Amy Babinchak and I gave a presentation at the Trend Micro/SBSFAQ.com SMB Security Summit in Sydney (talk about alliteration) in November, and we discussed the security implications of providing remote support to clients. In the discussion, we mentioned a number of tools that can be used to provide remote support. Historically, I”d been using two different tools, primarily for my cross-platform clientele. For about two years, I”ve had a subscription to GoToMeeting that I”ve used for a significant majority of desktop support as well as for those clients who had problems with RDP and/or RWW. For about $40/month, I was able to have as many different support sessions (one at a time, as I purchased as single seat) as I wanted, and was able to resolve many problems. GoToMeeting is primarily geared at webcasts, but it”s ability to allow diffferent attendees to “share” their desktops made it possible to not only view but remotely control another computer. As I mentioned, I used this quite a bit for desktop support, but also some on servers. The downside to GoToMeeting is that it requires Java on the remote device,and not all servers have Java installed,and not all users want Java installed on their servers. I”m not saying that Java is a bad thing, but for most servers who do their job sitting headless in a corner (where they should be), Java can be an extra load and tool that needs to be updated regularly for security purposes. And, the process to get the remote software loaded and configured for remote control could be a bit smoother. Still, it”s a solid tool, which allowed me to record sessions as needed, and it just flat worked. But GoToMeeting does not support the Apple platform, and since a lot of my business involves those cross-platform situations, G2M didn”t help.
Actually, until Adobe introduced Acrobat Connect, there really weren”t any options for remotely controlling a Mac. Sure, you could walk the person through turning on the VNC services build into Mac OS X, then either configure the router to allow inbound VNC or make a VPN connection into the remote network to then access the VNC services, but it”s just ugly, and when you”re trying to troubleshoot a Mac problem, often times the effort to get VNC access working just wasn”t worth it. But Acrobat Connect uses Flash technology as it”s communications layer, and they developed the tools to be able to allow a Mac to connect into the system and be the controller or the controlled system. Given that I have a Mac PowerBook that I carry with me in the field, this was beneficial as I was able to enter into remote sessions controlling either a PC or a Mac from my PowerBook when I was out of the office. This was much more efficient for me than connecting to my terminal server to run GoToMeeting. And at about $50/month for the single user subscription, it made sense. Now I could control either Macs or PCs using Connect, and I could do it from either my Mac or my PC, whichever was more convenient.
OK, there is one other tool that did allow control of a Mac before Acrobat Connect came along. That was LiveMeeting. It had the same metholdology as G2M and Connect, in that it is a conferencing application that allows for remote control, but from a cost standpoint, it really wasn”t a player in the SMB market. Microsoft did, and I think still does, use LiveMeeting to provide remote support when you call CSS for support, but hey, they own the technology, so it”s easy for them.
During the presentation, Amy spoke about the tool she has been using for a couple of years, LogMeIn Rescue. Unlike G2M and Connect, LogMeIn Rescue was designed as a support tool, not a conferencing tool that could be used to take control of a remote system for support. There were a lot of great features in Rescue that aren”t available in G2M or Connect, such as tools to collect hardward and software information about the remote system with the click of a button. One of the biggest “wow” factors for me was the ability to actually reboot the remote machine into safe mode and automatically reconnect with Rescue when it completed the Safe Mode boot. Holy cow, that”s incredibly useful! But at around $100/month for a single technician license, I wasn”t that taken as that covered the cost of both tools I was using to get me cross-platform support. Sure, the goodies that LMI provides over G2M and Connect were nice, but since I”d still have to keep Connect around for Mac support, dropping G2M in favor of LMI didn”t make a lot of fiscal sense.
That is, until I saw that LogMeIn was working on providing Mac support, not only for their LogMeIn Free product, but also for Rescue. So in mid-December, I signed up for a free trial of LogMeIn Rescue to test out the Mac functionality.
And it worked. Flawlessly.
For two weeks, I used LMI for every remote call, Mac and Windows, and was just amazed by the power of the solution as well as the ease of use for the client end. The client-side experience was very straightforward, not requiring a whole lot of instruction on my part to get the user connected and me in control. LMI is not based on Java or Flash, but its own technology tools that install easily. There”s also an easy option to get the tool to install as a service, so you can log out and log back in to the remote device with a different username/password without having to necessarily give that information to the remote user. But being able to have a single solution to give me Mac and Windows support as seamlessly as LMI does was the kicker.
So, as of January 1, 2008, I”m dropping G2M and Connect in favor of LogMeIn Rescue. The only drawback to Rescue is that I have to run the technician”s console on a Windows system. There”s not any public word about development of a teechnician”s console that will run on a Mac. But given that I can connect to a terminal server and run the console from there, it”s usable when I”m out on the road with only my PowerBook at my disposal. Not great, but it works. And I”m learning about so much more that Rescue does that Amy didn”t have time to discuss during the presentation that I”m already considering getting a second technician license for my staff, rather than using the same license for all of us. And yes, I”ve already discussed this with the fine folks at LMI and that”s perfectly within the scope of the license.
This is just one way I”m helping to ensure that the remote support we are providing to our customer base is as secure as possible. I”m in the process of implementing another system that I”ll blog about when we get it done, as it gives me an entierly different level of control over who has acces to my client”s systems, whcih helps protect them as well as us.