For many system admins, the holy grail of managing devices lies in connecting to nodes over a network and performing necessary tasks remotely. Remote Desktop or "remoting in," as it's sometimes referred to, is a godsend application found natively in most modern operating systems. It provides the ability to establish a network connection directly with another node and authenticate to it just as if the user was sitting in front of the desktop.
Remote Desktop has many major uses, from the obvious administration aspects to screen sharing or remotely providing help desk support to end users by being able to see what they see in real time. Other uses may involve the ability to deploy software or perform asset tracking queries that review the system resources and export valuable information, such as hardware specifications or applications installed, into reports stored in a database for later viewing.
Apple Remote Desktop (ARD) was released in August 2002 as a means to remotely execute tasks on networked systems. Since then, it has acquired several full-fledged management features, including Remote Access, Software Deployment, and Automation of tasks. ARD also fully encrypts every communication with AES-128 to maintain the confidentiality and integrity of the data flowing across the network.
Before looking at how to install ARD, let's review the minimum requirements:
- Apple computer running OS X (10.7+)
- Static IP
- Apple computer running OS X for Task Server service (optional)
- Apple Remote Desktop purchased from the Mac App Store
- Local Area Network (Ethernet or Wi-Fi)
- Required open ports for communication
I. Installing Apple Remote Desktop
Follow these steps to install ARD:
- If you haven't already purchased ARD, please do before proceeding. The current iteration of ARD (version 3.7.2) may be purchased through the Mac App Store for $79.99 (USD), and it includes unlimited user licenses for client machines. Click the Install button to initiate the download and installation process (Figure A).
- Once it's installed, launch Remote Desktop.app from the Applications folder.
- Upon first launch, ARD will require that you set an administrator password. This will be used to safeguard access to the application and to configure the client machines. Enter the password and password verification, then click the Continue button to proceed (Figure B).
- Though selecting a Task Server is optional, this is highly recommended for larger-sized enterprise environments. The Task Server serves as a way to monitor clients and as a station that will execute tasks as nodes become available. When commands are executing without the use of a Task Server, they will timeout after a period of inactivity, requiring the command to be re-run on the computers that did not process the task. If choosing to designate a Task Server, it is a best practice to use a computer running OS X Server and have a static IP assigned. Enter the IP address in the text box, then click the continue button (Figure C).
- The final screen in the installation process is the Report Collection settings. These determine what information ARD will query and subsequently report back to the administrator. By default, all choices are selected. Feel free to uncheck any choices, and then click the Done button to complete the process and save your settings. The settings can be modified at any time by opening the Remote Desktop menu and selecting Preferences, then clicking the Reporting tab (Figure D).
By completing these steps, ARD has been installed and initially setup. However, before being able to communicate with OS X client computers, the computers you wish to administer must be configured since, by default, OS X ships with these features disabled.
II. Configuring OS X for use with ARD
Follow these steps to configure OS X client computers to communicate with ARD.
- Logon to an OS X client computer with administrative credentials.
- Launch the System Preferences.app from the Applications folder.
- Click on the Sharing preference (Figure E).
- Click on the Remote Management service, and then select the radio button next to Only these users.
- Click the plus sign [+] to add only the user accounts and/or groups you wish to grant management access to this computer (Figure F).
- Next, click the Select button to make your choice (Figure G).
- You'll be prompted to select the types of access the user selected in step #4 will be granted. By default, no selections are checked. Check the box next to each right you wish to grant the user or group — or press and hold the Option key while clicking the first checkbox to automatically select all the check boxes. The selections may be modified at a later time by clicking the Options... button in the Sharing preferences. Click the OK button to commit the changes (Figure H).
- Lastly, check the box next to Remote Management to turn the service on. The green dot indicates the service is running (Figure I).
- As an optional step, clicking the Computer Settings... button allows the administrator to tweak a few more settings. Checking the box next to Show Remote Management status in menu bar (Figure J) will display a menu bar icon in the shape of binoculars (Figure K) which provides visual confirmation that a node is being remotely managed, for example. Additional settings allow for customized info boxes to be setup that will display on System Overview Reports.
Now that ARD is installed and configured on the console station, and OS X clients are configured for remote management, system admins are now ready to remotely administer a host of tasks on client nodes.
Since the requirements for ARD are rather lax, here some additional considerations for running it smoothly:
- Install ARD on OS X Server with extra RAM and a wired Ethernet connection. By default, the theoretical connection limit on OS X Server is 1,024 concurrent connections. This can be modified to scale up or down as needed. However, as connections increase, system resources decrease.
- Enable a Task Server, also running on OS X Server with extra RAM and a wired Ethernet connection. Similar to the console system above, offsetting tasks to a Task Server will better balance the load of deployments as they are executed and processed.
- Always test settings to a small batch of client computers before deploying en masse. Similar to testing out patches prior to system-wide deployment, it only takes one incorrect task to render a system unstable or eradicate the network bandwidth, bringing productivity to a screeching halt.
- Implement an OS X Server with Open Directory, DHCP, and Caching services. Again, while optional, the benefit to larger enterprises will be evident, as computers accessing the LAN will dynamically be assigned IP addresses and communicate with ARD and the Task Server. Furthermore, Caching services will cache all software and system updates for the network, reducing the network overhead significantly when processing tasks for software updates. Lastly, tie everything together with Open Directory as a means to authenticate user accounts and manage security groups for distributed administrative access when using ARD.
Do you use Apple Remote Desktop to help manage your network of Apple computers? Share your experience with ARD in the discussion thread below.
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 15 years of experience and multiple certifications from several vendors, including Apple and CompTIA.