expoEraser
join:2005-06-27
Dalton, MA
| [XP] IT Remote Administration
Hi Everyone,
I am in the midst of administering my company's (small scale) IT 'department' and have been debating over which remote access solution to use. I'm responsible for 10 computers at the very least, probably more as we begin to expand into the neighboring room. I've looked at a couple of options: pcAnyWhere, GoToMyPC Corporate, LogMeIn.com's IT Rescue, VNC freeware (leaning away from this as it would be a pain for setups), and Remote Desktop. As of now I'm leaning towards IT Rescue mainly because of it's cost effective and still competitive with the others. I'm open to any suggestions though, so fire away.
Thanks in advance guys,
-Matt |
|
jaa
Premium,MVM
join:2000-06-13
 ·Optimum Online
 ·Vonage
| Why not just use Remote Desktop? No additional software/security needed.
I would setup your network to allow incoming VPN connections; once you VPN in from the outside you can RD to any computer.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
dpierce
Lazyrabbitt
Premium
join:2002-09-30
Cream Ridge, NJ
| reply to expoEraser
I currently use VNC over an SSH connection to connect to my two home computers. I find that to be a very easy and secure method. There are a couple possibilities of mixing software. You could create one computer that will act as a SSH and VNC server and connect over that to that one computer. Then from that one computer you could connect to all the other computers on the LAN through an asortment of other ways. There are many possibilities and everyone has their own view on the subject. The things I would point out as the most important are:
1) Make sure the communication method is secure (SSH or VPN or something else).
2) Use more than one solution to connect to the machine. I work in a help desk and we have three ways to connect to a store to work on it. If there are critical systems you want to make sure for redundancy.
3) Test the connection thoroughly before relying on it.
--
You can make a difference. Join Team Discovery!
Stop by the BBR Fiber Optic Forum |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
|  reply to expoEraser
I use a Secure Shell (SSH) tunnel to do that then run either XP Pro Remote Desktop or UltraVNC through the tunnel. The upside to this is you only need one port open through any firewall...
»theillustratednetwork.mvps.org/R···SSH.html
More information...
»Windows Based Remote Connections
In all cases use a strong password or a private/public key pair for authentication on the SSH server...
...or as noted by jaa setup a VPN.
--
"When all else fails, read the instructions..." |
|
expoEraser
join:2005-06-27
Dalton, MA
| Wow, thanks for the quick responses!
I see that a lot of you are recommending using VNC/Remote Desktop, and that leaves me with a couple of questions. First, why do you prefer using solutions that require opening ports in a firewall(not that it's a huge deal), when some vendors like the ones listed above avoid it via a secure gateway? Are there negatives to the route I was leaning towards? Do any of you have issues with rapidly deploying VNC's to off-lan locations (About half of our computers are off-site)? Sorry for so many questions guys, I'm just trying to make the right decisions.
-Matt |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to expoEraser
In my case I choose to use Remote Desktop and UltraVNC via a SSH tunnel because of the cost (ie. they are free), ease of use/setup and functionality (ie. file transfer capabilites are built-in to RDP and UltraVNC).
Personally I have no qualms about opening up the one port (TCP Port 22) for the SSH tunnel, particularly since I use a 2048-bit RSA private/public key pair for authentication. Note that is the only incoming port I have open on my router.
As always, YMMV...
--
"When all else fails, read the instructions..." |
|
dpierce
Lazyrabbitt
Premium
join:2002-09-30
Cream Ridge, NJ
| reply to expoEraser
Like what SoonerAl said I don't have a problem opening one port for remote connects. THe main issue I have is those other services that don't require ports openning go through their networks. You are connecting to their network to communicate to your computers which connect to their network. I don't like going through someone else's network to reach my own.
--
You can make a difference. Join Team Discovery!
Stop by the BBR Fiber Optic Forum |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
2 edits | reply to expoEraser
One last comment... Its possible this SSL VPN solution might also work for you. I have not tried this but it does look interesting...
»3sp.com/showSslExplorer.do
»3sp.com/showSslExplorerPageSix.do
--
"When all else fails, read the instructions..." |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
 ·Verizon Online DSL
·Skype
| I swear we just had this same thread a month ago -- same people, same order  :D:o:p:) -- and it was that thread that led me to try this software.
It's actually very, very good. The freeware OpenSource version is very well documented, easy to setup and use, and -- as it says -- capable of working anywhere that there's a Java-enabled web browser.
The downside is that it seems a bit slow -- although I'm not convinced whether the slowness might just be local to my system.
So as long as your not streaming video, I'd recommend it as another to the alternatives already mentioned here.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA
Kindness is treating someone better than they deserve. |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| said by funchords  :I swear we just had this same thread a month ago -- same people, same order :D:o:p:) -- and it was that thread that led me to try this software. Great minds think alike?
I just loaded the SSL-Explorer software yesterday and got the basic server running. Now I just need some time to play with it. Over my home LAN the response seemed fairly fast, but I need to get a RDP connection through the tunnel going to really be able to tell if I will continue to use it...
