measure of trust from management just as DBAs should for example. But checks and audits also should be accepted by the developers. Embedded developers often need special tools and applications. They are often adept at configuring the development system to match their needs. If management has decided a person is skilled enough to do this kind of work, they need to trust the developer.

I have often worked on separate development networks. You should not need to do web browsing from an embedded system development station.

As for large IT organisations, they are mostly incapable of understanding the nitty-gritties of amount of freedom required to undertake embedded development. So, freedom should be given to the developers to manage their own workstations. BUT, the catch here is that with such powers some sense of responsibility should also be ingrained in the developers. IT dept should at best do regular audits of the workstation to check what all is installed and figuring out how much of that is threatening to the organisation. They can raise flags if inappropriate software or unlicensed software is installed, and so on.

Of course, it isn’t necessary for engineers workstations to have two connections; you can have either the development network, or the corporate network tunneled. Probably makes sense to have the corporate network tunneled, as development protocols may not be routable.