--
"When all else fails, read the instructions..." |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
·AT&T Midwest
·Comcast
| reply to expoEraser
When it comes to remote administration, we use Terminal Services here at my place of work. If I am at home, and something goes belly up at work, I can still remote into any of our servers and do the work that needs to be done.
That said, for internal use, we use a software package called Funk Proxy.
»www.funk.com
Funk Proxy is a software package that allows you to get a list of all the systems that have it installed, and remote into any of those systems. It also has a deployment tool as well as secure connectivity.
In a WAN/LAN environment, it is awesome.
As others have mentioned here, there are good free alternatives if you want to go with one of those.
--
My Domain
Nightfall's Hockey and Life Journal |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
|  reply to funchords
said by funchords :I swear we just had this same thread a month ago -- same people, same order :D:o:p:) -- and it was that thread that led me to try this software. It's actually very, very good. The freeware OpenSource version is very well documented, easy to setup and use, and -- as it says -- capable of working anywhere that there's a Java-enabled web browser. The downside is that it seems a bit slow -- although I'm not convinced whether the slowness might just be local to my system. So as long as your not streaming video, I'd recommend it as another to the alternatives already mentioned here. It is pretty good. I finally got this setup on one of my XP Pro boxes and was impressed by how easy it was to install, configure and use. Over a cable broadband to cable broadband link reponse with RDP was very good, IMO...
Its well worth looking at, again IMHO...
--
"When all else fails, read the instructions..." |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| said by SoonerAl : It is pretty good. I finally got this setup on one of my XP Pro boxes and was impressed by how easy it was to install, configure and use. Over a cable broadband to cable broadband link reponse with RDP was very good, IMO... Its well worth looking at, again IMHO... I think the speed issue is in my network stack. I was having slow speeds regardless.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA
Kindness is treating someone better than they deserve. |
|
Time
Premium
join:2003-07-05 | reply to expoEraser
Just setup IIS and Terminal Services to allow remote desktop connections for the administrator account only. |
|
jp10558
Premium
join:2005-06-24
Willseyville, NY
| reply to SoonerAl
said by SoonerAl :said by funchords :I swear we just had this same thread a month ago -- same people, same order :D:o:p:) -- and it was that thread that led me to try this software. It's actually very, very good. The freeware OpenSource version is very well documented, easy to setup and use, and -- as it says -- capable of working anywhere that there's a Java-enabled web browser. The downside is that it seems a bit slow -- although I'm not convinced whether the slowness might just be local to my system. So as long as your not streaming video, I'd recommend it as another to the alternatives already mentioned here. It is pretty good. I finally got this setup on one of my XP Pro boxes and was impressed by how easy it was to install, configure and use. Over a cable broadband to cable broadband link reponse with RDP was very good, IMO... Its well worth looking at, again IMHO... So, for this, what exactly does it let you do with a web browser? Just run VNC? Download files etc...? How does it affect other VPN software like Hamachi?
--
Opera 8.01(Build 7642); Windows XP Pro SP2; Athlon 64 3400+; 1GB PC3200 DDR; 1M/128k DSL ; NOD 32 (Version 2.5.25); Sygate Pro 5.5 (Build 2637);Proxomitron 4.5j Grypen 6/20/05, Custom Filters; GPG key ID: 0x0A1C6EE3 |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
4 edits | 
SSL-Explorer Login screen | 
User Favorites | 
VPN Tunnel Status | 
Network Shared Folder access | 
Select Folders on Norman | 
Shared Folders on Norman |
said by jp10558 :So, for this, what exactly does it let you do with a web browser? Just run VNC? Download files etc...? How does it affect other VPN software like Hamachi? The Java based browser is simply the front end to allow the user to create the SSL VPN tunnel. Once the tunnel is established you simply select applications (that you or the network admin has configured) and run them through the tunnel. I am attaching the login screen, the home page as I have it configured so I can access either of my two XP Pro boxes with Remote Desktop and the access to shared files/folders on each PC.
In my case Remote Desktop is enabled on both of my PCs, ie. on Ashtabula and Norman. The Remote Desktop client has to be installed on the remote PC. In the example shown, clicking on NormanRDP will initiate a Remote Desktop session with the PC called Norman on my home LAN through the SSL-VPN tunnel.
Note that in the examples the addressing from a remote PC would be in the form »https://ssl-explorer.server.address and not the »https://ashtabula addressing, which was only used so I could grab screen shots of the process...
My home network...
»theillustratednetwork.mvps.org/LAN/LAN.html
I can't answer your question about the Hamachi product...
--
"When all else fails, read the instructions..." |
|
jp10558
Premium
join:2005-06-24
Willseyville, NY | reply to expoEraser
How does this work accross NAT... Sounds like it uses a standard port 443 connection on the server machine. |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| said by jp10558 :How does this work accross NAT... Sounds like it uses a standard port 443 connection on the server machine. That's correct...
--
"When all else fails, read the instructions..." |
|
expoEraser
join:2005-06-27
Dalton, MA
| reply to expoEraser
Well I made my decision... we're going to go with our initial preference on LogMeIn rescue. I seriously contemplated going with your guys suggestions on VNC/SSH, but we found out how much we could actually could get the software for and it essentially made up our mind for us. Again, thanks for all the help!
-Matt |
|
